Why do I get the error "Your network config conflicts with the Amazon WorkSpaces management network" when I try to register my directory for Amazon WorkSpaces?

Short description

WorkSpaces selects the IP address for the management network interface from various address ranges. The selection depends on the Region where the WorkSpaces are created in. When you register a directory, WorkSpaces must determine if the address ranges create a conflict.

To do so, WorkSpaces tests the virtual private cloud (VPC) Classless Inter-Domain Routing (CIDR) and the route tables in your VPC. If a conflict is found in all available address ranges in the Region, then you receive an error message and the directory isn’t registered.

Resolution

To resolve the conflict, complete the following steps:

1. Identify the IP address ranges used for the management network interface in your Region.
2. Review the route table associated with the directory and corresponding subnets where the directory will be registered for WorkSpaces. Directory registration can fail if the routes for management interface IP ranges are in a route table of the same subnet.
3. Remove any conflicting IP address ranges from the route table, and then try to register the directory again.

Note: If you change the route tables in your VPC after the directory is registered, then you might get another conflict.

If you can't remove the route to your on-premises network, then try to launch WorkSpaces in a different Region. To identify a Region that doesn't conflict with your on-premises network and that is closest for the end users, review the Management Interface IP Ranges.

Visit the Connection Health Check from the Region that your end users can connect to the WorkSpaces from. This action can help you identify the best Region to launch WorkSpaces in.