By using AWS re:Post, you agree to the Terms of Use

In App Stream 2.0 Getting error An unknown error occurred (1355).

0

Hi,

I am trying to setup the ADFS with App Stream 2.0 with SAML Authentication, and have done all the steps for the needful (Referred from : https://aws.amazon.com/blogs/compute/enabling-identity-federation-with-ad-fs-3-0-and-amazon-appstream-2-0/ ) , but after login to App Stream relay state URL screen, system gives an error: "An unknown error occurred (1355)." As per my research its indicating some DNS issue. When we have checked my system ip configs, its displaying something like this :

Windows IP Configuration ( Host Name : EC2AMAZ-NMGRP10 [this is my server system name], Primary Dns Suffix : example.local.

Ethernet adapter Ethernet : Connection-specific DNS Suffix : sarvajeevan.com DNS Servers : ::1 127.0.0.1

Username for App Stream is : xyz@example.local

As per my understanding, our Active directory domain name is sarvajeevan.com, but internal federation domain is example.local.

Please help us to understand, we are doing something wrong or something needs to fix manually from Route 53 or something else ?

Thanks

1 Answer
0

I understand that your AppStream fleet is domain joined to sarvajeevan.com

This issue seems to be related to Windows user login issue that happens in AppStream in different scenarios and mentioned error code "1355" basically means "ERROR_NO_SUCH_DOMAIN". Please refer following Microsoft documentations.

— System Error Codes (1300-1699): https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--1300-1699-

https://answers.microsoft.com/en-us/windows/forum/windows_xp-security/system-error-1355-errornosuchdomain/e102d0f4-499b-433c-a1bc-2ea3c0a32ca1

To isolate the DNS issue, could you please verify the DHCP Option set for your VPC and ensure that it is configured correctly. Additionally, could you launch an EC2 instance in the same subnet and try to domain join and check if the issue is observed there as well.

AppStream 2.0 requires that the SAML_Subject NameID value for the user who is logging in be provided in either of the following formats:

Kindly ensure that the above settings are configured correctly and test the authentication once again. In such case, it would be beneficial to have a look at the HAR logs and check the SAML response.

I would encourage you to kindly open a support case, so that we can troubleshoot it further.

SUPPORT ENGINEER
answered 24 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions