AMS Windows 2012 server...failed to authenticate with service


Service successfully installed on source. "How to solve this?" does not appear to have anything relevant on this particular error. Why am I getting this error in AWS and how do I solve it?

Enter image description here

asked 4 months ago241 views
2 Answers


From the information provided, I am able to determine that this could be an issue with the Service Linked role not created with the right permissions. Application Migration Service uses AWS Identity and Access Management (IAM) service-linked roles. A service-linked role is a unique type of IAM role that is linked directly to Application Migration Service. Service-linked roles are predefined by Application Migration Service and include all the permissions that the service requires to call other AWS services on your behalf.

A service-linked role makes setting up Application Migration Service easier because you don’t have to manually add the necessary permissions. Application Migration Service defines the permissions of its service-linked roles, and unless defined otherwise, only Application Migration Service can assume its roles. The defined permissions include the trust policy and the permissions policy, and that permissions policy cannot be attached to any other IAM entity.


profile picture
answered 4 months ago
  • Thank you for the prompt reply. Sorry to say that I'm not really sure where this was supposed to lead. I deleted the server from AMS, uninstalled/deleted from my source machine, and deleted the IAM user. I then tried it all again, letting AMS recreate the user. I then went to the AMS settings and 'reinitialized' the permissions. Got a little further, but this issue is at least resolved.

    Still no idea why it happened or what the error even meant.


We had this same problem - Data replication stalled: Failed to authenticate with Service.

In our case the problem was that the Replication Server was unable to access the management service from the custom Subnet we had created for the migration.

Apart from the authentication failure error message, we also noticed that Replication EC2 instances were being created, then terminated after about 10 minutes of inactivity.

To diagnose this we created a new EC2 instance and edited the Network settings to use the same VPC and Subnet as used by the Replication Server. From an SSH terminal we were able to confirm that the instance could not reach the management API when running the following command

curl https://mgn.{region}

On the Replication VPC this command would timeout, but on servers in a different VPC this command would return a response immediately.

In our case the problem was that we had modified the Network ACL rules to restrict traffic inbound, and response traffic from the outbound http request was being blocked (as Network ACLs are stateless).

To fix it we needed to add a Network ACL allowing all Inbound TCP traffic on the ephemeral ports 32768 - 65535.

answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions