AMS Windows 2012 server...failed to authenticate with service

0

Service successfully installed on source. "How to solve this?" does not appear to have anything relevant on this particular error. Why am I getting this error in AWS and how do I solve it?

Enter image description here

jake
asked 2 years ago1326 views
3 Answers
1

We had this same problem - Data replication stalled: Failed to authenticate with Service.

In our case the problem was that the Replication Server was unable to access the management service from the custom Subnet we had created for the migration.

Apart from the authentication failure error message, we also noticed that Replication EC2 instances were being created, then terminated after about 10 minutes of inactivity.

To diagnose this we created a new EC2 instance and edited the Network settings to use the same VPC and Subnet as used by the Replication Server. From an SSH terminal we were able to confirm that the instance could not reach the management API when running the following command

curl https://mgn.{region}.amazonaws.com/

On the Replication VPC this command would timeout, but on servers in a different VPC this command would return a response immediately.

In our case the problem was that we had modified the Network ACL rules to restrict traffic inbound, and response traffic from the outbound http request was being blocked (as Network ACLs are stateless).

To fix it we needed to add a Network ACL allowing all Inbound TCP traffic on the ephemeral ports 32768 - 65535.

Joe
answered 2 years ago
0

Hello,

From the information provided, I am able to determine that this could be an issue with the Service Linked role not created with the right permissions. Application Migration Service uses AWS Identity and Access Management (IAM) service-linked roles. A service-linked role is a unique type of IAM role that is linked directly to Application Migration Service. Service-linked roles are predefined by Application Migration Service and include all the permissions that the service requires to call other AWS services on your behalf.

A service-linked role makes setting up Application Migration Service easier because you don’t have to manually add the necessary permissions. Application Migration Service defines the permissions of its service-linked roles, and unless defined otherwise, only Application Migration Service can assume its roles. The defined permissions include the trust policy and the permissions policy, and that permissions policy cannot be attached to any other IAM entity.

Link- https://docs.aws.amazon.com/mgn/latest/ug/using-service-linked-roles.html

profile pictureAWS
SUPPORT ENGINEER
answered 2 years ago
  • Thank you for the prompt reply. Sorry to say that I'm not really sure where this was supposed to lead. I deleted the server from AMS, uninstalled/deleted from my source machine, and deleted the IAM user. I then tried it all again, letting AMS recreate the user. I then went to the AMS settings and 'reinitialized' the permissions. Got a little further, but this issue is at least resolved.

    Still no idea why it happened or what the error even meant.

0

I am having the same issue, trying to migrate on-prem windows 2016 and this syncing won't start I see EC2 instance started and intializing, then it shuts-down and gets terminated. I get this error "Data replication stalled. Failed to authenticate with service" I deleted the source server, I created new account for migration, and I tried to use global admin, I tried public vs private ip, nothing is passing this error, logs are not really helpful unless I am missing specific log that can help? When I add a server in AMS, I am able to download the installer and use the powershell command-line on the source server it runs with no errors and it completes installing the AWS replication agent. I tried deleting the server from AMS and creating again with no luck.

Enter image description here Enter image description here Enter image description here

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions