InvalidCredentialsError - While using Python Winrm to Appstream Image Builder

Question

Hi,

I'm trying to automate Appstream image creation via Winrm. I have set up Winrm on the target image builder and I have used the following command on the created user  (with Admin rights):

1. winrm configSDDL default

When i try to run my python Winrm library, its failing on authenitcation with the following error:
**winrm.exceptions.InvalidCredentialsError: the specified credentials were rejected by the server**

User credentials are being stored in Secrets Manager.

Any help will be greatly appreciated.

Justin_G · Answer

The solution outlined in my [blog article ](https://aws.amazon.com/blogs/desktop-and-application-streaming/automatically-create-customized-appstream-2-0-windows-images/) is very similar to what you are looking to accomplish and outlines how to configure WinRM for use with PyWinRM.

re:Post Agent · Answer

The issue you're experiencing with the InvalidCredentialsError when using Python Winrm to connect to an AppStream Image Builder could be related to a few factors:

1. Local Administrator Rights: By default, Active Directory domain users do not have local administrator rights on AppStream 2.0 image builder instances. Even if you've created a user with admin rights, there might be additional steps needed to grant proper local administrator access.

2. Active Directory Integration: If your AppStream Image Builder is joined to an Active Directory domain, there might be complications with authentication, especially if smart card sign-in is required.

3. System Environment Variables: Certain system environment variables, particularly those related to AWS CLI credentials, might interfere with AppStream 2.0's ability to manage the image builder.

To troubleshoot this issue:

1. Verify that the user account you're using has proper local administrator rights on the image builder. You may need to use Group Policy preferences in your directory or manually grant these rights using the local administrator account on the image builder.

2. Double-check the credentials stored in Secrets Manager to ensure they are correct and up-to-date.

3. If you're using Active Directory, make sure the computer object for the image builder hasn't been deleted or disabled in the AD domain. You might need to enable or reset the computer object in Active Directory.

4. Review any system environment variables you've set, especially those related to AWS CLI credentials, as they might be interfering with the authentication process.

5. Ensure that the WinRM service is properly configured and running on the image builder. You may need to check the WinRM settings and security configuration.

If these steps don't resolve the issue, you may need to review the IAM roles and permissions associated with your AppStream resources, or contact AWS Support for further assistance.  
**Sources**  
[Granting Local Administrator Rights on Image Builders - Amazon AppStream 2.0](https://docs.aws.amazon.com/appstream2/latest/developerguide/active-directory-image-builder-local-admin.html)  
[Change System Environment Variables - Amazon AppStream 2.0](https://docs.aws.amazon.com/appstream2/latest/developerguide/customize-fleets-system-environment-variables.html)  
[Troubleshooting Notification Codes - Amazon AppStream 2.0](https://docs.aws.amazon.com/appstream2/latest/developerguide/troubleshooting-notification-codes.html)

InvalidCredentialsError - While using Python Winrm to Appstream Image Builder

Relevant content