Questions tagged with Amazon AppStream
Content language: English
Sort by most recent
AppSteam: Error: Bad Request.(Error Code: INVALID_RELAY_STATE);Status Code:400
We have setup an identity provider to use Azure AD to authenticate users that access an AppSteam stack. This is a new build. I used the link below to do the set up. Everything seems to be working from the authentication side as I can get logged in (can see the user logged if I'm logged into the console and then it refreshes when not using in private browser window). However, when it redirects to the AWS Appstream page, I'm getting Error: Bad Request.(Error Code: INVALID_RELAY_STATE);Status Code:400. This suggests a malformed relay state URL, but I have verified that it appears to be the correct syntax (variables and stack name case-sensitive). The SAML response appears to be clean using the browser code analysis tools and the SAML decoder. The only thing that seems odd is that cookie analysis from the browser reports the credentials are expired (there are several errors in the capture i.e. Cookie "aws-creds" has been rejected because it is already expired). The 400 response header shows the statement "expires:Tue, 03 Jul 2001..." which is bizarre. Any help would be greatly appreciated. https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-federation-with-azure-ad-single-sign-on-and-amazon-appstream-2-0/
how to run the batch file commands in administrator privilege while launching AppStream image in the Fleet.
Unable to run batch file command(CertUtil.exe) as normal user in fleet image. While running batch file command, we get an access denied error. We also tried to run as "Administrator", but it just prompts Admin password. Any comment/suggestion on running batch file command with Administrator privileges?
Certificate private key is not available in the snapshot image in AppStream
We have an windows desktop application which has a certificate with private keys. This desktop application we have created the appstream image, and we would like to launch it from browser. But when we create the snapshot image, the private keys are getting lost while generating stream Url for a user. Any suggestion/direction on importing the certificate private keys is what we are looking for.
Is there a way to force load earlier versions of Office Apps in AppStream Image Builder
I need to run an earlier version of Visio in my AppStream. https://support.microsoft.com/en-us/topic/how-to-revert-to-an-earlier-version-of-office-2bd5c457-a917-d57e-35a1-f709e3dda841 Tells how to do this and I have successfully done it on my local system. When I attempt in ImageBuilder, it pretends to work but doesn't. Is there a way to do this?
Recent appstream update fails to launch
A recent appstream update appears to be causing issues on some machines. Specifically when attempting to launch on some machines it never opens. Upon reviewing Windows event logs it shows: Fault bucket 1612169176490401806, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: appstreamclient.exe P2: 1.1.414.0 P3: 6261ce2a P4: mscorlib P5: 4.8.4400.0 P6: 60b90614 P7: 426e P8: 12 P9: System.IO.FileNotFoundException and Application: appstreamclient.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at CefSharp.CefSettingsBase..ctor() at AppStream.Cef.InitializationUtils.InitializeCefSharp() at ViewerApp.App..ctor() at ViewerApp.App.Main() Does anyone know where I can obtain older versions of the Appstream client until they work out this bug? Perhaps 1.0.407 or 1.0.375?
Appstream2.0 url login page
Is it possible to have different login URLs for different IAM users or for different stacks of the same root account? e.g. user IAM 1 -> linkA userIAM2 -> linkB or Stack1 -> linkA Stack2 ->linkB what I need is: to deploy an application with different settings for different end-users, if possible with different login links. Then give the user a chance to see their stack and fleet belong. Do you have any suggestions on how to do that? Thanks in advance.
Policy IAM user Appstream2.0
Is it possible to give access only to a certain image, stack, or fleet with IAM policies? Do you have any examples? I tried with a policy but it returns this error: > User: arn:aws:iam::xxxxxxxxx:user/xxxxxxxx is not authorized to perform: appstream:DescribeFleets on resource: arn:aws:appstream:eu-central-1:xxxxxxxxxxx:fleet/* because no boundary policy allows the appstream:DescribeFleets action > My need is: in an AWS account, an IAM user must only see some image/fleet/stack. thanks
Not able to use Image Builder for Graphics-Pro instance type with AppStream 2.0
I have already made request to increase the quota limit for the stream.graphics-pro.8xlarge instance for image builder. I got response from the AWS support executive and got confirmation that quota increase has been approved and I can use the requested instance type for image builder in AppStream. But while using the image builder, I am not getting the option to use the Graphics-Pro instance family. It only shows General purpose and G4 instance family. What am I missing here? Please do the needful.
AppStream AppBlock Does Not Download From S3 On Instance Launch
We have an application in AppStream using an AppBlock with an Elastic Fleet. The application is an executable file hosted in a public S3 bucket (< 1 MB). When the instance launches there is no sign of the EXE having been downloaded to the usual folder (C:\AppStream\<AppBlockName\MyApp.exe). This was working yesterday as of 6:30 PM EDT. We have also tried a similar approach using a VHD (approx. 100MB) instead of an executable file with the same result. Finally we have tried new App Blocks, new Applications, and new Fleets to rule out any potential issues with the existing ones and the result has been the same each time. We are wondering if there is any place where a log file is stored / available to determine why this is failing or if there is an operational issue with AppStream in the ca-central-1 region?
Unable to launch Appstream instances. login attempts fail
We have a number of fleets already set up and those are working fine but one of the newer fleets that I have created has an issue when new users try to launch and log into Appstream instances that belong to the said fleet. The password that is used is correct but they sometimes get an incorrect password error and then it pops up "An unknown error occurred (1909)". The strange part about it all is that I encountered a similar problem when I first launched and logged in to an instance on the fleet. It took about four or five attempts before it worked. Since that successful sign in, I only encounter the above error occasionally but it works most of the time. Unfortunately, the same doesn't seem to be happening for the newer users that have been assigned access to it. So my questions are, why is this happening in the first place and why is it allowing few users that have signed in previously but none of the new users? FYI, we use Okta as our identity provider. Any advice you may be able to provide would be most appreciated. Thanks and regards, Diem
Can AppStream2.0 streaming instances be assigned a predictable MAC Address or ENI?
We would like to deploy software via appstream that requires a license tied to the MAC address. I can see the ENIs in the EC2 page, but those are transient. Is there a way to assign a network interface to each appstream streaming instance that would guarantee a repeatable MAC address, or range or MAC addresses for multiple instances? Thanks!