Browse through the questions and answers listed below or filter and sort to narrow down your results.
In workspace, to maintain the timezone as UTC across all workspaces. I created the GPO settings, suggested by the aws. but the gpo rule is applying on few workspaces but it is not working on others
to maintain the desired timezone as UTC across all workspaces. i created the gpo settings suggested by the aws (https://docs.aws.amazon.com/workspaces/latest/adminguide/group_policy.html). but the group policy is working for few workspaces. whereas, for few workspaces its not working. Any suggestions?
Changing Primary Region in Directory Service for AWS Managed Microsoft AD Enterprise
I have a multi region AWS Managed Microsoft AD Enterprise directory set up in Directory Service. The primary region is us-east-1 and the secondary region is us-west-2. I need to downgrade from Enterprise to Standard (separate topic) but before I do so, I need to change the Primary Region from us-east-1 to us-west-2. I don't see any way to do this in the documentation or in the management console. Is it possible to change the Primary Region in Managed AD Enterprise? If so, how? Thanks!
Clone a WS to Another Region
We have members that use multiple workspaces in N.Virginia (us-east-1) region. The base configuration includes Simple AD. Initially, workspaces were created in this region, yet staff can be working from other regions. This leads to performance/lag problems. I'd like to clone workspaces to other regions (both preserving the installed apps and user profile on D drive). I've followed the best practices to create an image. Image Checker did not report any problems. Then I used this image, and copied it to another region (Let's say eu-west-1). I created a new bundle with the image. So far no errors. Then, attempting to launch a new WS by using the bundle, I am prompted to create a new directory. If I create a new directory, I'm required to create a new user. (Because directories are different original user is not listed in Show All Users section). Upon launching the new WS using the settings above, indeed I see an emtpy/fresh Workspace with both installed apps lost and user profile does not retain changes in the image. Based on the info above, what could be wrong? Do I need to switch to Active Directory setup? Do we have to use external tools to make a true clone? Please kindly share your knowledge. Thank you for reading. If needed I can provide additional information.
joining an ec2 instance to a customers network/domain
Hi! I built a web app on an EC2 windows instance & want to put it on my clients domain. Once the server is on the domain, the users only have to go to the server name in their browser & the app renders. I haven't worked with AWS networking & want to know if I should I use Resolver, Amazon Active Directory, or AD Connector? Preferably quick & easy. I only need to join one ec2 windows instance to my clients network. Thanks in advance!
Unable to delete Directory Service AD Connector
This is connector is in an Inoperable state. When attempting to delete it, I get the following error: Cannot delete the directory because it still has authorized applications. Any attempt to remove the AWS Console application fails. I see that others have had similar issues and it requires technical support to resolve. Is that still the case? Thanks, John
Workspaces MFA setup problem
I am trying to configure Workspaces to use MFA. I have tried setting up MFA in the AD Connector area and then tried in the Workspaces Directory area (not at the same time). In both cases it goes from Creating to Failed. On the MFA server we see a request from our expected AWS external IP with user awsfaketestuser during the MFA creation. The security group used by AD connector has 1812 TCP/UDP allowed inbound and outbound is using a NAT gateway. As we see the request from AWS on our RADIUS server, we don't suspect a network problem. We have also tried creating a user on the RADIUS host called awsfaketestuser and setting it to disabled. I'm not sure how to get more information about the error or how to fix the problem.
AWS Service Catalog. Grant SSO Users to the Portfolio
Hi There! I have successfully created a Service Catalog with related Portfolio and Products when my users were IAM users. I am have issues adding the SSO (sync'd with AD) users to the Portfolio though. When following this step: https://docs.aws.amazon.com/servicecatalog/latest/adminguide/getstarted-deploy.html. It's not clear how I can add an SSO group instead of an IAM group. ASK: Is it possible to add an SSO user to the Service Catalog Portfolio? If so how? Many thanks in advance!
Error 522 Connection Timed Out
My website is not responding since last 10 days, it's showing Error 522 connection timed out. I have already done all the basic steps which are required to prevent this errors such as clear cookies, used different browsers etc but still it's didn't work. Please help me to fix this issue. Website: machcart.com
AWS Managed AD ADFS user sign-on URL is not accessible outside of ADFS server.
We have setup a test ADFS on a Windows Server 2019 EC2 in our AWS Managed Active Directory. We have enabled the ADFS sign-on page (example URL: https://sts.contoso.com/adfs/ls/idpinitiatedsignon.aspx). ADFS is successful for signing in with our AD credentials, and for accessing our AWS Console when tested from our ADFS server. The issue is that this URL is only opening when directly logged into the ADFS Windows Server. This sign-on URL is not available from another Windows 2019 EC2 test server that is within the same VPC and subnet. All Security Group ports, and Windows Firewalls are temporarily off on both EC2s. The servers can ping each other and using Nmap it displays all the open ports on the ADFS server. Route 53 has a hosted zone for this AWS Managed domain name, and both the ADFS server and test Windows 2019 server have DNS entries for them. We need to test accessing the ADFS sign-on from outside of the ADFS server. Is there another ADFS URL that is for this purpose or another ADFS configuration that is missing? Both links below were used for setting up ADFS on AWS Managed AD https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/ https://aws.amazon.com/blogs/security/enabling-federation-to-aws-using-windows-active-directory-adfs-and-saml-2-0/ Thank you.