End User Computing

Is there is any way to schedule the managed imaged updates in appstream rater than doing it manually every single time.

currently, Appstream is running with Windows Server 2012 R2 image. We all know, that the Windows Server 2012 R2 is in End of Life. should we consider to migrate the image from windows Server 2012 R2 to newer versions like Windows Server 2016 or Windows Server 2019.

we have multiple AWS accounts (OU). we need to know how to get to know in what are all the accounts the appstream was created and currently in running state.

We would like to use a service account in AWS AppStream, and we would not like to synchronize the users from our custom homegrown user management solution to AppStream. Is there a way to use AppStream with a service account, so that every app stream instance shall be unique with a different session. Any suggestion/direction on the same is appreciated

How to keep update the microsoft patching updates in the Appstream. For Workspace, we can patch it using the SSM. For Beanstalk, we can patch it using the Managed updates feature. Likewise, how to Patch the Appstream

We have setup an identity provider to use Azure AD to authenticate users that access an AppSteam stack. This is a new build. I used the link below to do the set up. Everything seems to be working from the authentication side as I can get logged in (can see the user logged if I'm logged into the console and then it refreshes when not using in private browser window). However, when it redirects to the AWS Appstream page, I'm getting Error: Bad Request.(Error Code: INVALID_RELAY_STATE);Status Code:400. This suggests a malformed relay state URL, but I have verified that it appears to be the correct syntax (variables and stack name case-sensitive). The SAML response appears to be clean using the browser code analysis tools and the SAML decoder. The only thing that seems odd is that cookie analysis from the browser reports the credentials are expired (there are several errors in the capture i.e. Cookie "aws-creds" has been rejected because it is already expired). The 400 response header shows the statement "expires:Tue, 03 Jul 2001..." which is bizarre. Any help would be greatly appreciated. https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-federation-with-azure-ad-single-sign-on-and-amazon-appstream-2-0/

Unable to run batch file command(CertUtil.exe) as normal user in fleet image. While running batch file command, we get an access denied error. We also tried to run as "Administrator", but it just prompts Admin password. Any comment/suggestion on running batch file command with Administrator privileges?

We have an windows desktop application which has a certificate with private keys. This desktop application we have created the appstream image, and we would like to launch it from browser. But when we create the snapshot image, the private keys are getting lost while generating stream Url for a user. Any suggestion/direction on importing the certificate private keys is what we are looking for.

I need to run an earlier version of Visio in my AppStream. https://support.microsoft.com/en-us/topic/how-to-revert-to-an-earlier-version-of-office-2bd5c457-a917-d57e-35a1-f709e3dda841 Tells how to do this and I have successfully done it on my local system. When I attempt in ImageBuilder, it pretends to work but doesn't. Is there a way to do this?

A recent appstream update appears to be causing issues on some machines. Specifically when attempting to launch on some machines it never opens. Upon reviewing Windows event logs it shows: Fault bucket 1612169176490401806, type 5 Event Name: CLR20r3 Response: Not available Cab Id: 0 Problem signature: P1: appstreamclient.exe P2: 1.1.414.0 P3: 6261ce2a P4: mscorlib P5: 4.8.4400.0 P6: 60b90614 P7: 426e P8: 12 P9: System.IO.FileNotFoundException and Application: appstreamclient.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at CefSharp.CefSettingsBase..ctor() at AppStream.Cef.InitializationUtils.InitializeCefSharp() at ViewerApp.App..ctor() at ViewerApp.App.Main() Does anyone know where I can obtain older versions of the Appstream client until they work out this bug? Perhaps 1.0.407 or 1.0.375?

I am trying to configure Workspaces to use MFA. I have tried setting up MFA in the AD Connector area and then tried in the Workspaces Directory area (not at the same time). In both cases it goes from Creating to Failed. On the MFA server we see a request from our expected AWS external IP with user awsfaketestuser during the MFA creation. The security group used by AD connector has 1812 TCP/UDP allowed inbound and outbound is using a NAT gateway. As we see the request from AWS on our RADIUS server, we don't suspect a network problem. We have also tried creating a user on the RADIUS host called awsfaketestuser and setting it to disabled. I'm not sure how to get more information about the error or how to fix the problem.

I've had a workspace I've used for the better part of 5 years, and over time I've noticed the disk performance deteriorating to the point of being unusable. For example, I have a piece of software that starts up in 10s under normal disk performance, but has drifted out towards 2,000s because of disk performance being so slow! I'm using the Power Pro bundle AWS Workspace 2.3 GHZ 16GB Windows 10 VM with a 1TB encrypted user volume. When the workspace was new the disk performance was good roughly being comparable to my desktop. However, as time has gone on it has slowly degraded the point of of being unusable. My drives are currently 9% and 7% fragmented, but even after optimizing them it doesn't dramatically change the performance of the disks. I experience more frequent lockups where the client just freezes and doesn't repaint, but if I check my network connection it's sub 10ms which leads me to believe the disk is holding up the OS and the Amazon Workspace client is waiting on it to respond. What can be done to restore the performance back to what I had in the beginning?

Web Access AWS Workspaces Failing - ERR_SIG_TIMEOUT. Error An error occurred while connecting to your WorkSpace. If the problem persists please contact your WorkSpaces administrator. ERR_SIG_TIMEOUT I have no issues with the client, only with the web access option.

Is it possible to have different login URLs for different IAM users or for different stacks of the same root account? e.g. user IAM 1 -> linkA userIAM2 -> linkB or Stack1 -> linkA Stack2 ->linkB what I need is: to deploy an application with different settings for different end-users, if possible with different login links. Then give the user a chance to see their stack and fleet belong. Do you have any suggestions on how to do that? Thanks in advance.

Since the setup of the account a few months ago we have had the "An Error Has Occurred ... Contact Support etc..." error on the top of our AWS Dashboard whenever we go into Workspaces. Everything seems to work fine but we can never get this out of the way, i can close it but every time we log in the issue is there, i am not able to see any logs with errors or anything. We would appreciate your assistance on this issue.

I have been attempting to add Mult-Factor Authentication to my workspaces account for my user base. I have configured the radius server using Free Radius from this post here: https://aws.amazon.com/blogs/desktop-and-application-streaming/integrating-freeradius-mfa-with-amazon-workspaces/ and all goes according to plan. I have the FreeRadius server using LinOTP running. The problem is in the very last step, when I go to enable MFA in workspace , I put in the information and it just says "failed". Specifically, Step 6: Enable MFA on your AWS Directory Communication between the AWS Managed Microsoft AD RADIUS client and your RADIUS server require you to configure AWS security groups that enable communication over port 1812. Edit your Virtual Private Cloud (VPC) security groups to enable communications over port 1812 between your AWS Directory Service IP end points and your RADIUS MFA server. Navigate to your Directory Service console Click the Directory you want to enable MFA on. Select Network & Security tab, scroll down to Multi-factor authentication, click Actions and Enable. In Enable multi-factor authentication (MFA) configure MFA settings: Display label: Example RADIUS server IP address(es): Private IP of the Amazon Linux 2 instance Port: 1812 Shared secret code: the one set in /etc/raddb/clients.conf Confirm shared secret code: as preceding Protocol: PAP Server timeout (in seconds): 30 Max retries: 3 This operation can take between 5-10mins to complete. Once the Radius status is “completed” you can test MFA authentication from the WorkSpace client. I really have two questions: 1. How do I do this part? Edit your Virtual Private Cloud (VPC) security groups to enable communications over port 1812 between your AWS Directory Service IP end points and your RADIUS MFA server. Maybe I'm not setting up the endpoints correctly ? Do I go to the VPC and add endpoints there? CAn you pleae be specific. 2. How do I get more information from just the "failed" in red --- how do I access the creation logs? Thanks in advance, Jon

On the Workspaces Web portal config I've enabled file transfer permissions for upload/download and would like to share the attached user storage space wider - can't find the s3 bucket? If it's ephemeral, is there anyway to make it an s3 location?

Normally, I know where to find the organization and also my workmail users... However, when I enter to the organization section, I do not have any organization created or on the workmail users any workmail users... This is weird, because our emails that are set up and host in AWS, are working properly... Does someone know what can be happening with my account??