By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I connect to my WorkSpace Personal with RDP?

3 minute read
1

I can't connect to my WorkSpace Personal from the Amazon WorkSpaces client. I want to use a Remote Desktop Protocol (RDP) client to troubleshoot this issue.

Short description

Typically, you use the Amazon WorkSpaces client to connect to your WorkSpace. However, you might need to connect to a WorkSpace and then use an RDP client to troubleshoot. To allow for this connection, update the WorkSpaces security group settings to allow RDP connections from the IP address of your RDP client machine.

Note: It's a best practice to use only an RDP client to connect to a WorkSpace for troubleshooting purposes. After you finish troubleshooting, remove the RDP inbound rule that you added.

Resolution

To connect to the WorkSpace with RDP, complete the following steps:

Important: When you enter the IP addresses to connect to the WorkSpace, don't enter 0.0.0.0/0 or allow IP addresses that don't need access. If you use 0.0.0.0/0, then all IPv4 addresses can use RDP to access your instance. If you use ::/0, the all IPv6 addresses can access your instance. Authorize only a specific IP address or range of IP addresses that can access your instance.

  1. Open the Amazon WorkSpaces console, and then choose WorkSpaces in the navigation pane. Then, choose Personal.
  2. Select the WorkSpace. Note the IP address under WorkSpace IP.
  3. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  4. In the navigation pane, under Network & Security, choose Network Interfaces.
  5. In the search box, enter the IP address. Select the network interface associated with the IP address. Note the IP address in the Public IPv4 address column (if any).
  6. Choose the hyperlink in the Security groups column.
  7. Choose the Inbound rules tab, and then choose Edit inbound rules.
  8. Choose Add Rule, and then create a rule with the following attributes:
    Type: RDP
    Protocol: TCP
    Port Range: 3389
    Source: Enter the IP addresses that you use to connect to the WorkSpace. To connect to a WorkSpace with a public IP address from outside AWS, check the public IP address and then enter it. If you want to connect from an EC2 instance, then provide its private IP address. For WorkSpaces launched on a public subnet without internet access turned on in the Directory, use the WorkSpace private IP address to connect. For more information, see How do I associate an Elastic IP address with a WorkSpace?
    Important: For the IP address, be as granular as possible. Don't enter 0.0.0.0/0 or allow IP addresses that don't need access.
  9. Choose Save rules.

Use the RDP from the IP addresses that you specified to connect to the WorkSpace. Complete the following steps:

  1. Open Remote Desktop Connection.
  2. For Computer, enter the WorkSpace IP address. If the WorkSpace has a public or Elastic IP address and your computer isn't inside AWS, then enter the public or Elastic IP address. If you want to connect from an EC2 instance, enter the WorkSpace private IP address. Then, choose Connect.
  3. For Enter your credentials, use any Active Directory user credentials that is a member of the Remote Desktop Users group in Active Directory. Then, choose Ok.

Note: The user credentials must be in the following format: domain_name\username."

Related information

One of my WorkSpaces has a state of UNHEALTHY

Topics
End User ComputingCompute
Tags
Amazon WorkSpacesWindowsLinux
Language
English

Related videos

Watch Vishal’s video to learn more (4:39)
Watch Vishal’s video to learn more (4:39)
AWS OFFICIAL
AWS OFFICIALUpdated 5 months ago
3 Comments

What if you don't have the user credentials though? For example a scenario where a Workspace Admin needs to RDP into a users Workspace (Windows) and so doesn't know the Workspaces user password?

Daniel Grayburn
replied 6 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
AWS Official
replied 6 months ago

You can use any credentials that Windows accepts. This means that you don't necessarily need to use the WorkSpaces user credentials. Any Active Directory user that is part of the Remote Desktop Users group will work. If you have a local administrator account, that will work as well.

Depending on your company policies, you can also reset the user's password in Active Directory as a last resort, while notifying your user

AWS
SUPPORT ENGINEER
Francisco_L
replied 5 months ago

Relevant content