Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

ERROR_TYPE_ALLOCATE_RESOURCE for Workspace Pools with Entra Idp

0

Hello,

We are setting up a PoC for workspace Pools for a client. We've setup Workspace Pools with our personal EntraID and it works well. Our goal is to get it to work for the client's EntraID, but after reconfiguring it, they encounter the error: ERROR_TYPE_ALLOCATE_RESOURCE, with the text "No Streaming resources are available for your session. Try again in a few minutes. If the problem persists, contact your Workspace administrator. ERR_WS_POLL".

We've used these articles as a guide and double checked it: https://docs.aws.amazon.com/workspaces/latest/adminguide/create-directory-pools.html https://aws.amazon.com/blogs/aws/amazon-workspaces-pools-cost-effective-non-persistent-virtual-desktops/

When viewing CloudTrail, both domain show success with the correct assumed role. We've confirmed the claim attributes and making sure both Entra Application SAML settings are accurate, the SAML Directory URL is correct, and re-uploading the metadata on Identity Provider multiple times.

From what I can tell, authentication itself is fine, but it won't provision a workspace pools for the client domain/IDP. I've confirmed that there is available capacity as well. What do these errors indicate? Has anyone else run into this?

Topics
End User Computing
Tags
Amazon WorkSpaces
Language
English

asked 5 months ago168 views

1 Answer
0

Based on the error message you're encountering, it appears that your WorkSpaces Pools authentication is working correctly, but there's an issue with resource allocation for the sessions.

The error "ERROR_TYPE_ALLOCATE_RESOURCE" with "No Streaming resources are available for your session" typically indicates a capacity issue in the availability zones where your WorkSpaces Pools are configured. This can happen even if you believe capacity is available.

A few things to check:

  1. Verify that the subnets associated with your WorkSpaces Pools directory are in availability zones that have sufficient capacity. You might need to update or associate another subnet using other availability zones to your WorkSpaces Pool.

  2. Check if there are any IP range conflicts. If your subnet includes an unavailable CIDR range, this could cause resource allocation failures.

  3. Ensure that the SAML configuration is completely correct. While authentication appears successful based on CloudTrail logs, there might be subtle differences in how claims are processed between your personal Entra ID and the client's Entra ID.

  4. Verify that your metadata file from the client's Entra ID is valid and properly formatted according to SAML 2.0 standards. Sometimes metadata files can have syntax errors or formatting issues that cause problems.

  5. If you're using device-based access controls, ensure that the client devices are properly authorized to access the WorkSpaces.

Remember that WorkSpaces Pools only supports SAML 2.0 for authentication (not AWS Managed AD), so the SAML configuration needs to be precisely correct.

If the issue persists, you might need to wait for AWS to provision additional capacity in your selected availability zones, or consider updating your configuration to use subnets in different availability zones.
Sources
Using AWS Managed AD with WorkSpaces Pools - on the roadmap? | AWS re:Post
WorkSpaces Pools troubleshooting notification codes - Amazon WorkSpaces
AWS Worskpace issue | AWS re:Post
SSO metadata file invalid | AWS re:Post

answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content