***
The event that generated the session script log. The event values are: `SessionStart` and `SessionTermination`.
The following example folder structure applies to a streaming session started from the test-stack and test-fleet. The session uses the API of user ID `testuser@mydomain.com`, from an AWS account ID of `123456789012`, and the settings group `test-stack` in the US West (Oregon) Region (`us-west-2`):
```
wspool-logs-us-west-2-1234567890123-abcdefg/test-stack/test-fleet/custom/a0bcb1da11f480d9b5b3e90f91243143eac04cfccfbdc777e740fab628a1cd13/05yd1391-4805-3da6-f498-76f5x6746016/SessionScriptsLogs/SessionStart/
```
This example folder structure contains one log file for a user context session start script, and one log file for a system context session start script, if applicable.
# Monitoring WorkSpaces Pools
Monitoring is an important part of maintaining the reliability, availability, and performance of your WorkSpaces Pools.
**Topics**
+ [WorkSpaces Pools metrics and dimensions](monitoring-with-cloudwatch.md)
# WorkSpaces Pools metrics and dimensions
Amazon WorkSpaces sends the following WorkSpaces Pools metrics and dimension information to Amazon CloudWatch.
WorkSpaces Pools sends metrics to CloudWatch one time every minute. The `AWS/Workspaces` namespace includes the following metrics.
## Pools usage metrics
| Metric | Description |
| --- | --- |
| ActiveUserSessionCapacity | The number of user sessions currently being used for streaming sessions. Units: Count Valid statistics: Average, Minimum, Maximum |
| ActualUserSessionCapacity | The total number of pool sessions that are available for streaming or are currently streaming. ActualUserSessionCapacity = AvailableUserSessionCapacity + ActiveUserSessionCapacity
Units: Count Valid statistics: Average, Minimum, Maximum |
| AvailableUserSessionCapacity | The number of idle pool sessions currently available for user streaming. AvailableUserSessionCapacity = ActualUserSessionCapacity - ActiveUserSessionCapacity
Units: Count Valid statistics: Average, Minimum, Maximum |
| PendingUserSessionCapacity | The number of sessions being provisioned for your pool. Represents the additional number of streaming sessions the pool can support after provisioning is complete. Units: Count Valid statistics: Average, Minimum, Maximum |
| UserSessionsCapacityUtilization | The percentage of sessions in a pool that are being used, using the following formula. UserSessionCapacityUtilization = (ActiveUserSessionCapacity / ActualUserSessionCapacity) * 100
Monitoring this metric helps with decisions about increasing or decreasing the value of a pool's desired capacity. Units: Percent Valid statistics: Average, Minimum, Maximum |
| DesiredUserSessionCapacity | The total number of sessions that are either running or pending. This represents the total number of concurrent streaming sessions your pool can support in a steady state. DesiredUserSessionCapacity = ActualUserSessionCapacity + PendingUserSessionCapacity
Units: Count Valid statistics: Average, Minimum, Maximum |
| InsufficientCapacityError | The number of session requests rejected due to lack of capacity. You can set alarms to use this metric to be notified of users waiting for streaming sessions. Units: Count Valid statistics: Average, Minimum, Maximum, Sum |
# Enable and Administer Persistent Storage for WorkSpaces Pools
WorkSpaces Pools supports home folders for persistent storage. As a WorkSpaces Pools administrator, you must understand how to perform the following tasks to enable and administer persistent storage for your users.
**Topics**
+ [Enable and Administer Home Folders for Your WorkSpaces Pools Users](#home-folders)
## Enable and Administer Home Folders for Your WorkSpaces Pools Users
When you enable home folders for WorkSpaces Pools, users can access a persistent storage folder during their streaming sessions. No further configuration is required for your users to access their home folder. Data stored by users in their home folder is automatically backed up to an Amazon Simple Storage Service bucket in your Amazon Web Services account and is made available to those users in subsequent sessions.
Files and folders are encrypted in transit using Amazon S3's SSL endpoints. Files and folders are encrypted at rest using Amazon S3-managed encryption keys.
Home folders are stored on WorkSpaces in WorkSpaces Pools in the following default locations:
+ For single-session, non-domain-joined Windows WorkSpaces: `C:\Users\PhotonUser\My Files\Home Folder`
+ Domain-joined Windows WorkSpaces: `C:\Users\%username%\My Files\Home Folder`
As an administrator, use the applicable path if you configure your applications to save to the home folder. In some cases, your users may not be able to find their home folder because some applications do not recognize the redirect that displays the home folder as a top-level folder in File Explorer. If this is the case, your users can access their home folder by browsing to the same directory in File Explorer.
**Topics**
+ [Files and Directories Associated with Compute-Intensive Applications](#storage-solutions-files-directories-associated-with-compute-intensive-applications)
+ [Enable Home Folders for Your WorkSpaces Pools Users](#enable-home-folders)
+ [Administer Your Home Folders](#home-folders-admin)
### Files and Directories Associated with Compute-Intensive Applications
During WorkSpaces Pools streaming sessions, saving large files and directories associated with compute-intensive applications to persistent storage can take longer than saving files and directories required for basic productivity applications. For example, it might take longer for applications to save a large amount of data or frequently modify the same files than it would to save files created by applications that perform a single write action. It might also take longer to save many small files.
If your users save files and directories associated with compute-intensive applications and WorkSpaces Pools persistent storage options aren't performing as expected, we recommend that you use a Server Message Block (SMB) solution such as Amazon FSx for Windows File Server or an AWS Storage Gateway file gateway. Following are examples of files and directories associated with compute-intensive applications that are more suitable for use with these SMB solutions:
+ Workspace folders for integrated development environments (IDEs)
+ Local database files
+ Scratch space folders created by graphics simulation applications
For more information, see [File gateways](https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html#file-gateway-concepts) in the *AWS Storage Gateway User Guide*.
### Enable Home Folders for Your WorkSpaces Pools Users
Before enabling home folders, you must do the following:
+ Check that you have the correct AWS Identity and Access Management (IAM) permissions for Amazon S3 actions.
+ Use an image that was created from an AWS base image released on or after May 18, 2017.
+ Enable network connectivity to Amazon S3 from your virtual private cloud (VPC) by configuring internet access or a VPC endpoint for Amazon S3. For more information, see [Networking and Access for WorkSpaces Pools](managing-network.md) and [Using Amazon S3 VPC Endpoints for WorkSpaces Pools Features](managing-network-vpce-iam-policy.md).
You can enable or disable home folders while creating a directory (see [Configure SAML 2.0 and create a WorkSpaces Pools directory](create-directory-pools.md)), or after the directory is created by using the AWS Management Console for WorkSpaces Pools. For each AWS Region, home folders are backed up by an Amazon S3 bucket.
The first time you enable home folders for an WorkSpaces Pools directory in an AWS Region, the service creates an Amazon S3 bucket in your account in that same Region. The same bucket is used to store the content of home folders for all users and all directories in that Region. For more information, see [Amazon S3 Bucket Storage](#home-folders-s3).
**To enable home folders while creating a directory**
+ Follow the steps in [Configure SAML 2.0 and create a WorkSpaces Pools directory](create-directory-pools.md), and make sure that **Enable Home Folders** is selected.
**To enable home folders for an existing directory**
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the left navigation pane, choose **Directories**, and select the directory for which to enable home folders.
1. Below the directories list, choose **Storage** and select **Enable Home Folders**.
1. In the **Enable Home Folders** dialog box, choose **Enable**.
### Administer Your Home Folders
**Topics**
+ [Disable Home Folders](#home-folders-admin-disabling)
+ [Amazon S3 Bucket Storage](#home-folders-s3)
+ [Home Folder Content Synchronization](#home-folders-content-synchronization)
+ [Home Folder Formats](#home-folders-admin-folders)
+ [Additional Resources](#home-folders-admin-additional)
#### Disable Home Folders
You can disable home folders for a directory without losing user content already stored in home folders. Disabling home folders for a directory has the following effects:
+ Users who are connected to active streaming sessions for the directory receive an error message. They are informed that they can no longer store content in their home folder.
+ Home folders do not appear for any new sessions that use the directory with home folders disabled.
+ Disabling home folders for one directory does not disable it for other directories.
+ Even if home folders are disabled for all directories, WorkSpaces Pools does not delete the user content.
To restore access to home folders for the directory, enable home folders again by following the steps described earlier in this topic.
**To disable home folders while creating a directory**
+ Follow the steps in [Configure SAML 2.0 and create a WorkSpaces Pools directory](create-directory-pools.md) and make sure that the **Enable Home Folders** option is cleared.
**To disable home folders for an existing directory**
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the left navigation pane, choose **Directories**, and select the directory for which to enable home folders.
1. Below the directories list, choose **Storage** and clear **Enable Home Folders**.
1. In the **Disable Home Folders** dialog box, type `CONFIRM` (case-sensitive) to confirm your choice, then choose **Disable**.
#### Amazon S3 Bucket Storage
WorkSpaces Pools manages user content stored in home folders by using Amazon S3 buckets created in your account. For every AWS Region, WorkSpaces Pools creates a bucket in your account. All user content generated from streaming sessions of directories in that Region is stored in that bucket. The buckets are fully managed by the service without any input or configuration from an administrator. The buckets are named in a specific format as follows:
```
wspool-home-folder---
```
Where `` is the AWS Region code in which the directory is created and `` is your Amazon Web Services account ID, and *>random-identifier<* is a random identifier number generated by the WorkSpaces service. The first part of the bucket name, `wspool-home-folder-`, does not change across accounts or Regions.
For example, if you enable home folders for directories in the US West (Oregon) Region (us-west-2) on account number 123456789012, the service creates an Amazon S3 bucket in that Region with the name shown. Only an administrator with sufficient permissions can delete this bucket.
```
wspool-home-folder-us-west-2-123456789012
```
As mentioned earlier, disabling home folders for directories does not delete any user content stored in the Amazon S3 bucket. To permanently delete user content, an administrator with adequate access must do so from the Amazon S3 console. WorkSpaces Pools adds a bucket policy that prevents accidental deletion of the bucket.
#### Home Folder Content Synchronization
When home folders are enabled, WorkSpaces Pools creates a unique folder for each user in which to store their content. The folder is created as a unique Amazon S3 prefix that uses a hash of the user name within an S3 bucket for your Amazon Web Services account and Region. After WorkSpaces Pools creates the home folder in Amazon S3, it copies the accessed content in that folder from the S3 bucket to the WorkSpace. This enables the user to access their home folder content quickly, from the WorkSpace in the WorkSpace Pool, during their streaming session. Changes that you make to a user’s home folder content in an S3 bucket and that the user makes to their home folder content on a WorkSpace in the WorkSpace Pool are synchronized between Amazon S3 and WorkSpaces Pools as follows.
1. At the beginning of a user’s WorkSpaces Pools streaming session, WorkSpaces Pools catalogs the home folder files that are stored for that user in the Amazon S3 bucket for your Amazon Web Services account and Region.
1. A user’s home folder content is also stored on the WorkSpace in WorkSpaces Pools from which they stream. When a user accesses their home folder on the WorkSpace, the list of cataloged files is displayed.
1. WorkSpaces Pools downloads a file from the S3 bucket to the WorkSpace only after the user uses a streaming application to open the file during their streaming session.
1. After WorkSpaces Pools downloads the file to the WorkSpace, synchronization occurs after the file is accessed
1. If the user changes the file during their streaming session, WorkSpaces Pools uploads the new version of the file from the WorkSpace to the S3 bucket periodically or at the end of the streaming session. However, the file is not downloaded from the S3 bucket again during the streaming session.
The following sections describe synchronization behavior when you add, replace, or remove a user's home folder file in Amazon S3.
**Topics**
+ [Synchronization of files that you add to a user’s home folder in Amazon S3](#home-folders-content-synchronization-content-added-to-user-home-folder-in-S3)
+ [Synchronization of files that you replace in a user’s home folder in Amazon S3](#home-folders-content-synchronization-content-replaced-in-user-home-folder-S3)
+ [Synchronization of files that you remove from a user’s home folder in Amazon S3](#home-folders-content-synchronization-content-removed-from-user-home-folder-S3)
##### Synchronization of files that you add to a user’s home folder in Amazon S3
If you add a new file to a user’s home folder in an S3 bucket, WorkSpaces Pools catalogs the file and displays it in the list of files in the user’s home folder within a few minutes. However, the file isn’t downloaded from the S3 bucket to the WorkSpace until the user opens the file with an application during their streaming session.
##### Synchronization of files that you replace in a user’s home folder in Amazon S3
If a user opens a file in their home folder on the WorkSpace in the WorkSpace Pool during their streaming session, and you replace the same file in their home folder in an S3 bucket with a new version during that user’s active streaming session, the new version of the file is not immediately downloaded to the WorkSpace. The new version is downloaded from the S3 bucket to the WorkSpace only after the user starts a new streaming session and opens the file again.
##### Synchronization of files that you remove from a user’s home folder in Amazon S3
If a user opens a file in their home folder on the WorkSpace in the WorkSpace Pool during their streaming session, and you remove the file from their home folder in an S3 bucket during that user’s active streaming session, the file is removed from the WorkSpace after the user does either of the following:
+ Opens the home folder again
+ Refreshes the home folder
#### Home Folder Formats
The hierarchy of a user folder depends on how a user launches a streaming session, as described in the following section.
##### SAML 2.0
For sessions created using SAML federation, the user folder structure is as follows:
```
bucket-name/user/federated/user-id-SHA-256-hash/
```
In this case, `user-id-SHA-256-hash` is the folder name created using a lowercase SHA-256 hash hexadecimal string generated from the `NameID` SAML attribute value passed in the SAML federation request. To differentiate users who have the same name but belong to two different domains, send the SAML request with `NameID` in the format `domainname\username`. For more information, see [Configure SAML 2.0 and create a WorkSpaces Pools directory](create-directory-pools.md).
The following example folder structure applies to session access using SAML federation with `NameID` SAMPLEDOMAIN\$1testuser, account ID 123456789012 in the US West (Oregon) Region:
```
wspool-home-folder-us-west-2-123456789012/user/federated/8dd9a642f511609454d344d53cb861a71190e44fed2B8aF9fde0C507012a9901
```
When part or all of the NameID string is capitalized (as the domain name *SAMPLEDOMAIN* is in the example), WorkSpaces Pools generates the hash value based on the capitalization used in the string. Using this example, the hash value for SAMPLEDOMAIN\$1testuser is 8DD9A642F511609454D344D53CB861A71190E44FED2B8AF9FDE0C507012A9901. In the folder for that user, this value is displayed in lowercase, as follows: 8dd9a642f511609454d344d53cb861a71190e44fed2B8aF9fde0C507012a9901.
You can identify the folder for a user by generating the SHA-256 hash value of the `NameID` using websites or open source coding libraries available online.
#### Additional Resources
For more information about managing Amazon S3 buckets and best practices, see the following topics in the *Amazon Simple Storage Service User Guide*:
+ You can provide offline access to user data for your users with Amazon S3 policies. For more information, see [Amazon S3: Allows IAM Users Access to Their S3 Home Directory, Programmatically and In the Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_home-directory-console.html) in the *IAM User Guide*.
+ You can enable file versioning for content stored in Amazon S3 buckets used by WorkSpaces Pools. For more information, see [Using Versioning](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html).
# Enable application settings persistence for your WorkSpaces Pools users
WorkSpaces Pools supports persistent application settings for Windows-based directories. This means that your users' application customizations and Windows settings are automatically saved after each streaming session and applied during the next session. Examples of persistent application settings that your users can configure include, but are not limited to, browser favorites, settings, webpage sessions, application connection profiles, plugins, and UI customizations. These settings are saved to an Amazon Simple Storage Service (Amazon S3) bucket in your account, within the AWS Region in which application settings persistence is enabled. They are available in each WorkSpaces Pools streaming session.
**Note**
Standard Amazon S3 charges may apply to data that is stored in your S3 bucket. For more information, see [Amazon S3 Pricing](https://aws.amazon.com/s3/pricing/).
**Topics**
+ [How application settings persistence works](how-it-works-app-settings-persistence.md)
+ [Enabling application settings persistence](enabling-app-settings-persistence.md)
+ [Administer the VHDs for your users' application settings](administer-app-settings-vhds.md)
# How application settings persistence works
Persistent application settings are saved to a Virtual Hard Disk (VHD) file. This file is created the first time a user streams an application from a directory on which application settings persistence is enabled. If the WorkSpace Pool associated with the directory is based on an image that contains default application and Windows settings, the default settings are used for the user's first streaming session.
When the streaming session ends, the VHD is unmounted and uploaded to an Amazon S3 bucket within your account. The bucket is created when you enable persistent application settings for the first time for a directory in an AWS Region. The bucket is unique to your AWS account and the Region. The VHD is encrypted in transit using Amazon S3 SSL endpoints, and at rest using [AWS Managed CMKs](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
The VHD is mounted to the WorkSpace in both `C:\Users\%username%` and `D:\%username%`. If your WorkSpace is not joined to an Active Directory domain, the Windows user name is PhotonUser. If your WorkSpace is joined to an Active Directory domain, the Windows user name is that of the logged in user.
Application settings persistence does not work across different operating system versions. For example, if you enable application settings persistence for a WorkSpace Pool that uses a Windows Server 2019 image, if you update the WorkSpace Pool to use an image that runs a different operating system (such as Windows Server 2022), settings from previous streaming sessions are not saved for users of the directory. Instead, after you update the WorkSpace Pool to use the new image, when users launch a streaming session from a WorkSpace, a new Windows user profile is created. However, if you apply an update to the same operating system on the image, users' customizations and settings from previous streaming sessions are saved. When updates to the same operating system are applied to an image, the same Windows user profile is used when users launch a streaming session from the WorkSpace.
**Important**
WorkSpaces Pools supports applications that rely on the [Microsoft Data Protection API](https://docs.microsoft.com/en-us/windows/desktop/seccng/cng-dpapi) only when the WorkSpace is joined to a Microsoft Active Directory domain. In cases where a WorkSpace is not joined to an Active Directory domain, the Windows user, PhotonUser, is different on each WorkSpace. Due to the way in which the DPAPI security model works, users' passwords don’t persist for applications that use DPAPI in this scenario. In cases where WorkSpaces are joined to an Active Directory domain and the user is a domain user, the Windows user name is that of the logged in user, and users’ passwords persist for applications that use DPAPI.
WorkSpaces Pools automatically saves all files and folders in this path, except for the following folders:
+ Contacts
+ Desktop
+ Documents
+ Downloads
+ Links
+ Pictures
+ Saved Games
+ Searches
+ Videos
Files and folders created outside of these folders are saved within the VHD and synced to Amazon S3. The default VHD maximum size is 5 GB for Pools. The size of the saved VHD is the total size of the files and folders that it contains. WorkSpaces Pools automatically saves the `HKEY_CURRENT_USER` registry hive for the user. For new users (users whose profiles don't exist in Amazon S3), WorkSpaces Pools creates the initial profile by using the default profile. This profile is created in the following location on the image builder: `C:\users\default`.
**Note**
The entire VHD must be downloaded to the WorkSpace before a streaming session can begin. For this reason, a VHD that contains a large amount of data can delay the start of the streaming session. For more information, see [Best practices for enabling application settings persistence](enabling-app-settings-persistence.md#best-practices-app-settings-persistence).
When you enable application settings persistence, you must specify a settings group. The settings group determines which saved application settings are used for a streaming session from this directory. WorkSpaces Pools creates a new VHD file for the settings group that is stored separately within the S3 bucket in your AWS account. If the settings group is shared between directories, the same application settings are used in each directory. If a directory requires its own application settings, specify a unique settings group for the directory.
# Enabling application settings persistence
**Topics**
+ [Prerequisites for enabling application settings persistence](#prerequisites-app-settings-persistence)
+ [Best practices for enabling application settings persistence](#best-practices-app-settings-persistence)
+ [How to enable application settings persistence](#howto-enable-app-settings-persistence)
## Prerequisites for enabling application settings persistence
To enable application settings persistence, you must first do the following:
+ Use an image that was created from a base image published by AWS on or after December 7, 2017.
+ Enable network connectivity to Amazon S3 from your virtual private cloud (VPC) by configuring internet access or a VPC endpoint for Amazon S3. For more information, see the *Home Folders and VPC Endpoints* section in [Networking and Access for WorkSpaces Pools](managing-network.md).
## Best practices for enabling application settings persistence
To enable application settings persistence without providing internet access to your WorkSpaces, use a VPC endpoint. This endpoint must be in the VPC to which your WorkSpaces in WorkSpaces Pools are connected. You must attach a custom policy to enable WorkSpaces Pools access to the endpoint. For information about how to create the custom policy, see the *Home Folders and VPC Endpoints* section in [Networking and Access for WorkSpaces Pools](managing-network.md). For more information about private Amazon S3 endpoints, see [VPC Endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) and [Endpoints for Amazon S3](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html) in the *Amazon VPC User Guide*.
## How to enable application settings persistence
You can enable or disable application settings persistence while creating a directory or after the directory is created by using the WorkSpaces console. For each AWS Region, persistent application settings are stored in an S3 bucket in your account.
The first time you enable application settings persistence for a directory in an AWS Region, WorkSpaces Pools creates an S3 bucket in your AWS account in the same Region. The same bucket stores the application settings VHD file for all users and all directories in that AWS Region. For more information, see *Amazon S3 Bucket Storage* in [Administer the VHDs for your users' application settings](administer-app-settings-vhds.md).
**To enable application settings persistence while creating a directory**
+ Follow the steps in [Configure SAML 2.0 and create a WorkSpaces Pools directory](create-directory-pools.md), and make sure that **Enable Application Settings Persistence** is selected.
**To enable application settings persistence for an existing directory**
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the left navigation pane, choose **Pools**, and select the pool for which to enable application persistence.
1. Choose **Edit** in the **Settings** section of the page.
1. In the **Application Persistence** section of the page, select **Enable Application settings persistence**.
1. Choose **Save changes**.
New streaming sessions now have application settings persistence enabled.
# Administer the VHDs for your users' application settings
**Topics**
+ [Amazon S3 bucket storage](#app-persistence-s3-buckets)
+ [Reset a user's application settings](#app-persistence-s3-reset)
+ [Enable Amazon S3 object versioning and revert a user's application settings](#app-persistence-enable-versions-revert-settings)
+ [Increase the size of the application settings VHD](#app-persistence-increase-VHD-size)
## Amazon S3 bucket storage
When you enable application settings persistence, your users’ application customizations and Windows settings are automatically saved to a Virtual Hard Disk (VHD) file that is stored in an Amazon S3 bucket created in your AWS account. For every AWS Region, WorkSpaces Pools creates a bucket in your account that is unique to your account and the Region. All application settings configured by your users are stored in the bucket for that Region.
You do not need to perform any configuration tasks to manage these S3 buckets; they are fully managed by the WorkSpaces Pools service. The VHD file that is stored in each bucket is encrypted in transit using Amazon S3's SSL endpoints and at rest using [AWS Managed CMKs](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). The buckets are named in a specific format as follows:
```
wspool-app-settings---
```
***region-code***
This is the AWS Region code in which the directory is created with application settings persistence.
***account-id-without-hyphens***
Your AWS account ID. The random identifier ensures there is no conflict with other buckets in that Region. The first part of the bucket name, `wspool-app-settings`, does not change across accounts or Regions.
For example, if you enable application settings persistence for directories in the US West (Oregon) Region (us-west-2) on account number 123456789012, WorkSpaces Pools creates an Amazon S3 bucket within your account in that Region with the name shown. Only an administrator with sufficient permissions can delete this bucket.
```
wspool-app-settings-us-west-2-1234567890123-abcdefg
```
Disabling application settings persistence does not delete any VHDs stored in the S3 bucket. To permanently delete settings VHDs, you or another administrator with adequate permissions must do so by using the Amazon S3 console or API. WorkSpaces Pools adds a bucket policy that prevents accidental deletion of the bucket.
When application settings persistence is enabled, a unique folder is created for each settings group to store the settings VHD. The hierarchy of the folder in the S3 bucket depends on how the user launches a streaming session, as described in the following section.
The path for the folder where the settings VHD is stored in the S3 bucket in your account uses the following structure:
```
bucket-name/Windows/prefix/settings-group/access-mode/user-id-SHA-256-hash
```
***bucket-name***
The name of the S3 bucket in which users' application settings are stored. The name format is described earlier in this section.
***prefix***
The Windows version-specific prefix. For example, v4 for Windows Server 2012 R2.
***settings-group***
The settings group value. This value is applied to one or more directories that share the same the same application settings.
***access-mode***
The identity method of the user: `custom` for the WorkSpaces Pools API or CLI, `federated` for SAML, and `userpool` for user pool users.
***user-id-SHA-256-hash***
The user-specific folder name. This name is created using a lowercase SHA-256 hash hexadecimal string generated from the user ID.
The following example folder structure applies to a streaming session that is accessed using the API or CLI with a user ID of `testuser@mydomain.com`, an AWS account ID of `123456789012`, and the settings group `test-stack` in the US West (Oregon) Region (us-west-2):
```
wspool-app-settings-us-west-2-1234567890123-abcdefg/Windows/v4/test-stack/custom/a0bcb1da11f480d9b5b3e90f91243143eac04cfccfbdc777e740fab628a1cd13
```
You can identify the folder for a user by generating the lowercase SHA-256 hash value of the user ID using websites or open source coding libraries available online.
## Reset a user's application settings
To reset a user's application settings, you must find and delete the VHD and associated metadata file from the S3 bucket in your AWS account. Make sure that you do not do this during a user's active streaming session. After you delete the user's VHD and the metadata file, the next time the user launches a session from a streaming instance that has application settings persistence enabled, WorkSpaces Pools creates a new settings VHD for that user.
**To reset a user's application settings**
1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the **Bucket name** list, choose the S3 bucket that contains the application settings VHD that you want to reset.
1. Locate the folder that contains the VHD. For more information about how to navigate the S3 bucket folder structure, see *Amazon S3 Bucket Storage* earlier in this topic.
1. In the **Name** list, select the check box next to the VHD and the REG, choose **More**, and then choose **Delete**.
1. In the **Delete objects** dialog box, verify that the VHD and the REG are listed, and then choose **Delete**.
The next time the user streams from a pool on which application settings persistence is enabled with the applicable settings group, a new application settings VHD is created. This VHD is saved to the S3 bucket at the end of the session.
## Enable Amazon S3 object versioning and revert a user's application settings
You can use Amazon S3 object versioning and lifecycle policies to manage your users’ application settings when your users change them. With Amazon S3 object versioning, you can preserve, retrieve, and restore every version of the settings VHD. This enables you to recover from both unintended user actions and application failures. When versioning is enabled, after each streaming session, a new version of the application settings VHD is synced to Amazon S3. The new version does not overwrite the previous version, so if an issue with your users' settings occurs, you can revert to a previous version of the VHD.
**Note**
Each version of the application settings VHD is saved to Amazon S3 as a separate object and is charged accordingly.
Object versioning is not enabled by default in your S3 bucket, so you must explicitly enable it.
**To enable object versioning for your application settings VHD**
1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the **Bucket name **list, choose the S3 bucket that contains the application settings VHD on which to enable object versioning.
1. Choose **Properties**.
1. Choose **Versioning**, **Enable versioning**, and then choose **Save**.
To expire older versions of your application settings VHDs, you can use Amazon S3 lifecycle policies. For information, see [How Do I Create a Lifecycle Policy for an S3 Bucket?](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html) in the *Amazon Simple Storage Service User Guide*.
**To revert a user's application settings VHD**
You can revert to a previous version of a user's application settings VHD by deleting newer versions of the VHD from the applicable S3 bucket. Do not do this when the user has an active streaming session.
1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the **Bucket name** list, choose the S3 bucket that contains the user's application settings VHD version to revert to.
1. Locate and select the folder that contains the VHD. For information about how to navigate the S3 bucket folder structure, see *Amazon S3 Bucket Storage* earlier in this topic.
When you select the folder, the settings VHD and associated metadata file display.
1. To display a list of the VHD and metadata file versions, choose **Show**.
1. Locate the version of the VHD to revert to.
1. In the **Name** list, select the check boxes next to the newer versions of the VHD and associated metadata files, choose **More**, and then choose **Delete**.
1. Verify that the application settings VHD that you want to revert to and the associated metadata file are the newest versions of these files.
The next time the user streams from a pool on which application settings persistence is enabled with the applicable settings group, the reverted version of the user's settings displays.
## Increase the size of the application settings VHD
The default VHD maximum size is 5 GB for Pools. If a user requires additional space for application settings, you can download the applicable application settings VHD to a Windows computer to expand it. Then, replace the current VHD in the S3 bucket with the larger one. Do not do this when the user has an active streaming session.
**Note**
To reduce the physical size of the virtual hard disk (VHD), clear the recycle bin before ending a session. This also reduces upload and download times, and improves the overall user experience.
**To increase the size of the application settings VHD**
**Note**
The full VHD must be downloaded before a user can stream applications. Increasing the size of an application settings VHD can increase the time it takes for users to start application streaming sessions.
1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the **Bucket name** list, choose the S3 bucket that contains the application settings VHD to expand.
1. Locate and select the folder that contains the VHD. For information about how to navigate the S3 bucket folder structure, see [Amazon S3 bucket storage](#app-persistence-s3-buckets) earlier in this topic.
When you select the folder, the settings VHD and associated metadata file display.
1. Download the `Profile.vhdx` file to a directory on your Windows computer. Do not close your browser after the download completes, because you'll use the browser again later to upload the expanded VHD.
1. To use Diskpart to increase the size of the VHD to 7 GB, open the command prompt as an administrator, and type the following commands.
```
diskpart
```
```
select vdisk file="C:\path\to\application\settings\profile.vhdx"
```
```
expand vdisk maximum=7000
```
1. Then, type the following Diskpart commands to find and attach the VHD, and display the list of volumes:
```
elect vdisk file="C:\path\to\application\settings\profile.vhdx"
```
```
attach vdisk
```
```
list volume
```
In the output, make note of the volume number with the label "AwsEucUsers". In the next step, you select this volume so that you can enlarge it.
1. Type the following command in which `` is the number in the list volume output.
```
select volume
```
1. Type the following command:
```
extend
```
1. Type the following commands to confirm that the size of the partition on the VHD increased as expected (7 GB in this example):
```
diskpart
```
```
select vdisk file="C:\path\to\application\settings\profile.vhdx"
```
```
list volume
```
1. Type the following command to detach the VHD so that it can be uploaded:
```
detach vdisk
```
1. Return to your browser with the Amazon S3 console, choose **Upload**, **Add files**, and then select the enlarged VHD.
1. Choose **Upload**.
After the VHD is uploaded, the next time the user streams from a pool on which application settings persistence is enabled with the applicable settings group, the larger application settings VHD is available.
# WorkSpaces Pools troubleshooting notification codes
The following are notification codes and resolution steps for issues with domain join that you might encounter when you set up and use Active Directory with WorkSpaces.
**DOMAIN\$1JOIN\$1ERROR\$1ACCESS\$1DENIED**
**Message**: Access is denied.
**Resolution**: The service account specified in the directory does not have permissions to create the computer object or reuse an existing one. Validate the permissions and start the WorkSpaces pool.
**DOMAIN\$1JOIN\$1ERROR\$1LOGON\$1FAILURE**
**Message**: The username or password is incorrect.
**Resolution**: The service account specified in the directory has an invalid username or password. Update the credentials in the AWS Secrets Manager secret configured in the directory, and start the WorkSpaces pool again.
**DOMAIN\$1JOIN\$1NERR\$1PASSWORD\$1EXPIRED**
**Message**: The password of this user has expired.
**Resolution**: The password for the service account in the AWS Secrets Manager secret has expired. First, stop the WorkSpaces pool. Next, change the password for the secret specified in the WorkSpaces directory. Then, start the WorkSpaces pool.
**DOMAIN\$1JOIN\$1ERROR\$1DS\$1MACHINE\$1ACCOUNT\$1QUOTA\$1EXCEEDED**
**Message**: Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.
**Resolution**: The service account specified on the directory does not have permissions to create the computer object or reuse an existing one. Validate the permissions and start the WorkSpaces pool.
**DOMAIN\$1JOIN\$1ERROR\$1INVALID\$1PARAMETER**
**Message**: A parameter is incorrect. This error is returned if the `LpName` parameter is NULL or the `NameType` parameter is specified as `NetSetupUnknown` or an unknown nametype.
**Resolution**: This error can occur when the distinguished name for the OU is incorrect. Validate the OU and try again. If you continue to encounter this error, contact AWS Support. For more information, see [AWS Support Center](https://console.aws.amazon.com/support/home#/).
**DOMAIN\$1JOIN\$1ERROR\$1MORE\$1DATA**
**Message**: More data is available.
**Resolution**: This error can occur when the distinguished name for the OU is incorrect. Validate the OU and try again. If you continue to encounter this error, contact AWS Support. For more information, see [AWS Support Center](https://console.aws.amazon.com/support/home#/).
**DOMAIN\$1JOIN\$1ERROR\$1NO\$1SUCH\$1DOMAIN**
**Message**: The specified domain either does not exist or could not be contacted.
**Resolution**: The streaming instance was unable to contact your Active Directory domain. To ensure network connectivity, confirm your VPC, subnet, and security group settings.
**DOMAIN\$1JOIN\$1NERR\$1WORKSTATION\$1NOT\$1STARTED**
**Message**: The Workstation service has not been started.
**Resolution**: An error occurred starting the Workstation service. Ensure that the service is enabled in your image. If you continue to encounter this error, contact AWS Support. For more information, see [AWS Support Center](https://console.aws.amazon.com/support/home#/).
**DOMAIN\$1JOIN\$1ERROR\$1NOT\$1SUPPORTED**
**Message**: The request is not supported. This error is returned if a remote computer was specified in the `lpServer` parameter and this call is not supported on the remote computer.
**Resolution**: Contact AWS Support for assistance. For more information, see [AWS Support Center](https://console.aws.amazon.com/support/home#/).
**DOMAIN\$1JOIN\$1ERROR\$1FILE\$1NOT\$1FOUND**
**Message**: The system cannot find the file specified.
**Resolution**: This error occurs when an invalid organizational unit (OU) distinguished name is provided. The distinguished name must start with **OU=**. Validate the OU distinguished name and try again.
**DOMAIN\$1JOIN\$1INTERNAL\$1SERVICE\$1ERROR**
**Message**: The account already exists.
**Resolution**: This error can occur in the following scenarios:
+ If the issue isn't permissions-related, check the Netdom logs for errors and make sure that you provided the correct OU.
+ The service account specified in the directory does not have permissions to create the computer object or reuse an existing one. If this is the case, validate the permissions and start the WorkSpaces pool.
+ After WorkSpaces creates the computer object, it is moved from the OU in which it was created. In this case, the first WorkSpaces pool is created successfully, but any new WorkSpaces pool that uses the computer object fails. When Active Directory searches for the computer object in the specified OU and detects that an object with the same name exists elsewhere in the domain, the domain join is not successful.
+ The name of the OU specified in the WorkSpaces directory includes spaces before or after the commas in the directory. In this case, when a WorkSpaces pool attempts to rejoin the Active Directory domain, WorkSpaces cannot cycle the computer objects correctly and the domain rejoin does not succeed. To resolve this issue for a WorkSpaces pool, do the following:
1. Stop the WorkSpaces pool.
1. Edit the Active Directory domain settings for the WorkSpaces pool to remove the directory and Directory OU to which the WorkSpaces pool is joined.
1. Update the WorkSpaces directory to specify an OU that doesn't contain spaces.
1. Edit the Active Directory domain settings for the WorkSpaces pool to specify the directory with the updated Directory OU.
To resolve this issue for a WorkSpaces pool, do the following:
1. Delete the WorkSpaces pool.
1. Update the WorkSpaces directory to specify an OU that doesn't contain spaces.
1. Create a new WorkSpaces pool and specify the directory with the updated Directory OU.
**WORKSPACES\$1POOL\$1SESSION\$1RESERVATION\$1ERROR**
**Message**: We currently do not have sufficient capacity for requested sessions in the availability zones [us-west-1] for subnets associated with your WorkSpaces Pool. Our system will be working on provisioning additional capacity. Meanwhile, please change or associate a different subnet using one of the following AZs [us-west-2, us-west-3].
**Resolution**: Wait until EC2 has enough capacity or update subnets in other AZs on the directory.
**INSUFFICIENT\$1CAPACITY\$1ERROR\$1WORKSPACES\$1POOL\$1AZ**
**Message**: We currently don't have sufficient capacity for requested sessions in availability zone (AZs) []. Our system will be working on provisioning additional capacity. Meanwhile please change or associate another subnet using other AZs to your WorkSpaces Pool.
**Resolution**: Wait until Amazon EC2 has enough capacity or update subnets in other AZs on the directory.
**INVALID\$1CUSTOMER\$1SUBNET\$1CIDR\$1BLOCK**
**Message**: Your subnet includes use of an unavailable CIDR range. Please update your subnets outside of the current /18 range.”.
**Resolution**: Wait until EC2 has enough capacity or update subnets in other AZs on the directory.