AWS Security ChangesHomeSearch

AWS workspaces high security documentation change

Service: workspaces · 2025-10-25 · Security-related high

File: workspaces/latest/adminguide/windows-images-common-errors.md

Summary

Added guidance about NTP server configuration to prevent certificate validation failures

Security assessment

Time synchronization issues can lead to RDP/Skylight certificate validation failures and SSL connection problems, which are critical security concerns. The documentation explicitly addresses this by recommending Amazon's secure time service.

Diff

diff --git a/workspaces/latest/adminguide/windows-images-common-errors.md b/workspaces/latest/adminguide/windows-images-common-errors.md
index ce295439d..80432eff6 100644
--- a//workspaces/latest/adminguide/windows-images-common-errors.md
+++ b//workspaces/latest/adminguide/windows-images-common-errors.md
@@ -175,0 +176,4 @@ To Disable Bitlocker:
+By default, custom images reach out to "time.windows.com" as the default NTP server. If the NTP server is not reachable, time synchronization issues can occur, causing RDP/Skylight certificate validation failures and SSL connection problems that prevent WorkSpaces creation.
+
+If you encounter time synchronization issues, update the NTP server to use the Amazon Time Sync Service at 169.254.169.123. For more information, see [Configure the time for your Windows instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-ec2-ntp.html).
+