I am seeking your assistance and expertise to help me resolve an RDP connection issue to a Windows machine in a SAP Business One DEV CAL (Appliance) created from the SAP template [https://cal.sap.com/]. I'm on the 4th SAP Business One CAL created, and I'm still unable to resolve this issue. I have successfully obtained the Administrator password and have used the RDP link downloaded from the SAP portal or the AWS EC2 dashboard, with a static public address. On the other hand, I conducted a test by creating a Windows Server machine directly under AWS (without any link to SAP), and the RDP worked fine, but not for the SAP B1 CAL created from the SAP portal.

Are there any other SAP settings to configure in AWS, apart from those mentioned in the document "AWS_FAQs.pdf" from the link "https://caldocs.hana.ondemand.com/caldocs/help/AWS_FAQs.pdf" ou the video below « https://youtu.be/6I07Q32Mfj8 » ?

I have checked the following parameters without success:

• The environment is active (both instances are running), and I have correctly used the RDP link downloaded from the SAP portal or the AWS EC2 dashboard.
• How to configure your IAM user?: I created a group with the following policies:
  • AmazonEC2FullAccess
  • AmazonVPCFullAccess
  • IAMReadOnlyAccess
  • AWSAccountUsageReportAccess

• How to configure your IAM user?:
  • Add permissions and policies using "Add inline policy" in the JSON tab of the IAM console:
    • Navigate to the Permissions tab.
    • Click on Add permissions, then select Add inline policy.
    • In the JSON tab, paste the following policy:
      jsonCopy code

      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:DescribeKey", "kms:CreateGrant", "kms:GenerateDataKeyWithoutPlaintext" ], "Resource": [ "*" ] } ] }
• How to configure your IAM user for consuming SAP Cloud Appliance Library APIs?:
  • Add permissions and policies using "Add inline policy" in the JSON tab of the IAM console:
    • Navigate to the Permissions tab.
    • Click on Add permissions, then select Add inline policy.
    • In the JSON tab, paste the following policy:
      jsonCopy code

      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:ListSecrets", "secretsmanager:TagResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret" ], "Resource": "*", "Condition": { "StringEquals": { "secretsmanager:ResourceTag/CAL:Origin": "SAP Cloud Appliance Library" } } } ] }
• Adding inbound traffic rule for port TCP 3389 in your security group → already added through CAL creation.
• RDP port (3389) in the local Windows firewall → Open.
• Adding inbound traffic rule to avoid IP restrictions and accept all IP addresses → already added through CAL creation with the value.
• I have tested from various networks, including my home and using 4G.
• I tried preceding the user with the local domain name (.) or using the names AWS, EC2, AWSAD.

This CAL system is new to me, and I urgently need this environment.

Thank you in advance for your assistance.

Best ragards,
Hafid