- Newest
- Most votes
- Most comments
When the grace period for Remote Desktop Services (RDS) CALs expires, it can indeed lock you out of the server due to license issues. Here are steps you can take to regain access to your Windows Server 2022 instance and resolve the RDP licensing issue:
1. Access the Instance via AWS Systems Manager (SSM) If your instance is configured with the AWS Systems Manager agent and you have the necessary IAM permissions, you can use SSM to execute commands or get a session on your instance.
1.1. Verify Instance Configuration:
- Ensure that the instance has the SSM agent installed and the required IAM role attached with the necessary SSM permissions (AmazonSSMManagedInstanceCore policy).
1.2. Start a Session:
- Go to the Systems Manager console.
- Navigate to Session Manager.
- Start a new session and choose the instance you want to connect to.
1.3. Execute Commands:
- Once you have a session, you can execute commands to manage RDS licensing or reset the RDP configuration.
2. Utilize the EC2 Serial Console AWS EC2 instances provide a serial console feature that you can use to access the instance's console without network connectivity.
2.1. Enable Serial Console Access:
- In the AWS Management Console, navigate to the EC2 Dashboard.
- Under Instances, select the instance in question.
- Go to the Actions menu and select Instance Settings > View/Change User Data.
- Add a user data script to enable the serial console:
<powershell>
Enable-Serial-Console.ps1
</powershell>
2.2. Connect via Serial Console:
- Navigate to the EC2 Dashboard.
- Select the instance and choose Connect.
- Select EC2 Serial Console.
- Use the serial console to troubleshoot the instance.
3. Use Safe Mode to Disable RDS Licensing If you can get console access (either via SSM or the serial console), you can boot the server into Safe Mode to bypass RDS licensing temporarily.
3.1. Boot into Safe Mode:
- From the serial console or SSM, run the following command to configure the instance to boot into Safe Mode:
bcdedit /set {current} safeboot minimal
shutdown /r /t 0
3.2. Disable RDS Licensing: Once in Safe Mode, use the registry editor to disable RDS licensing:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM" /v LicensingMode /t REG_DWORD /d 0 /f
3.3. Reboot into Normal Mode:
- Reconfigure the instance to boot normally and restart:
bcdedit /deletevalue {current} safeboot
shutdown /r /t 0
4. Reset the Password Using AWS EC2 User Data You can also reset the admin password using EC2 user data if you have EC2 instance termination protection disabled.
4.1. Update User Data:
- Stop the instance.
- Edit the instance’s user data to include a PowerShell script that resets the admin password:
<powershell>
net user Administrator NewPassword
</powershell>
4.2. Restart the Instance:
- Start the instance and wait for the user data script to execute.
- Try RDP again with the new password.
5. Update or Install RDS Licensing After regaining access to your instance, ensure that RDS licensing is properly configured to avoid future issues:
5.1. Install RDS Licensing:
- Open Server Manager.
- Add the Remote Desktop Services role and configure the Remote Desktop Licensing feature.
- Activate the license server and install the necessary RDS CALs.
By following these steps, you should be able to regain access to your Windows Server 2022 instance and resolve the RDP licensing issue.
Relevant content
- asked 5 years ago
- asked 8 months ago
- asked 2 years ago
- asked a year ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
I wanted to know, if we can RDP into the instance using Admin credentials as AWS provides the required licenses for 2 concurrent sessions !
Use Safe Mode to Disable RDS Licensing - I was able to start a new session using SSM. However, after executing the safeboot command, the system checks for the server failed and I am not able to start a new session with SSM. Is there any way around this ?