Why can't I connect to my EC2 Windows instance that I launched from a custom AMI?

4 minute read

When I try to connect to my newly launched Amazon Elastic Compute Cloud (Amazon EC2) Windows instance, I receive the "Password is not available yet. Please wait at least 4 minutes" error. After four minutes, I still can't connect.

Short description

You might receive the following error when you try to connect to a newly launched Amazon EC2 Windows instance:

"Password is not available yet. Please wait at least 4 minutes after launching an instance before trying to retrieve the auto-generated password."

If you continue to receive this error after you waited 4 minutes, then verify that you correctly configured the local administrator account's password.

Resolution

To recover access to your new instance, reset the administrator password for the source instance that you used to create the Amazon Machine Image (AMI). To successfully connect to a new instance, the instance's password must match the administrator password.

If you launch additional instances from the same AMI, then you might receive the same error. To avoid the error, configure EC2Launch or EC2Config to automatically generate the password during initialization at the next boot.

When you configure EC2Launch or EC2Config, you must stop and start the instance. For a store-backed instance or an instance that has store volumes that contain data, the data is removed when you stop the instance. For more information, see Instance store volume and data lifetime. If your instance is part of an Amazon EC2 Auto Scaling group, then stop the instance. Check whether the Auto Scaling group has instance scale in protection. Then, temporarily remove the instance from the Auto Scaling group. If your instance has an associated public IP address, then stop and start the instance to change the public IP address. It's a best practice to use an Elastic IP address.

Use the console to configure EC2Launch or EC2Config

To automatically generate a password at the next boot, complete the following steps:

Open the Amazon EC2 console.
Use Remote Desktop Protocol (RDP) to connect to the EC2 Windows instance.
Choose the Windows Start menu.
For Windows Server versions 2008 through Windows Server 2012 R2, open EC2ConfigService Settings. Then, choose the Image tab.
For Windows Server version 2016 or later, open EC2 Launch Settings.
For Administrator Password, choose Random.
Choose Shutdown without Sysprep, and then choose Yes.
Open the Amazon EC2 console.
Choose Instances.
Wait until the instance changes to the Stopped state, and then select your instance.
Choose Actions, choose Image, and then choose Create image.
For Image name, enter a name.
(Optional) For Image description, enter a description.
Choose Create image.

All EC2 instances that launch from this new AMI decrypt the password with a key pair.

Note: When you use Sysprep to shut down, Sysprep removes unique information to standardize your AMI. If you use Sysprep, then you can launch multiple copies of your instances. For more information, see How do I use Sysprep to create and install custom reusable Windows AMIs?

Use PowerShell to configure EC2Launch

Run the following command to schedule the script to run as a Windows scheduled task:

PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule

Note: You can use PowerShell to configure EC2Launch only for Windows Server versions 2016 and 2019. The script runs one time during the next boot. It then deactivates the tasks so that they don't run again. For more information, see EC2Launch tasks.