How do I troubleshoot RDP connection issues with my Amazon EC2 Windows instance?

3 minute read
0

I can't use Remote Desktop Protocol (RDP) to connect to my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance.

Resolution

Check the instance's status

To check the instance's status, capture a screenshot of the instance.

If the instance's operating system (OS) successfully boots but fails instance status checks, then there's an issue with the OS network adapter drivers. Or, the OS network isn't correctly configured.

To resolve this issue, complete the following steps:

  1. Create a secondary elastic network interface.
  2. Attach the secondary network interface to the instance.
  3. Use RDP to test the instance connection.

Verify that you're using the correct IP address

If the instance is in a subnet that uses a NAT gateway, then confirm that you're connecting to the instance's private IP address. The instance is unreachable on the public IP address behind the NAT gateway.

If the instance is in a public subnet, then check whether you can connect to the instance's public IP address. Then, verify that there's a route to the internet gateway in the instance's associated route table.

If the instance is in a private subnet, then make sure that you can connect to the instance through its private IP address. Then, verify that there's a route to the NAT gateway in the instance's associated route table. Also, make sure that you're connected to a VPN or jump server when you connect to a private instance from your local machine.

Verify that port 3389 isn't blocked

Verify that your security group rules, network access control list (network ACL), OS firewall, or antivirus software isn't blocking port 3389.

Confirm that you're using the correct firewall and network configuration

Complete the following steps:

  1. Open Windows PowerShell from your local machine, and then run the following command:

    Test-NetConnection -ComputerName yourdomain.exampleco.com -Port 3389
  2. In the output, check whether TcpTestSucceeded is True or False.

If the value is True, then the instance is responding over the network and you can reach the RDP port. For more information, see Test-NetConnection on the Microsoft website.

If TcpTestSucceeded is False, then RDP port 3389 isn't reachable on the affected instance. To resolve this issue, check the following configurations:

  • The security group that's associated with your instance must allow inbound traffic on TCP port 3389.
  • The network ACL that's associated with your subnet must allow inbound traffic on TCP port 3389.
  • If there's a third-party firewall in your environment, then make sure that the firewall doesn't block RDP port 3389.

Additional troubleshooting

If the preceding troubleshooting steps don't resolve your issue, then use the AWS Systems Manager AWSSupport-TroubleshootRDP runbook. 

For more information about how to manually troubleshoot connection issues, see Remote Desktop can't connect to the remote computer.

Related information

How can I use EC2Rescue to troubleshoot issues with my Amazon EC2 Windows instance?

Connect to your Windows instance using RDP

AWS OFFICIAL
AWS OFFICIALUpdated 8 months ago
5 Comments

These instructions are useless. Step 1 refers to an article listing commands to be run on the instance: THIS CANNOT BE DONE IF THE AWS CUSTOMER CANNOT CONNECT TO RDP Step 2 is only if the AWS Instance control panel reports failed checks. THIS IS USELESS IF THE AWS PANEL DOESN'T REPORT ANY ERRORS AND DOESN'T SAY WHAT IT TESTED! Step 3 depends if the network is using an AWS NAT Gateway, but the link is a general concept introduction and DOESN'T DIRECTLY SAY HOW TO CHECK IF AN INSTANCE THAT CANNOT BE REACHED IS DOING THAT Step 4 asks the AWS customer to remotely check if port 3389 is open on the public IP, and then refers to the overly generic documentation for the TCP test command on the AWS customer's own PC. THIS PROVIDES NO INFORMATION ON WHAT TO DO IF THE TCP PORT ISN'T OPEN ACCORDING TO THE TEST!

replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied a year ago

I echo what AWS-User-4644975 said. I tried step 4 (remotely check if port 3389 is open on the public IP using powershell command), the test failed but there is no information on what to do next. What should the next steps be to open this port?

replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied a year ago

I had issues connecting to an EC2 Windows instance using RDP. In my case, the problem was caused by an incorrectly configured VPC.

So running a command like this went into timeout:

nc -zv 35.X.X.X 3389

I inspected the VPCs Route tables and noticed that there is no public gateway configured (no idea how this happened as I had no issues connecting in the past).

After adding an igw, it worked without issues.

replied 10 months ago