How do I troubleshoot RDP connection issues with my Amazon EC2 Windows instance?

3 minute read

I can't use Remote Desktop Protocol (RDP) to connect to my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance.

Resolution

Check the instance's status

To check the instance's status, capture a screenshot of the instance.

If the instance's operating system (OS) successfully boots but fails instance status checks, then there's an issue with the OS network adapter drivers. Or, the OS network isn't correctly configured.

To resolve this issue, complete the following steps:

Verify that you're using the correct IP address

If the instance is in a subnet that uses a NAT gateway, then confirm that you're connecting to the instance's private IP address. The instance is unreachable on the public IP address behind the NAT gateway.

If the instance is in a public subnet, then check whether you can connect to the instance's public IP address. Then, verify that there's a route to the internet gateway in the instance's associated route table.

If the instance is in a private subnet, then make sure that you can connect to the instance through its private IP address. Then, verify that there's a route to the NAT gateway in the instance's associated route table. Also, make sure that you're connected to a VPN or jump server when you connect to a private instance from your local machine.

Verify that port 3389 isn't blocked

Verify that your security group rules, network access control list (network ACL), OS firewall, or antivirus software isn't blocking port 3389.

Confirm that you're using the correct firewall and network configuration

Complete the following steps:

Open Windows PowerShell from your local machine, and then run the following command:

Test-NetConnection -ComputerName yourdomain.exampleco.com -Port 3389

In the output, check whether TcpTestSucceeded is True or False.

If the value is True, then the instance is responding over the network and you can reach the RDP port. For more information, see Test-NetConnection on the Microsoft website.

If TcpTestSucceeded is False, then RDP port 3389 isn't reachable on the affected instance. To resolve this issue, check the following configurations:

The security group that's associated with your instance must allow inbound traffic on TCP port 3389.
The network ACL that's associated with your subnet must allow inbound traffic on TCP port 3389.
If there's a third-party firewall in your environment, then make sure that the firewall doesn't block RDP port 3389.

Additional troubleshooting

If the preceding troubleshooting steps don't resolve your issue, then use the AWS Systems Manager AWSSupport-TroubleshootRDP runbook.

For more information about how to manually troubleshoot connection issues, see Remote Desktop can't connect to the remote computer.

Related information

How can I use EC2Rescue to troubleshoot issues with my Amazon EC2 Windows instance?

Connect to your Windows instance using RDP

Topics

Compute

Related videos

Watch Courtney’s video to learn more (10:32)

AWS OFFICIALUpdated 8 months ago

5 Comments

These instructions are useless. Step 1 refers to an article listing commands to be run on the instance: THIS CANNOT BE DONE IF THE AWS CUSTOMER CANNOT CONNECT TO RDP Step 2 is only if the AWS Instance control panel reports failed checks. THIS IS USELESS IF THE AWS PANEL DOESN'T REPORT ANY ERRORS AND DOESN'T SAY WHAT IT TESTED! Step 3 depends if the network is using an AWS NAT Gateway, but the link is a general concept introduction and DOESN'T DIRECTLY SAY HOW TO CHECK IF AN INSTANCE THAT CANNOT BE REACHED IS DOING THAT Step 4 asks the AWS customer to remotely check if port 3389 is open on the public IP, and then refers to the overly generic documentation for the TCP test command on the AWS customer's own PC. THIS PROVIDES NO INFORMATION ON WHAT TO DO IF THE TCP PORT ISN'T OPEN ACCORDING TO THE TEST!

AWS-User-4644975

replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

MODERATOR

AWS Official

replied a year ago

I echo what AWS-User-4644975 said. I tried step 4 (remotely check if port 3389 is open on the public IP using powershell command), the test failed but there is no information on what to do next. What should the next steps be to open this port?

m-researcher-22

replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

MODERATOR

AWS Official

replied a year ago

I had issues connecting to an EC2 Windows instance using RDP. In my case, the problem was caused by an incorrectly configured VPC.

So running a command like this went into timeout:

nc -zv 35.X.X.X 3389

I inspected the VPCs Route tables and noticed that there is no public gateway configured (no idea how this happened as I had no issues connecting in the past).

After adding an igw, it worked without issues.

Valentin Despa

replied 10 months ago

Relevant content

EC2 Instance Failing Status Checks and SSH Connection Issues
rePost-User-4744009
asked a year ago
Can't Connect RDP to Windows Server Instance
rePost-User-9847306
asked 2 years ago
Can't connect to my Windows instance using RDP
Akata
asked a year ago
Unable to connect to EC2 Ubuntu instance as the instance check fails
Sri Prad
asked a year ago
New Ubuntu Instance failing with 1/2 checks passed: instance status check failed
Accepted Answer
paulushub
asked 2 years ago
How do I capture a screenshot of an unreachable Amazon EC2 Windows instance for troubleshooting?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot an RDP connection or instance status check failure on Windows Server after I change the EC2 instance type?
AWS OFFICIALUpdated 8 months ago
How do I troubleshoot an instance status check failure on my Amazon EC2 Windows instance?
AWS OFFICIALUpdated 2 years ago
Why is my EC2 Windows instance down with an instance status check failure?
AWS OFFICIALUpdated 2 years ago
Change Windows EC2 instance default screen resolution
EXPERT
MikeLim
published 4 months ago