How do I resolve a Windows activation fail message on my Amazon EC2 Windows instance?

5 minute read

I want to resolve a Windows activation fail message on my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance.

Short description

Windows instances use Microsoft Key Management Service (Microsoft KMS) on AWS for activation. If your instance can't reach the Microsoft KMS server, then you might receive a Windows activation error message. To resolve this error message, use one of these methods:

  • Use an AWS Systems Manager Automation document to activate Windows
  • Manually activate Windows

Also, Your Windows instance can fail activation if the instance was launched from an Amazon Elastic Block Store (Amazon EBS) snapshot. Amazon EBS snapshots are supported for Linux instances. As a result, the Platform Details shows Linux for your Windows instance. For more information, see "Unable to activate Windows".


Use a Systems Manager Automation document to activate Windows

The AWSSupport-ActivateWindowsWithAmazonLicense Automation document activates an Amazon EC2 Windows instance with a license that's provided by Amazon. The automation checks the current status of Windows for your instance, and then activates Windows if the status is inactive.

Note: This resolution isn't applicable for Bring Your Own License (BYOL) Windows instances. To use your own license, see Microsoft licensing on AWS.

To use a Systems Manager Automation document to activate Windows, complete these steps:

  1. Sign in to the Systems Manager console. Make sure that you select the same AWS Region as the Amazon EC2 Windows instance that requires activation.
  2. Choose Automation from the navigation pane, and then choose Execute automation.
  3. In the search field, enter ActivateWindowsWithAmazonLicense. Select the AWSSupport-ActivateWindowsWithAmazonLicense Automation document, and then choose Next.
  4. For Execute automation document, choose Simple execution.
  5. For Input parameters, turn on Show interactive instance picker.
  6. Choose your EC2 instance. If you don't see your instance in the list, then the instance isn't activated for Systems Manager. To resolve, see Setting up Systems Manager for EC2 instances. If you don't want to activate Systems Manager or if the instance isn't available in Input parameters, then turn off Show interactive instance picker. For InstanceID, enter the ID for your impaired Amazon EC2 instance. For AllowOffline, choose True. If you set AllowOffline to True, your Amazon EC2 instance stops and restarts and data in instance store volumes is lost. Also, if you don't use an Elastic IP address, then the public IP address changes.
  7. Choose Execute.
  8. To monitor the progress, sign in to the Systems Manger console, and then choose Automation from the navigation pane. Choose the running automation, and then review the Executed steps. To view the automation output, expand Outputs.

Manually activate Windows

To manually activate Windows, complete these steps:

1.    Confirm that the latest version of EC2Config is installed and follow these steps:

For Windows Server 2012 R2 and earlier, run these commands:

net stop ec2config
net start ec2config

For Windows Server 2016 and later, run this command to set the correct route to the Microsoft KMS server:

PS C:>Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"
PS C:>Add-Routes
PS C:>Set-ActivationSettings
PS C:>slmgr /ato

Note: If Windows isn't activated after you update EC2Config and run the previous commands, then continue to the next steps.

2.    Add an exception to allow Microsoft KMS traffic on any firewall or security software that controls outbound connections from your instance. Microsoft KMS runs on port 1688 as TCP traffic.

3.    Set your Windows KMS setup key. To do this, identify the correct Microsoft KMS client setup key for your operating system (OS) version. For more information, see Key Management Services (KMS) client activation and product keys on the Microsoft website. Then, run this command as an administrator:

slmgr.vbs /ipk <KMSSetupKey>

4.    Run this command as an administrator to set your Windows KMS machine IP address:

Note: Instances originating from a VM import or an older Amazon EC2 Classic instance might not have the correct IP addresses for the Microsoft KMS servers.

slmgr.vbs /skms

5.    Run this command as an administrator to activate Windows:

slmgr /ato

6.    If the previous step fails activation, then check the network communication from the instance to the Microsoft KMS server. Perform telnet to the Microsoft KMS servers from the instance, and then open PowerShell and enter the following commands:

Test-netconnection -Port 1688
Test-netconnection -Port 1688

Note: For the previous commands, confirm that the connection status output is TcpTestSuccessed=True. If the connection status output is False, then proceed to the next step.

7.    Confirm that these registry keys have the correct Microsoft KMS values:

KeyManagementServiceName - or
KeyManagementServicePort - 1688

8.    Repeat step 6. If the connection status output is still False, then check the Time Sync on your Amazon EC2 instance. For more information, see Set the time for a Windows instance.

Related information

EC2Config settings files

Understanding KMS on the Microsoft website

Upgrade PV drivers on Windows instances

How do I troubleshoot time issues with my EC2 Windows instance?

AWS OFFICIALUpdated 7 months ago