I have an instance running Server 2016 Datacenter OS with SQL Web.
It is up and running fine however I would like a copy of it in a new account.
I created an AMI of the machine and shared it with another account.
On the new account I created a new instance with the shared AMI and got it up and running however Windows is complaining about activation.
Usually I have corrected this issue in other accounts with other AMIs by running:
C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1; cscript "${env:SYSTEMROOT}\system32\slmgr.vbs" /ato
or
slmgr.vbs /ckms
slmgr.vbs /skms 169.254.169.254:1688
slmgr /ato
however when I try with this vm I always end up with message that no KMS could be contacted.
It is a fresh instance in a fresh account with fresh default VPC etc. I can connect to the internet fine from it.
I have opened outgoing 1688 in windows firewall and the security group has nothing outgoing being blocked at all.
I can nslookup the KMS' IP and get a response from 169.254.169.254
When it fails to contact the KMS the Windows Application Error Log says:
License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=21c56779-b449-4d20-adfc-eece0e1ad74b;NotificationInterval=1440;Trigger=UserLogon;SessionId=7
I have tried restarting several times and made sure all windows updates were installed.
If I type in: http://169.254.169.254/latest/meta-data/
into a web browser on the local machine I get a list of attributes displayed in the web browser:
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
events/
hibernation/
hostname
iam/
identity-credentials/
instance-action
instance-id
instance-life-cycle
instance-type
local-hostname
local-ipv4
mac
metrics/
network/
placement/
profile
public-hostname
public-ipv4
public-keys/
reservation-id
security-groups
services/
So it seems like I can reach the KMS however Windows still does not want to activate.
I am using DHCP IP for the local address and the stock VPC config. No changes to it at all.
When I nslookup other KMS servers like 169.254.169.250 I get "non-existant domain" in the results so I am pretty sure I should be trying to use 169.254.169.254 as it is the only one that seems to respond.
I have tried re-entering the license number using the KMS license number from the AWS site for Server 2016 Datacenter CB7KF-BWN84-R7R2Y-793K2-8XDDG and then running through the process again A-Z with no luck
I am running in Ohio us-east-2b.
I then tried running the systems manager "Automation" "AWSSupport-ActivateWindowsWithAmazonLicense" however it fails at step 1 with "property value from the API output is empty. Desired values: ['windows'].. "
I tried running it logged in as root and as an "Admin" user I created in IAM. I also tried changing setting for "AutomationAssumeRole
" giving it full access to SSM but that did not seem to make any difference as trying to run with logged in users permissions.
I also tried copying the PS commands from step3 of the automation and running it manually in PS as admin user with admin privilege's and it didnt do anything (was a stab in the dark).
Has anyone else had this issue when creating a new VM from a shared AMI running Server 2016?
Any insight would be appreciated.