Questions tagged with Windows Provisioning

Hi all, Last 2 weeks i am facing Remote desktop connection problem. I am new in AWS. A few day back, I had received an account suspension mail because of payment due. I made all the payment done. Now i am getting this error on login with RDP. "RDP credential were use to connect did not work, please enter new credential " During this I followed some steps to solve the error: 1.) My Security Group setting:- Inbound rules are:- Http, Https, SSH, RDP, all TCP, All Traffic, Custom TCP for IPV4 and IPV6. Outbound Rules are: All Traffic, HTTP, Custom TCP, HTTPS, SSH for IPV4 and IPV6. 2.) IAM Manager :- Create Role for AmazonEc2RoleforSSM Policy This My Inline Policy ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:PutParameter" ], "Resource": [ "arn:aws:ssm:us-east-2:939764493069:parameter/EC2Rescue/Passwords/i-063933c590287f4d2" ] } ] } ``` 3.) By using System Manager Run command, Changed the current password of windows as well but it's not working. 4.) Also Tried to ping the Public IPv4 address from the local machine but it's working. firewall also take off. 5.) Also tried changing internet service provider. I don't know what am I doing wrong. Is my account is isolated ? Is my setting is wrong? Could you please provide solution.

Hi! I built a web app on an EC2 windows instance & want to put it on my clients domain. Once the server is on the domain, the users only have to go to the server name in their browser & the app renders. I haven't worked with AWS networking & want to know if I should I use Resolver, Amazon Active Directory, or AD Connector? Preferably quick & easy. I only need to join one ec2 windows instance to my clients network. Thanks in advance!

are there any ways to use hyper -v without using a bare-metal dedicated server ? Regards

We have setup a test ADFS on a Windows Server 2019 EC2 in our AWS Managed Active Directory. We have enabled the ADFS sign-on page (example URL: https://sts.contoso.com/adfs/ls/idpinitiatedsignon.aspx). ADFS is successful for signing in with our AD credentials, and for accessing our AWS Console when tested from our ADFS server. The issue is that this URL is only opening when directly logged into the ADFS Windows Server. This sign-on URL is not available from another Windows 2019 EC2 test server that is within the same VPC and subnet. All Security Group ports, and Windows Firewalls are temporarily off on both EC2s. The servers can ping each other and using Nmap it displays all the open ports on the ADFS server. Route 53 has a hosted zone for this AWS Managed domain name, and both the ADFS server and test Windows 2019 server have DNS entries for them. We need to test accessing the ADFS sign-on from outside of the ADFS server. Is there another ADFS URL that is for this purpose or another ADFS configuration that is missing? Both links below were used for setting up ADFS on AWS Managed AD https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/ https://aws.amazon.com/blogs/security/enabling-federation-to-aws-using-windows-active-directory-adfs-and-saml-2-0/ Thank you.

Hi, How do you copy/paste content between local computer and the RDP session opened with Fleet Manager ? Thanks for your help

I've been working on a python script (python version 3.9.6) using boto3 to upload files to my s3 bucket. I want to back up files to AWS as my offsite backup, plus I want to learn more about AWS since I'm a programmer. The problem is my PC freezes when I'm in the middle of uploading it. I have been trying to debug whether or not it's a Windows issue, but I recently changed my configuration to upload chunks in 1000mb sizes and it froze after 15 minutes. Previously, I was using 200mb chunks. My files are rather large so I want to use large chunks. How do I inow if this is a windows issue, isp issue, or boto3 issue or my issue with coding my script? I have successfully uploaded many small files to my S3 bucket, so I don't think it's my script. By the way, I should add that I'm also working with my ISP (T-Mobile home internet) because I do lose internet connectivity several times a day. I get the usual endpoint connection error when that happens. I don't know if my ISP issue can cause my PC to freeze up though. Also, I use half the thread available to me on my PC.

I have two questions, How can i instal a complete application on an image of Windows Server 2019 in lightsail and can i have five RDP connections simultaneously ? Thanks in advance for any help

Hello, I am using a windows server 2019 instance to test the services with AWS Free Tier and whatever trading application I try to install, I have a window that asks me to specify the proxy server options with the following fields to fill in: Server (with options none, socks4, socks5, https ); login and password. I am a beginner and I do not know what information to put. Some apps I tried to install: xm, avatrade, fbs, fxopen, Exness.... Here a screenshot: Thank you for helping me

Hi Everyone, I'm a veteran taking programming classes on line via the GI Bill with other veterans. Many of my fellow students have super old PCs that have difficulty with the Programming software (such as Eclipse and SQL running locally). I'm also using AWS for unrelated personal projects. I was trying to find an image that might be free and easy for them to use. I'm obviously new to virtual machines in this environment. I feel like the easiest thing to do would be to create a new instance for each of my fellow students to use on an as needed basis. I'm getting hung up on finding the best image to use. Are there any recommendations for cost effective/1 person connecting to a dev PC just for classes a few hours a day, configurations? The classes are very Windows centric. Thank You

Hi, i am evaluating fsx for windows file server. I can not understand, is it a pay-as-you-go service or not? In other words, if I provision a 1TB storage, when it is full, will uploads stop or will I be billed accordingly at the end of the month? Thanks in advance.

When we would like to spin up Windows 11 EC2 instances, we go the following error: `ENA must be supported with uefi boot-mode` We tried out many things, but without success. Thanks,

Hi all, I would be running some automation tests on a windows machine (from amazon workspaces https://clients.amazonworkspaces.com/) . The machine gets locked as soon as I disconnect from the desktop session and my tests fail. Is there a good way to keep it unlocked? I have tried ultravnc - https://wiki.imacros.net/How_to_keep_the_Windows_desktop_active, configured auto logon, also configured a few registry settings but nothing seems to work.

I need to create a desktop session (using commandline only) from an AL2 linux server to a windows machine. I am trying to use xfreerdp and rdesktop. I have installed them on my AL2 server. I have installed X11. When I run any desktop client (rdesktop) i get this error : ``` rdesktop IP_WINDOWS_MACHINE Autoselected keyboard map en-us No protocol specified ERROR: Failed to open display: :0.0 ``` I have tried setting up the the DESKTOP environment variable to `:0`, `:0.0`, `localhost:0`, `localhost:0.0` but nothing seems to work. Is there something I am missing in the setup? Is there a better way to do it? I have also tried `xhost +` which doesn't seem to work with the same error message.

Unable to log on to the WindowsServer2008 R2 on EC2. The screen show a message likes "The User Profile Service service failed the logon. User profile cannot be loaded." Then I try to restart from the console but still the same. How can I fix a problem ? I don't even know what caused this problem.

We are not able to take a Remote Desktop of our one of Windows EC2 because EC2 booting into Safe Mode how we can tackle this issue.

Hi all, I have created a Windows10 Custom AMI to run high-end graphic gaming and Content Creation purposes to use g4 instances on EC2. I want to know if this will work without any problem as I have not tested it yet, although I have installed Nvidia Graphic drivers on it.. It seems to be running fine but I just wanted some expert advice. Please share some AWS documentation to support your thought. Regards Gopal Thakur

I just setup an EC2 MS Server 2022 with containers Immediately, it starts with the HIGH "System Interrupts" known issue. Has anyone found a fix for this that works? Please do NOT suggest the usual BS that can be found on the web like updating drivers, unplugging external hardware, disabling USB Roots, etc. It's NOT applicable.

1.Is there any way that we auto assign tag to FSx backups? 2.What is file archival option in AWS FSx for windows file system?

I want to use a Windows image for my CodeBuild machine but I don't get the option in the CodeBuild > Environment > Environment Type for Windows. I did read this article from 2018 that mentions the regions that are available and Asia Pacific wasn't one back then, but that was 4 years ago. https://aws.amazon.com/about-aws/whats-new/2018/05/aws-codebuild-adds-support-for-windows-builds/ Are Windows images now available to use in ap-southeast-2? thanks

When I connect to my windows EC2 instance from linux or windows (RDP) - the text looks very blurred. I tried almost all the tricks that I could find from google. The text is still not clear.

Using AWS Backup to backup and restore Windows 2016 and above EC2 instances which are domain joined to AWS Managed AD. When the instances are restored (as a copy) they appear to retain the same NetBIOS. There will then be two EC2 instances of the same name (different instance IDs) in the same VPC. This has been a problem in the past outside of the cloud. Any best practices in the community for using AWS Backup and Restore with Windows you can point to?

I've experienced 3 System check failures on my LightSail Windows Server instance over the past 18 months. The system check failure lasts for many hours and then according to the FAQ pages (https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-instance-failed-status-check/) it basically means that the underlying hardware has failed and the instance need to be stopped and restarted to migrate to new hardware. I do this manually but it leads to a lot of downtime (especially since LightSail takes upto 1 hour to stop the instance when there's a System check failure). The resource utilization up to the point of failure is extremely low (see image): https://www.dropbox.com/s/a882b3nbu8roauu/Lightsail.jpg 1. Does anyone know why my LightSail instances keep having System check failures and what I can do to avoid it? 2. More importantly, is there anyway to have Amazon automatically Stop and Start the failed instance if the System Check Failure continues for more than X minutes/hours?

Hello! We've read about the new Launch Speed Optimizations for Windows Server (https://aws.amazon.com/about-aws/whats-new/2022/01/aws-speed-optimizations-windows-instances-ec2/ ) and wanted to try it out, as it really fits our use-case. However, on every Image we enable the optimizations spins up several t3 instances for like half an hour and then ends up in an **enabling-failed** state. Our image is Windows Server based and usually runs on g5. Greetings Dominique

I'm trying to clone my Windows 2016 Server instance `i-01`. What I did: 1. Installed latest drivers according to [this article](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/migrating-latest-types.html) 2. Rebooted successfully 3. Run [SysPrep](https://aws.amazon.com/premiumsupport/knowledge-center/sysprep-create-install-ec2-windows-amis/) Now I can start my `i-01` instance but it became inaccessible. I can't connect it via RDP. If I connect via AWS Serial Console, it shows me `Windows is still being configured. SysprepState=IMAGE_STATE_UNDEPLOYABLE` for many hours already. What are the ways for further investigations?

I have the instance 'i-01' in us-west2. This is a Windows Server 2016 one. It works fine for years. I can access it via RDP, via Connect in AWS Console. It has SSM and Cloud Watch Agent services installed and running. I created AMI `ami-01` from it and launched a new instance `i-02` in the same region from this `ami-01`. But: 1. One of the 2 Status Checks is `Instance reachability check failed` 2. I can't RDP to it 3. I can't connect via Session Manager in AWS Console 4. I can't connect via EC2 Serial Console. It gives me `Still waiting for meta-data accessibility...` What I tried to do: 1. Reboot `i-02` 2. Reboot the initial `i-01` to verify it will be accessible after rebooting. And it is. 3. Remove `i-02` and create a new instance from `ami-01`. The same result - inaccessible. 4. Copy `ami-01` to us-east1 region and create the instance there. The same result - inaccessible. 5. Run CLI command `aws describe-instances` and compare JSONs for both `i-01` and `i-02`. No significant changes other than IP addresses and IDs. The question is: How can I understand what is going on inside this instance and why it's inaccessible?

Hello, I have a problem during the provisioning of the IoT thing using claim certificates. We are using the fleet provisioning by claim mechanism. We are following the steps described in this PDF: https://d1.awsstatic.com/whitepapers/device-manufacturing-provisioning.pdf When we start the provisioning process, we are providing the `AwsIotMqttConnectionBuilder` with the claim certificate and claim private key(which are generated in previous step). The problem comes when we are building the `MqttClientConnection` with which to make the request to the AWS IoT core for the provisioning. Here is a detailed exception: ``` Exception occurred during fleet provisioning by claim at com.iav.de.ota.provisioning.flow.FleetProvisioningByClaimFlowExecutor.execute(FleetProvisioningByClaimFlowExecutor.java:50) at com.iav.de.ota.provisioning.ProvisioningFacade.provision(ProvisioningFacade.java:60) at com.iav.de.ota.provisioning.ProvisioningFacade.provisionToDeviceManagementCloud(ProvisioningFacade.java:54) at com.iav.de.ota.provisioning.ProvisioningFacade.provision(ProvisioningFacade.java:39) at com.iav.de.ota.Main.main(Main.java:42) Caused by: software.amazon.awssdk.crt.CrtRuntimeException: TlsContext.tls_ctx_new: Failed to create new aws_tls_ctx (aws_last_error: AWS_IO_FILE_VALIDATION_FAILURE(1038), A file was read and the input did not match the expected value) AWS_IO_FILE_VALIDATION_FAILURE(1038) at software.amazon.awssdk.crt.io.TlsContext.tlsContextNew(Native Method) at software.amazon.awssdk.crt.io.TlsContext.<init>(TlsContext.java:24) at software.amazon.awssdk.crt.io.ClientTlsContext.<init>(ClientTlsContext.java:26) at software.amazon.awssdk.iot.AwsIotMqttConnectionBuilder.build(AwsIotMqttConnectionBuilder.java:502) at com.iav.de.ota.mqtt.MqttConnectionFactory.create(MqttConnectionFactory.java:44) at com.iav.de.ota.provisioning.flow.FleetProvisioningByClaimFlowExecutor.execute(FleetProvisioningByClaimFlowExecutor.java:42) ``` Going throught the error, I have found that this error `AWS_IO_FILE_VALIDATION_FAILURE(1038)` indicates that the expected claim private key/certificate is not matching the ones which we are giving it to it. So, I started going further into the issue and found that the library which we are using for reading the private key(bouncy castle) is reading a key which different than the input one. In other words, when I inspect the claim private key with Notepad and compare it with the one which the BouncyCastle has read - they are different. The problem is more interesting because this does not happen on Linux machines and only on Windows machines. I have even tried to read the claim private key as plain string from the file and pass it to the MqttConnection and this works. Unfortunately, this is not a solution because later on(after the provisioning) we are storing the real certificate and private key, for later on communication with the AWS IoT Core, in a KeyStore which we are reading with BouncyCastle, again. So, we need the library(BouncyCastle or other) in order to read the private key/certificate in any moment of the execution of the progam(either during the provisioning or later on during the other AWS IoT Core calls with the real certificates). Forgot to mention, the claim private key and claim certificate are stored in PEM format. Could you tell me what can be done here? Is there any AWS supported library for reading the claim private key/certificate without using BouncyCastle? Any suggestions here are welcomed because we are stucked and the requirements are that each AWS IoT Things will be running on Windows OS. Thanks a lot, Encho

Hi, I am setting up an AppStream Elastic Fleet on Windows and I can get into a running instance and see that the virtual hard drive file and startup script are downloaded to the machine, but the startup script fails. There seems to be a permissions issue, as when I run the script in an ImageBuilder instance it runs okay. I can see that the initial part of the script (which is basically the AWS sample script) runs as it writes the dispart commands to a text file as expected. However as the startup script needs to mount the virtual hard drive the application can not run. By the way, I can get into the running instance using the function keys drop-down to send the instance ctrl+alt+del and get the into the task manager. This seems like a security issue - it would be good to disable this key sequence or by some other means disable the task manager.

HI, I have some PC CD games that I used on my Windows machine. I want to know if I can upload the games to my AWS Windows workspace? I now would use the AWS desktop app to connect to my AWS windows workspace and play the game using the cloud. Is this possible? 1) how do I get the game uploaded to my AWS workspace? Do I order a hardrive (snow device) from AWS load the games on the snowdevice at home and then send the hardrive back to AWS data center and have them uploaded to my workspace? I like this idea so I can go to any computer with internet connection and the AWS Workspace App and play the game from anywhere. 2) Am I thinking about this all wrong? What other means do you recommend for playing games using the AWS workspace or any suggestions? Part of my motivation is to learn about AWS workspaces and what the capabilities are over a home computer. Maybe all I need to buy is a thin client here at home and not buy the new windows 11 machine.

I followed the guide for [EC2 Windows Instances](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/EC2_GetStarted.html) and got a "Password is not available" error when trying to get the password to connect to the instance. I used the official Amazon AMI for Windows Server 2016 Base with t2.micro (as specified in the guide). The error says: > Password is not available. The instance was launched from a custom AMI, or the default password has changed. A password cannot be retrieved for this instance. If you have forgotten your password, you can reset it using the Amazon EC2 configuration service. I am confused, as I used the official AMI from Amazon and I didn't change the password (I can't even connect to the instance). How do I resolve this issue and connect to the instance?

we need to migrate our windows 10 pro VM from VMware to AWS we can able move the same but the question is how we can manage license part as AWS doesn't provide license to win 10 client OS how do I proceed then? thanks in advance

We are using AWS Workspaces with AD connector and would like to test moving Workspaces between OUs. I believe moving a Widows Workspace VM from the OU that it was deployed to initially should not affect the Workspace in any way from the point of AWS as OU parameter is only used for the initial deployment. Is this a correct assumption?

Using a bastion server can solve many problems but the medium you take to connect to your bastion can introduce some problem. One such problem that I encountered is when I was on my bastion server and created ".pem" file to connect to my private EC2 using EC2 Instance Connect. On SSHing, it asked me to enter passphrase. Which I was never asked on any ssh client. So I tried to use other SSH client (CloudShell in my case) to login to the bastion server. On the bastion, I created ".pem" file to connect to my private EC2. Guess what? I was not asked to enter PassPhrase this time. So I compared both the ".pem" files to check what could be the issue, but still I cannot figure out what the issue is. I request my fellow community to shed some light to the problem. I am attaching details on both the files below - -r-------- 1 root root 1699 Dec 26 19:12 MyKey.pem [on EC2 Instance Connect] -r-------- 1 root root 1675 Dec 26 19:15 MyKey.pem [on SSH Client - CloudShell]

Hi there, I managed to add FSx for NetApp ONTAP to our domain with FSxServiceAccount as described on the product page. However, I am running into issues when I am trying to attach it to my Windows instance. (It works fine on Linux). I see the following issues: - When I am running this command New-SmbGlobalMapping -Persistent $true -RemotePath \\<IO of my smb>\share -Credential $creds -LocalPath G:` I get the following error: `New-SmbGlobalMapping : Access is denied.` - I am using domain admin credentials - When I am running this command `net use Z: \\<dns address of the smb>\share` I got the following error: `System error 5 has occurred. Access is denied.` - Also with domain admin creds - I can successfully attach via File Explorer > This PC > Computer >Map network drive, however I can not read/write to it. If I check the FIle permission mode in Propertires I can see that only the owner (FSxServiceAccount?) is allowed to write, however Read should work, but I can not change the permissions as domain Admin. I am using Directory Service Standard Edition. Did you guys experience issues with this? What am I doing wrong? **Update:** I managed to attach the disk, but I can not write or read any file on the disk. It is in OU=Computers, and allowed Everyone Full Access, also allowed Everyone Read/Write the NFS filesystems attached to the AD, but still not working. I am suspecting this is something NetApp specific, but we will see. **Update #2** Based on CloudWreck's comment I found the following: I am using mixed style. I use the following code: ``` net use P: \\WINDOWS\vol1 $CurTgt = "P:" $CurUsr = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name $acl = Get-Acl $CurTgt $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurUsr,"FullControl","ContainerInherit,ObjectInherit","None","Allow") $acl.SetAccessRule($AccessRule) $acl | Set-Acl $CurTgt ``` Get-Acl returns ``` Path Owner Access ---- ----- ------ P:\ Everyone Everyone Allow -1 ``` Also using this one: ``` $CurTgt = "P:" $CurUsr = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name $acl = Get-Acl $CurTgt $usersid = New-Object System.Security.Principal.Ntaccount ($CurUsr) $acl.PurgeAccessRules($usersid) $acl | Set-Acl $CurTgt ``` Also tried this: ``` takeown /F * /R takeown : ERROR: File ownership cannot be applied on insecure file systems; ``` But I am still unable to write/read files or create folders. **Update#3** I ran the following commands and changed the permission from the ONTAP side ``` vserver security file-directory show -vserver windows -path /vol1 vserver security file-directory ntfs create -ntfs-sd sd1 -owner DomainName\Administrator vserver security file-directory ntfs sacl add -ntfs-sd sd1 -access-type success -account DomainName.COM\EVERYONE -rights full-control -apply-to this-folder,sub-folders,files vserver security file-directory ntfs dacl add -ntfs-sd sd1 -access-type allow -account DomainName.COM\EVERYONE -rights full-control -apply-to this-folder,sub-folders,files vserver security file-directory policy create -policy-name policy1 vserver security file-directory policy task add -policy-name policy1 -path /vol1 -ntfs-sd sd1 vserver security file-directory apply -policy-name policy1 vserver security file-directory show -path /vol1 -expand-mask true ``` It changed the file permissions (mode), however I am still unable to read/write files. These are the current settings: ``` File Path: /vol1 File Inode Number: 64 Security Style: mixed Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: 0x10 ...0 .... .... .... = Offline .... ..0. .... .... = Sparse .... .... 0... .... = Normal .... .... ..0. .... = Archive .... .... ...1 .... = Directory .... .... .... .0.. = System .... .... .... ..0. = Hidden .... .... .... ...0 = Read Only UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor ``` ``` ALLOW-Everyone-0x1f01ff-OI|CI 0... .... .... .... .... .... .... .... = Generic Read .0.. .... .... .... .... .... .... .... = Generic Write ..0. .... .... .... .... .... .... .... = Generic Execute ...0 .... .... .... .... .... .... .... = Generic All .... ...0 .... .... .... .... .... .... = System Security .... .... ...1 .... .... .... .... .... = Synchronize .... .... .... 1... .... .... .... .... = Write Owner .... .... .... .1.. .... .... .... .... = Write DAC .... .... .... ..1. .... .... .... .... = Read Control .... .... .... ...1 .... .... .... .... = Delete .... .... .... .... .... ...1 .... .... = Write Attributes .... .... .... .... .... .... 1... .... = Read Attributes .... .... .... .... .... .... .1.. .... = Delete Child .... .... .... .... .... .... ..1. .... = Execute .... .... .... .... .... .... ...1 .... = Write EA .... .... .... .... .... .... .... 1... = Read EA .... .... .... .... .... .... .... .1.. = Append .... .... .... .... .... .... .... ..1. = Write .... .... .... .... .... .... .... ...1 = Read ```

Hi there, When I am trying to join my domain (using Directory service), I am receiving the following error: ``` Amazon FSx is unable to establish a connection with your Active Directory domain controller(s) because the service account credentials provided are invalid. To fix this problem, delete your storage virtual machine and create a new one using a valid service account as recommended in the Amazon FSx user guide. ``` I have read the user guide, and followed all the steps. Now, I am using the same security group as the domain controller and allowing all traffic inside the sg. I checked with Reachability analyzer, the ENI from fsx can communicate with the domain controller's domain controller. I also tried to use the domain admin, just to make sure - but for some reason it does not work. Did any of you experienced something similar?

I just starting using SMS to manage Windows 2019 Server EC2 instance patching (security updates). I noticed that by default, AWS prevents Windows OS to automatically run Windows Update. I followed the instructions for SMS Quick Setup and the Patching of my servers are failing with the following error message: (I have been searching ALL day for a resolution to this. Modifying registry settings, running DSIM commands, etc. Nothing helps. Seems like some type of certificate issue but I can't resolve it). Has anyone else had issues with getting SMS to patch AWS Windows Server 2019 EC2 instances? **Invoke-PatchBaselineOperation : Exception Details: An error occurred when attempting to search Windows Update. Exception Level 1: Error Message: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)** Stack Trace: at WUApiLib.IUpdateSearcher.Search(String criteria) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateAgent.SearchForUpdates(String searchCriteria) At C:\ProgramData\Amazon\SSM\InstanceData\i-03638bdca902ef8fd\document\orchestration\86ed2eda-065a-49d3-b084-69bfc89c14 3d\PatchWindows\_script.ps1:233 char:13 + $response = Invoke-PatchBaselineOperation -Operation Scan -SnapshotId ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (Amazon.Patch.Ba...UpdateOperation:FindWindowsUpdateOperation) [Invoke -PatchBaselineOperation], Exception + FullyQualifiedErrorId : Exception Level 1: Error Message: Exception Details: An error occurred when attempting to search Windows Update. Exception Level 1: Error Message: A certificate chain processed, but terminated in a root certificate which is not trusted by the t rust provider. (Exception from HRESULT: 0x800B0109) Stack Trace: at WUApiLib.IUpdateSearcher.Search(String criteria) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateAgent.SearchForUpdates(String searc hCriteria) Stack Trace: at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateAgent.SearchForUpdates( String searchCriteria) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateOperation.SearchAndProcessResult(Lis t`1 kbGuids) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateOperation.SearchByGuidsPaginated(Lis t`1 kbGuids, Int32 maxPageSize) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateOperation.FilterWindowsUpdateSearch( List`1 filteringMethods) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.FindWindowsUpdateOperation.DoWindowsUpdateOperati on() at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateOperation.DoBeginProcessing() ,Amazon.Patch.Baseline.Operations.PowerShellCmdlets.InvokePatchBaselineOperation failed to run commands: exit status 4294967295

I have been trying to set up a g5.xlarge (windows server 2019) instance to run some tests on but I'm having difficulty with the NVIDIA driver installation. I followed this page: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/install-nvidia-driver.html (Option 2), on how to install the driver correctly and from checking the device manager I can see the NVIDIA A10G card under display adapters. All the program files seem to be there as well. The device manager says teh device is working correctly and the Events log shows it installed the driver. I noticed I can't open the NVIDIA Control Panel, use NDI 5 Studio Monitor (Gives an error about OpenGL Shaders not supported), or find the GPU from my GC app which detects the GPUs on system to use for rendering if you prefer that. To me this would indicate that the driver isn't actually installed correctly because no applications seem to be able to find or use it. However, I was able to run GPU optimization commands into powershell (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/optimize_gpu.html) and it worked just fine which I was not expecting since I thought it wasn't actually installed correctly. We have set up multiple other EC2 instances using g4dn and following the same installation process everything is working just fine. I need to specifically test the new g5 stuff with our products but like I said, I can't seem to get the GPU to work at all Would anyone have an idea as to why I can't use the GPU for anything and get it to start working?

Hi all, my Windows Server 2019 m5d.2xlarge instance previously restarted quickly (~4min) but since mid-Sept 2021 it is taking exactly 18 minutes to restart. When I do "ping -t \[IP]" the server is completely absent during that time, as if it were rebooting & chkdsk'ing just like old times. I created a replacement fresh instance in mid-Sept 2021, Windows Server 2022 m5d.4xlarge based on the AWS Windows base AMI, and it also took a very long time to reboot nearly 30 minutes. I am now running my production workload on this instance so I have not rebooted it, but I'm concerned that it takes so long. My Win2019 instance is still around as a backup & I'm experimenting with it to make reboots normal again -- any ideas? I have tried: * stopped all non-essential services and set to Manual * reviewed the eventvwr logs (it shows silence for ~18 min between typical last-event and normal-startup-event) * run "fsutil dirty query c:" but it's clean * ran "Sysprep /generalize /oobe /mode:vm" (which failed with unspecified error, but there was no change in behavior) * did a "hard reboot" from Ec2 console (made reboot take longer, and Windows eventvwr complained about it later) * I have already installed all Win updates Any ideas would be appreciated, thank you!

Hi, Just launched a new EC2 windows instance and IE doesn't let me download program (I want to install on it) I tried to change security setting in IE but nothing ! I also tried to loosing up system security the time I do it (took of firewall and other stuff). Even rebooting Windows and after the instance (!? don't know if was necessary). The only connection I'm allowed to is with RDP otherwise I would have done with scp/ssh. Anyone could help me on how to change IE behavior or to find another way to download (I'm not a windows expert though

Hello, I have my web application and webserver and they are working fine on my local Windows 10 machine. But when I run the same application on my EC2 instance server itself (again Windows 10) using the same web server, it doesn't work. Does ec2 have any restrictions with response size limit? Here are more details about the problem: https://stackoverflow.com/questions/69186276/django-application-and-apache-server-with-err-connection-reset-on-aws I would be glad if I could some suggestions. Thanks. David

I have tried restarting the server twice. The server response is very slow. RDP took 15 minutes to bring up windows screen. The server is located at Oregon, Zone A (us-west-2a). From what I can see, the CPU Utilization is very low. With the Windows RDP screen up, clicking on Windows explorer takes 10 minutes to run. And of course my website response is slow as well. The problem started early this morning. Hardware Issue? Task Manager shows Service Host: Local System as using at least 50-75% of the CPU. The CPU is at 99%. Edited by: WLPOAWebMast on Aug 9, 2021 3:32 PM Edited by: WLPOAWebMast on Aug 9, 2021 3:45 PM Edited by: WLPOAWebMast on Aug 9, 2021 4:32 PM

Hi, Can you please take a look at our instance: i-01b65cf7f10f3fe72 It completely hung 10 min ago. I have some files saved to the instance C: drive I do not want to lose. Regards, Z

Instance ID i-014714b5b3dddb6ba showed running but was unresponsive. Had 0 status checks passed. Tried stopping the instance. Now it is stuck in a stopping state? Tried force-stopping it, nothing works. This is a production server. Any help is appreciated. Rebuilding an instance takes time. Pls. help. Karthik Edited by: sunkarthik on Jul 16, 2021 7:32 AM Edited by: sunkarthik on Jul 16, 2021 7:34 AM

Good day, I’m running a game server on Windows server 2019 version of lightsail. Today the instance did it’s auto update without any warning right after I closed rdp. Fortunately we’re in a beta stage so no huge loss, but I want to prevent it from doing this as it does cause loss of data to the users of the game without proper server shutdowns.

Hi everyone! I've deployed an EC2 Windows Server 2019 instance recently. Audio works and plays fine via RDP, but when I tried to setup the sound input (considering that input was going to happen via RDP from local device microphone) it occurred that no input devices can even be enabled in the instance. It says "No input devices found". "Troubleshooting" option doesn't help. Please help me understand if it is even possible to enable it? If so, how can I do that? Thank you in advance!

I´m trying the same using WSL2 to mount an EFS (I don´t have access to any Linux Distro because I rely on a corporate VPN). I must move some data from a Docker container to EFS on the first run. I read that I could do that with an IAM user but I can't create one for corporate reasons. From my side, I already configured the _efs-utils_ in my Ubuntu running under WSL2 but every time, I´m trying to mount the EFS, I´m getting this error: _Error retrieving region. Please set the "region" parameter in the efs-utils configuration file._ I already set my region in both files that I found in my PC (I couldn´t find more): • ./efs-utils/build/debbuild/etc/amazon/efs/efs-utils.conf • ./efs-utils/dist/efs-utils.conf Do you have any idea where the efs-utils.conf file you require is located? I cannot find more files beyond those two locations on my PC. Thanks for your time. Edited by: fanmixco on May 14, 2021 4:38 AM

ID: i-02fe3025173fb0670 I am attempting to use Jenkins on an ec2 Windows instance however I get a connection timed out error if I attempt to ssh into the instance and when I attempt to view the public address. Am able to connect using windows Remote Desktop Connection which has been enough to allow me to install Jenkins on port 8080 but I need to be able to access it through https. I am using a public subnet with an elastic IP with these inbound rules: HTTP TCP 80 0.0.0.0/0 - HTTP TCP 80 ::/0 - Custom TCP TCP 8080 0.0.0.0/0 - Custom TCP TCP 8080 ::/0 - SSH TCP 22 (my ip)/32 - RDP TCP 3389 (my ip)/32 - HTTPS TCP 443 0.0.0.0/0 - HTTPS TCP 443 ::/0 -

I have enabled Jumbo frames on 2 EC2 (M5 and R5D sizes) **Windows server 2019 instances** with ENA, the instances are in the same subnet and I have put them in a cluster placement group for good measure. I used the command `Set-NetAdapterAdvancedProperty -Name "Ethernet" -RegistryKeyword "*JumboPacket" -RegistryValue 9015` to enable jumbo frames. I additionally also ran the command `netsh interface ipv4 set subinterface "Ethernet" mtu=9001` However, when I try to ping one instance from another using the jumbo frame packet size on the public IP, using the command below, I am still seeing that packet are dropped. Security groups have the ICMP traffic enabled and ping works with regular packet sizes. `Ping xx.xx.xx.xx -f -l 9000` **Packet needs to be fragmented but DF set.** **Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)** Can anybody suggest what I may be missing here?

I have a Windows VM and I wanted to upgrade it and to do so followed the instructions here: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/prepare-windows-based-instance-and-create-snapshot However, it's been stuck for over an hour saying "Snapshotting..." - I don't know what I can do at this point to get it working again. If I try to start the instance it says "You cannot start an instance while it is in transition." Edited by: GHH on Dec 3, 2020 4:05 PM

I noticed that booting Windows 2019 Base AMI on a: - t3.large (Nitro-based) resulted in having "Ethernet 3" configured with a 1500 bytes MTU. - t2.large (Xen-based) resulted in having "Ethernet" configured with a 9001 bytes MTU.

Hi everyone, I am new here but having a terrible time with Lightrail that I hope you can guide me with. I set up a Windows 2019 Instance for $8/mth. I followed the online video instructions as I just need a simple web server to serve web pages. Since WordPress is not available under Windows I installed IIS and copied a single index.html file to it. I can remotely browse to the page albeit very slowly, or sometimes not at all. The system itself on AWS though is completely unusable, the browser-based RDP connection is very hit and miss and always takes many minutes to connect (if it does at all). I stop the server or reboot but nothing helps with RDP and I am locked out for hours. When I **can** RDP connect each and every mouse-click takes minutes to respond, most of the time open windows (when they finally do open) display a "Not Responding" message as they slowly paint and repaint on the screen, application use on the server is impossible (they never start and even the Start menu can takes minutes to open). I have also used my local Remote Desktop client to connect with the same performance issues. I am on a gigabit connection. Can anyone tell me what I am doing wrong, or is Lightrail a realistic solution for a website? I am running IIS locally and have never had a problem but could that be incompatible with Light rail in some way? Is there an option I should be using that I am not aware of (all I did to start was select N. Virginia and Windows 2019). Any guidance you can give me would be a great help as I think I need to delete what I have and start again. Thank you for any help you can provide.

Complete noob here so sorry for the basic question: I was looking to deploy a simple WordPress website on AWS, I just need a website where I can upload my own HMTM/JavaScript. In my research on AWS I came across LightSail as a solution, read the documentation and watched the videos that looked super easy. But when I went to do it myself and choose the Windows instance, there is no option to install WordPress as shown in the videos. I do see this option under Linux but I know nothing at all about Linux. I've searched the forums extensively and online but I cannot find a simple solution for using WordPress on a Windows instance. I did see in one forum response that MySQL is needed for WordPress, does than mean WordPress itself is only available for Linux? Thank you very much for any direction you can point me in

Hello, this morning when I connected trough RDP I noticed long laggy connection. I have restarted instance and had problem with getting in for an hour+. Finally I got inside, but it is very slow basically in every task, like opening folder. CPU is at just few % of utilization, and lots of available ram. I found other topics saying that it may be due to lack of CPU credits, but in monitoring page I see usage is at 0.859, and balance at 655. This is t2.2xlarge instance with Windows Server 2019.

I need to run a build on a Windows system. I have an existing build.xml for ant which will do what I want but can't find any documentation or examples on how to install ant on Windows. The documentation just says "_You can use a build specification to install other components (for example, the AWS CLI, Apache Maven, Apache Ant, Mocha, RSpec, or similar) during the install build phase._" but does not give any useful examples.

I am trying to switch from a t2.2xlarge instance to a e3.xlarge. System Status check is green, Instance status check is red "instance reachability check failed" OS is Server 2021R2 I used this command to enable ENA aws ec2 modify-instance-attribute --instance-id i-0db6e8abe7fa61536 --ena-support Verified ENA and it shows TRUE, with this command aws ec2 describe-instances --instance-ids i-0db6e8abe7fa61536 --query "Reservations\[].Instances\[].EnaSupport" I updated the PV drivers on the Windows instance with https://s3.amazonaws.com/ec2-windows-drivers-downloads/AWSPV/Latest/AWSPVDriver.zip Anyone know what else I can try?

I have an windows EC2 instance. Today, I was not able to remote into it anymore. EC2 instance is running (status checks shows 2/2) and remote desktop brings up the login prompt. But after entering the password, I get "Unknown Error". I tried remoting from another computer and got the same behavior. Tried restarting EC2, Stop + start EC2 and could not get past "Unknown Error" thrown by remote desktop. If i DONT associate an elastic IP address, then remote desktop works and does not throw "Unknown Error". Any one ran into this ? Appreciate if you are able to share your experience on how this was resolved. Edited by: zebra on Oct 21, 2020 4:30 PM

Are there any limitations operating Windows 2008 (not R2) on EC2? Specifically interested in issues changing instance type/family within the current generation. Eg m4.4xlarge -> m4.2xlarge or m4.4xlarge -> r4.xlarge Cheers!

Hi! I'm hoping someone out there can shed some light as to what's going on with my issue. I haven't been able to RDP into my Windows Server instance and I'm not sure what's wrong at this point. Any time I try to get the password for Windows Admin account, I always receive a "Password not available yet" message, no matter how long the instance has been spun up. Here's what I've verified: 1. I have a security group with a rule that allows RDP traffic from my company's IP over the correct port (3389) 2. The VPC assigned to my instance has "DNS Hostnames" enabled 3. The instance has a publicly reachable DNS hostname (both one generated by AWS and a custom, registered one). I've also tried connecting to it using the Session Manager, but my instance never shows up in the console even though an IAM role with the correct permissions is assigned to it. A coworker of mine configured the AMI and the Instance and was able to RDP into it before, but something has changed. Said coworker has since left the company, so I am unable to ask him questions. I am also not sure what version of Windows Server was used for the AMI, as he left very little documentation and I can't seem to find that information anywhere, even on AWS.

For SQL Server running on EC2 and using FSx, when the FSx maintenance window happens, will there be an interruption to SQL Server ? Do the databases become disconnected?

A customer has an application (from a vendor) that will be used to store and retrieve images, they are looking to grow to 6 TB over the year. The application is windows based and was looking to see if there is a way to mount a S3 bucket as a drive as the application currently only supports local or network drives. Storage gateway is not an option as the customer is not ok to have an additional server.

Customer who is on-prem and also working with Azure to host some Windows 10 remote desktop workloads. They were very interested in Workspaces, especially as it works very well with Active Directory. They wanted to know if Workspaces has a similar capabilities as Windows 10 Enterprise multi-session - it seems like it allows for concurrent sessions with several users: https://docs.microsoft.com/en-us/azure/virtual-desktop/windows-10-multisession-faq They are looking to be able to host a single MS SQL database as well as a 3rd party application, and access it via remote desktops for each of their 10-15 users. However, they seemed averse to hosting it on an EC2 or RDS instance and using RDP to access it via WorkSpaces - specifically they "don't want to use a terminal server", and would rather stream the application to their users which then accesses the database (I'm not sure where the database would be, it seems like it would have to be hosted somewhere though). I was considering AppStream 2.0 to be the best service to turn to for this use case, but was wondering if there is a better solution, possibly more in line with what they are looking at with Windows 10 Enterprise multi-session.

I&#39;m trying to get SSM to manage some Windows 2019 instances. I follow all the steps as far as I can tell. On some machines it works, on some it fails. When it fails, I get this in the logs: ``` error when calling AWS APIs. error details - GetMessages Error: NoCredentialProviders: no valid providers in chain. Deprecated. ``` Google searches tell me that&#39;s probably the IAM role, but I use the same role on my working instances. **Question 1:** Is there ever an error with ssmagent being able to use the role that&#39;s assigned in the EC2 Console? I also see this error: ``` no instanceID provided, Failed to fetch instance ID. Data from vault is empty. RequestError: send request failed caused by: Get http://169.254.169.254/latest/meta-data/instance-id: dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network. ``` The instances that fail have an additional ethernet adapter: ``` Ethernet adapter vEthernet (nat): Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::e43a:dd9f:a811:1e6%20 IPv4 Address. . . . . . . . . . . : 172.27.192.1 Subnet Mask . . . . . . . . . . . : 255.255.240.0 Default Gateway . . . . . . . . . : ``` The instances that work don&#39;t have the vEthernet Adapter. **Question 2:** if this vEthernet is blocking SSMAgent from understanding it&#39;s configuration, how can I work around it?

I am moving a client from an AWS installation controlled by a 3rd party. I dont have access to the installation to get all the configuration data. Most things are working, but one thing I am having issues with is getting SES and Email from 2 applications working. This isnt mass email distribution, it it occasional email from 2 systems that customers use. The email comes from the following 2 systems. SQL Server Reporting Services aka SSRS (a few reports sent out daily) Custom ASP.NET application that uses legacy .NET SMTP API. I have gotten to the point where I have created a domain in SES, added and verified a few email addresses for testing and have created SMTP credentials. --Have sent a test email to my email account from SES through the test tool, but the emails havent arrived--. EDIT: Test Emails from SES test tool have came through. I also went into SSRS and configured the email server. This is simply the email server, the userid, and password supplied when I created credentials. I setup a schedule for a report to run and be delivered to one of the test email addresses I verified. It doesnt arrive and when I look at the SSRS logs it seems like SSRS is having issue connecting to the SES email server. Do I have to create any special Security Group to allow the Windows Server to connect to the SES email server? For the legacy ASP.NET application I believe I need to setup the SMTP Service on Windows Server. I have done that using the same information I used with SSRS according to the following article. https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-windows-server.html When I try to send a test message it never comes through. What am I missing? Edited by: KeithF1138 on Mar 24, 2020 11:45 AM

Hi, I am having problem similar to another user when trying to set up the aws storage gateway for windows. I have done the following: I have configured an EC2 instance with size m4.xlarge and 150 GB of cache. I have set up the following inbound ports for my security group: 80, 20048, 22, 111, and 2049. I have set up the file gateway and selected the intended S3 bucket. When I try to mount the drive via command prompt, I get the following error: Network Error - 53. Can someone please help me?

Dear all, I have a storage gateway file share linked to my Windows server infrastructure. When I copy a big file in this share after a few minutes the copy process fails with this error: "You need permission to perform this action" I&#39;m sure I have permission to that share because with smaller files it works. What can it be? Is there any session timeout I can adjust?

A customer is asking if AWS only provide Datacenter editions of Windows Server or if we also offer Standard editions. Checking on the AMI's I could not see any Standard edition as well. Has anyone have insights on this?

A customer is asking us to show virtual desktop (VDI) Solution. They want to have 4 or 5 type of vdi (office low perf, office high perf, cad installation). They need to have vdi with file share on aws (for home folder) and with possibility to connect with on-prem (direct connect), and need to join to domain controller (windows desktop) In this case which is the service more suitable? In case is it possible to have home folder mapped on fsx for example? Thanks a lot

Hi, We are unable to connect to Remote Desktop to the Windows Server 2019 from the last two days. Following is the error we are getting while try login to the server "An authentication error has occurred. The function requested is not supported Remote computer: <computer name=""> This could be due to CredSSP encryption oracle remediation. For more information, see https:/go.microsoft.com/fwlink/?linkid=866660" We also installed latest windows updates using AWS System Manager to check if it resolves the issue, But it did not help.

I’m migrating two legacy applications to docker container to execute in ECS. I have the applications in containers and successfully executing. The issue I’m working through now is that both rely on the value of Request.ServerVariables(“REMOTE_USER”) to determine if the current user has access to the application. When executing inside the container this value is returned as empty string or null. I&#39;ve tried a few different variables, methods to obtain this value to no avail. Is there a method to making this value available within the container? I’ve searched online and have come up empty.

Hi! We have an EC2 instance running Windows Server, which is shutting down randomly, ussually once a day, no pattern detected. It seems related to a driver, but reinstalled the AWS drivers. I'm guessing if there is a hardware problem ....not sure what that means in EC2... I upgraded PV drivers using this instructions, but no luck https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Upgrading_PV_drivers.html Attached you can see both dump files, however I could not figure out what to do....could you please help? The log says: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800016b19df, 0xfffff88005917ed0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112119-15350-01. The minidump says it's this SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff800016b19df, Address of the instruction which caused the bugcheck Arg3: fffff88005917ed0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero.

A customer is running a proof-of-concept for live video playout using Windows-based EC2 instances running Grass Valley. At bitrates approaching 45 Mbps they start to see packet loss impacting the quality of the video and would like ways to monitor the packet loss directly on the EC2 instances as near to realtime as possible. What are good ways to do this on Windows with as little latency as possible to allow the customer to monitor and alert on packet loss problems?

In my ASP.NET MVC running on EC2, I get the following exception when accessing my webapp: ``` [NullReferenceException]: Object reference not set to an instance of an object. at System.Web.HttpApplication.GetNotifcationContextProperties(Boolean& isReentry, Int32& eventCount) at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) ``` As you can see, the error is in the .NET framework, not thrown directly from my Global.asax.cs. Here is my Global.asax.cs: ``` public class MvcApplication : System.Web.HttpApplication { protected void Application_Start() { ... AWSXRayASPNET.RegisterXRay(this, "authorize-qa"); } } ``` I've confirmed the X-Ray Windows Service is running on my instance. Edited by: LuisLDQ on Oct 21, 2019 10:43 AM Added line about X-Ray Windows Service

Hey, all: I am BRAND new to lightsail, though I do have some other experience with VPS. Anyway, I created my instance and can open up my Windows desktop via lightsail. The first thing I want to do is download some programs to use via my new VPS. But I'm having big time issues accessing web sites and downloading via the IE browser on the desktop. 1) I would like to download Chrome, but when I navigate to the Chrome website, the download button does not work. I can see the button, but nothing happens when I push it. I've ensured that the Google download site is Trusted, but that doesn't help. 2) I am trying to log into my ig.com account, but when I navigate to IG.com then hit the link to their login page, nothing happens. Again, I've ensured IG.com is "Trusted", but that doesn't help. 3) I am trying to navigate to my Fidelity brokerage account, but the Fidelity website doesn't load correctly via the IE browser in my lightsail Windows desktop. What am I missing? Is there some setting that I'm not changing to allow basic website loading, login and download to work? At this point the desktop is worthless to me. Super frustrated. Appreciate any help! Thanks, TW

Hi All, Greetings, I would appreciate if you can share some advise, and your experience if its possible and OK to migrate Windows Server 2008 and SQL 2008 R2 as is (Lift and Shift) without migrating to higher version ? Most of these are running on Physical servers. Or what can be the best approach to migrate and upgrade during migration to higher version of OS and SQL ? Would really appreciate if you can provide some suggestions / guidance. Regards, Dilawar Edited by: Dilawar on Sep 25, 2019 5:10 AM

I have a load balanced + auto scaled .NET Windows application configured with 2 hosts minimum. But when 1 of the hosts is "unhealthy", it doesn't get replaced automatically. I have to kill it and then it will be replaced. The load balancer also knows it is unhealthy. So why the disconnect with Elastic Beanstalk? Any ideas what could be configured wrong here? And FWIW, I'm pretty sure this used to work.

Hello, Creating/Updating AWS CodeBuild project using WINDOWS_CONTAINER works well until yesterday via CLI but It's not working anymore from today with this exception. ``` An error occurred (InvalidInputException) when calling the UpdateProject operation: Invalid environment type ``` Original command was (nothing has changed from yesterday) ``` aws codebuild update-project --cli-input-json {"name": "build_test_naoko", "description": "build test naoko", "source": {"type": "GITHUB", "location": "...", "gitCloneDepth": 0, "buildspec": "buildspec.yml", "auth": {"type": "OAUTH", "resource": "..."}, "insecureSsl": true, "sourceIdentifier": "master"}, "artifacts": {"encryptionDisabled": true, "location": "hbsmith-codebuild-artifacts-us-east-1-20190423", "overrideArtifactName": true, "packaging": "ZIP", "path": "naoko", "type": "S3"}, "cache": {"type": "NO_CACHE"}, "environment": {"type": "WINDOWS_CONTAINER", "image": "aws/codebuild/windows-base:1.0", "computeType": "BUILD_GENERAL1_LARGE", "environmentVariables": []}, "serviceRole": "arn:aws:iam::...:role/aws-codebuild-build-test-naoko-role", "timeoutInMinutes": 90, "badgeEnabled": true, "secondaryArtifacts": [{"artifactIdentifier": "lastest", "encryptionDisabled": true, "location": "hbsmith-codebuild-artifacts-us-east-1-20190423", "overrideArtifactName": true, "packaging": "ZIP", "path": "naoko", "type": "S3"}]} ``` I updated CLI with latest version but problem still occurs. CodeBuild document still cites it supports **aws/codebuild/windows-base:1.0**. What cause the problem? Is it my fault or CodeBuild's fault?

A customer is planning to import their existing on-prem Windows server image to AWS using VM Import. They would also like to use their existing Windows Server license to use with the imported image. Our documentation says that for the VM imported image, AWS will provide the appropriate Windows server license key. Customer is asking if there is anyway to use their own license with imported windows AMI. Below is what our VM Import documentation says about imported Windows images https://aws.amazon.com/ec2/vm-import/ "In general, when you import your Microsoft Windows VM images into Amazon EC2, AWS will provide the appropriate Microsoft Windows Server license key for your imported instance. Hourly EC2 instance charges cover the Microsoft Windows Server software and underlying hardware resources. Your on-premise Microsoft Windows Server license key will not be used by EC2 and you are free to reuse it for other Microsoft Windows VM images within your on-premise environment."

We had access to one of our Windows 2008 R2 machines until recently, we can't figure out what the issue is with RDP, but we are unable to access from Mac or Windows machines. On a Mac with RDP Version 10, I get the error "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x4" With RDP Version 8, I get the error: "Security negotiation Error: TLSRequired(1)" Launching a new instance from a saved AMI gives the same results.

Hi, I've got CNF template creating Windows 2016 machines with UserData looking like this: ``` "<script>\n", "cfn-init.exe --verbose --stack ", { "Ref" : "AWS::StackId" }, " --resource MyResource", " --region ", { "Ref" : "AWS::Region" }, " --http-proxy http://", { "Ref" : "Proxy" }, " --https-proxy http://", { "Ref" : "Proxy" }, "\n", [...] ``` and CloudFormation::Init part: ``` "installCloudWatch":{ "packages" : { "msi" : { "cloudwatch-msi" : "https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi" } } }, ``` **Problem:** cfn-init still **fails to download the msi**. Error in UserdataExecution.log: Message: The errors from user scripts: Error occurred during build: Failed to retrieve https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi: ('Connection aborted.', error(10060, 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond')) I double checked that I can download the file using Powershell and --proxy flag, i.e. ``` Invoke-WebRequest -Uri https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi -OutFile C:\Temp\agent.msi -Proxy http://my-proxy:{proxy_port} ``` Important to note that signalling constructs (cfn-signal, ResourceSignal), which require internet access, work properly. Edited by: dima-cnqr on Feb 4, 2019 8:49 AM

Our setup: # two different applications # build server uploading new packages to S3 and creating new EB versions via PowerShell # multiple environments per application # we usually trigger deployment from the "Application Version" page in AWS Console This worked very well for hundreds of deployments so far, but today, it somehow got messed up (for both EB applications at the same time!): # let's say I deploy version label v123 to environment A, while there is already v125. The deployment succeeds according to the environment events, and the intended version is reflected in the Application Version table as well as the environments overview. # However, no matter what version I selected, the actually deployed version will always be v125. Once there is a v126, it will always be v126. Even if the selected version had been deployed before, or is still running in (untouched) environments. (The version number is also stored inside the zipped package.) At least it doesn't mix up the versions between EB applications. # Also, when downloading the source package from the Application versions view, I always get the latest uploaded package for this application, not the one I clicked. How can we get out of this situation? And what might be triggering it? Two thoughts on possible reasons: # The object key for new versions in S3 is always the same (per application) in our case. Is this supported, or should be name it differently for each version? On the other hand, it had worked like that for a long time... # Before the problem started, we updated one of the environment's configuration via AWS Console, Configuration | Software | Modify... Previously, we had done this most of the time using PowerShell (Update-EBEnvironment). Is this known to cause problems?

My application uses the WebSocket protocol, which not included in the default Windows Server configuration. Manually i can enable it by setting according item in the Server Manager via Add Roles and Features Wizard (Web Server (IIS) -> Web Server -> Application Development -> Web Socket Protocol). If I want my app to work, i need connect by RDP and manually check in this option. But it is a terrible approach.. I think this task can be accomplished by deploy setting (.ebextensions)? But how can i get it? I would be very grateful for the answer!

Apologies, it looks as if I first posted this in a dead section of the forum, if any moderators want to delete my original post then please do so - https://forums.aws.amazon.com/thread.jspa?threadID=296401&tstart=0 Hi All, We have an EC2 instance setup running our SQL DB which is currently open on port 1433 (1434-1435 also open as well) I'm looking to be able to access the instance remotely but having issues doing so, I have tried to connect to both IP address, and Computer name with and without using the port, I have the SQL Browser Service running but still no joy.. I have setup my security groups to what I think are the correct settings Link: <https://puu.sh/CtXwV/1125dd7d38.png> ``` Unable to Connect: TCP Provider: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ```

Hi, I have an issue with one of my ec2 instance ( Windows Server 2012 R2 ). I have updated PV Drivers, EC2Config but now the instance dont pass status check. The message in de AWS Console is: "Instance reachability check failed" I can start it with c3.large instance type, but not with r4.xlarge. The ec2config service log: 2019-01-02T14:09:35.671Z: EC2Config service starting... 2019-01-02T14:09:35.702Z: Legacy configurator starting... 2019-01-02T14:09:35.702Z: Legacy configurator started. 2019-01-02T14:09:35.718Z: Finding resources 2019-01-02T14:09:35.718Z: Done Finding resources 2019-01-02T14:09:35.734Z: Updating config files... 2019-01-02T14:09:35.749Z: Update config files completed. 2019-01-02T14:09:35.749Z: EC2ConfigMonitorState: 0 2019-01-02T14:09:35.780Z: Starting execution of script 'C:\Program Files\Amazon\Ec2ConfigService\Scripts\DiscoverConsolePort.ps1'. 2019-01-02T14:09:37.655Z: Driver: AWS PV Driver Package v8.2.5 2019-01-02T14:09:38.062Z: Opening COM1 port handle to write to the console 2019-01-02T14:09:38.109Z: Checking Configuration State of Windows before continuing 2019-01-02T14:09:38.109Z: Windows sysprep configuration complete. 2019-01-02T14:09:38.171Z: Warning: Unable to Publish to WMI. | System.Management.Instrumentation.WmiProviderInstallationException: Exception of type 'System.Management.Instrumentation.WMIInfraException' was thrown. at System.Management.Instrumentation.InstrumentationManager.Publish(Object value) at Ec2Config.LegacyConfiguration.LegacyConfigurator.PublishWmiInstance() 2019-01-02T14:09:38.187Z: Checking for Sysprep 2019-01-02T14:10:01.061Z: AMI Origin Version: 2016.05.11 2019-01-02T14:10:01.077Z: AMI Origin Name: Windows_Server-2012-R2_RTM-English-64Bit-Base 2019-01-02T14:10:01.124Z: OS: Microsoft Windows NT 6.3.9600 2019-01-02T14:10:01.124Z: OsVersion: 6.3 2019-01-02T14:10:01.124Z: OsProductName: Windows Server 2012 R2 Standard 2019-01-02T14:10:01.124Z: OsBuildLabEx: 9600.19202.amd64fre.winblue_ltsb.181110-0600 2019-01-02T14:10:01.124Z: Language: en-US 2019-01-02T14:10:01.139Z: TimeZone: Coordinated Universal Time 2019-01-02T14:10:01.139Z: Offset: UTC 00:00:00 2019-01-02T14:10:01.139Z: EC2 Agent: Ec2Config service v4.9.3160 2019-01-02T14:10:01.155Z: AWS VSS Version: 1.1 2019-01-02T14:10:31.701Z: Reading C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml 2019-01-02T14:10:31.795Z: EC2AddRoute: Failed to find local area connection 2019-01-02T14:10:35.826Z: EC2AddRoute: Failed to find local area connection 2019-01-02T14:10:39.873Z: EC2AddRoute: Failed to find local area connection 2019-01-02T14:10:43.904Z: EC2AddRoute: Failed to find local area connection 2019-01-02T14:10:47.935Z: EC2AddRoute: Failed to find local area connection I have tried all that: https://aws.amazon.com/windows/products/ec2/server2012r2/network-drivers/ https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/pvdrivers-troubleshooting.html#server2012R2-instance-unavailable https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/common-messages.html#metadata-unavailable But I still have the same problem. Could someone help me please?

I've just just installed the latest AWS CLI x64 on Windows 10, from file AWSCLI64.msi . Then I have set the PATH variable as required. When I launch aws, I get the following error: ``` C:\Users\Sergio>aws --version Traceback (most recent call last): File "aws", line 27, in <module> File "aws", line 23, in main File "awscli\clidriver.pyc", line 55, in main File "awscli\clidriver.pyc", line 63, in create_clidriver File "botocore\session.pyc", line 386, in full_config File "botocore\configloader.pyc", line 152, in raw_config_parse botocore.exceptions.ConfigParseError: Unable to parse config file: C:\Users\Sergio/.aws/credentials ``` The last line clearly suggests the cause, as the path to credentials file is malformed for Windows: **C:\Users\Sergio/.aws/credentials** indeed, it should be: **C:\Users\Sergio\.aws\credentials** Hence, I've set the env variable `AWS_CREDENTIAL_FILE=C:\Users\Sergio\.aws\credentials` , then opened a new cmd.exe window, but I still get the same error. I've also tried the command: ``` aws configure ``` but the same error occurs too. It seems aws.exe cannot start in any way on Windows. What should I do ? (and please, let AWS fix this bug !) Tags: cli windows configparseerror

A customer is migrating an internal-facing .net microservice to AWS that uses 2-way SSL (client-side authentication) for access control. It's hosted on IIS (Windows Server 2012) in an ASG behind a classic ELB. The problem is that we can't get 2-way to work with IIS behind the ELB. The ELB is configured to use [proxy protocol][1], and has TCP Listeners on port 443 (In & Out). All in-coming REST requests time-out (system cannot be reached). Does anyone know how to get 2-Way SSL to work with IIS behind an ELB? [1]: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html

What type of guidance we can provide to a customer who is looking to migrate hundreds of VMs running Windows server. Is dedicated host the only option to reuse those licenses? Is there an internal expert who can guide them through the process and evaluate options? Regards

A customer built Active Directory on the AWS and wants to use CloudFormation template to spin up Windows machines. When launching an EC2 machine, it should run a PowerShell script to join to the AD Domain. But the script should know the username and password of the AD admin account which has the 'AD Join' permission. Now this customer needs to inject the AD admin's username and password into the User Data section of CloudFormation template. What options are available? What are the pros and cons? * Getting username/password as CloudFormation Input Parameter? * Getting username/password from a securely managed S3 object? Wonder how other people handle this usual scenario.

My customer was using a Windows 2012 R2 AMI provided by Amazon, and the image has disappeared, did that already happen?