Why can't I connect to my Amazon EC2 Windows instance that was launched from a custom AMI?

4 minute read

I receive the error "Password is not available yet. Please wait at least 4 minutes after launching an instance before trying to retrieve the auto-generated password" when I try to connect to my newly-launched Amazon Elastic Compute Cloud (Amazon EC2) Windows instance. After four minutes, I still can't connect..

Short description

You might receive the following error when you try to connect to a newly-launched Amazon EC2 Windows instance:

"Password is not available yet. Please wait at least 4 minutes after launching an instance before trying to retrieve the auto-generated password."

If you continue to receive this error after the four-minute wait, verify if you correctly configured the local administrator account's password.

By default, EC2 Windows instances that launch from a public Amazon Machine Image (AMI) use one of these services to automatically generate the administrator password:

  • EC2Launch: for instances that run Windows Server 2016 and later
  • EC2Config: for instances that run Windows Server 2012 R2 and earlier

Note: It's a best practice to change the administrator password from the default, generated password to your own password.

Instances that you launch from custom AMIs take the administrator password from the source instance. However, you can change the default password for the administrator account in the source instance that you used to create the AMI. In this case, the new instance takes the same password. To successfully connect to a new instance, the instance's password must match the administrator password. 


To recover access to your new instance, reset the administrator password. However, you might notice the same error when you launch additional instances from your custom AMI. To avoid the error, configure EC2Launch or EC2Config to automatically generate the password during initialization at the next boot.


Use the console to configure EC2Launch or EC2Config

Follow these steps to turn on password generation at the next boot:

  1. Open the Amazon EC2 console.
  2. Use Remote Desktop Protocol (RDP) to connect to the Windows instance.
  3. From the Windows Start menu, complete the following actions:
    For Windows Server 2008 through Windows Server 2012 R2, open EC2ConfigService Settings. Then, choose the Image tab.
    For Windows Server 2016 or later, open EC2 Launch Settings.
  4. For Administrator Password, choose Random.
  5. Choose Shutdown without Sysprep.
  6. Choose Yes.
  7. Open the Amazon EC2 console, and then select Instances.
  8. Wait until the instance state changes to Stopped, and then select your instance from the console.
  9. Choose Actions, Image, Create image.
    For Image name, enter a name.
    (Optional) For Image description, enter a description.
  10. Choose Create image.

All EC2 instances that launch from this new AMI decrypt the password with a key pair.
Note: When you use Sysprep to shut down, Sysprep removes unique information to standardize your AMI. This allows you to launch multiple copies of your instances. For more information, see How can I use Sysprep to create and install custom reusable Windows AMIs?

Use Windows PowerShell to configure EC2Launch

In Windows PowerShell, run the following command to schedule the script to run as a Windows scheduled task: 

PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule 

Note: This option applies only to the Windows Server 2016 and 2019 versions. The script runs one time during the next boot. It then inactivates the tasks so that they don't run again. For more information, see Configure initialization tasks.

Related information

"Password is not available"

Configure a Windows instance using the EC2Config service

AWS OFFICIALUpdated 6 months ago

what happen if I can not connect to Instance through RDP?

replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
replied a year ago