How do I resolve a Windows activation fail message on my Amazon EC2 Windows instance?
I want to resolve a Windows activation fail message on my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance.
Short description
Windows instances use Microsoft Key Management Service (Microsoft KMS) on AWS for activation. If your instance can't reach the Microsoft KMS server, then you might receive a Windows activation error message. To resolve this error message, use one of these methods:
- Use an AWS Systems Manager Automation document to activate Windows
- Manually activate Windows
Also, Your Windows instance can fail activation if the instance was launched from an Amazon Elastic Block Store (Amazon EBS) snapshot. Amazon EBS snapshots are supported for Linux instances. As a result, the Platform Details shows Linux for your Windows instance. For more information, see "Unable to activate Windows".
Resolution
Use a Systems Manager Automation document to activate Windows
The AWSSupport-ActivateWindowsWithAmazonLicense Automation document activates an Amazon EC2 Windows instance with a license that's provided by Amazon. The automation checks the current status of Windows for your instance, and then activates Windows if the status is inactive.
Note: This resolution isn't applicable for Bring Your Own License (BYOL) Windows instances. To use your own license, see Microsoft licensing on AWS.
To use a Systems Manager Automation document to activate Windows, complete these steps:
- Sign in to the Systems Manager console. Make sure that you select the same AWS Region as the Amazon EC2 Windows instance that requires activation.
- Choose Automation from the navigation pane, and then choose Execute automation.
- In the search field, enter ActivateWindowsWithAmazonLicense. Select the AWSSupport-ActivateWindowsWithAmazonLicense Automation document, and then choose Next.
- For Execute automation document, choose Simple execution.
- For Input parameters, turn on Show interactive instance picker.
- Choose your EC2 instance. If you don't see your instance in the list, then the instance isn't activated for Systems Manager. To resolve, see Setting up Systems Manager for EC2 instances. If you don't want to activate Systems Manager or if the instance isn't available in Input parameters, then turn off Show interactive instance picker. For InstanceID, enter the ID for your impaired Amazon EC2 instance. For AllowOffline, choose True. If you set AllowOffline to True, your Amazon EC2 instance stops and restarts and data in instance store volumes is lost. Also, if you don't use an Elastic IP address, then the public IP address changes.
- Choose Execute.
- To monitor the progress, sign in to the Systems Manger console, and then choose Automation from the navigation pane. Choose the running automation, and then review the Executed steps. To view the automation output, expand Outputs.
Manually activate Windows
To manually activate Windows, complete these steps:
1. Confirm that the latest version of EC2Config is installed and follow these steps:
For Windows Server 2012 R2 and earlier, run these commands:
net stop ec2config net start ec2config
For Windows Server 2016 and later, run this command to set the correct route to the Microsoft KMS server:
PS C:>Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1" PS C:>Add-Routes PS C:>Set-ActivationSettings PS C:>slmgr /ato
Note: If Windows isn't activated after you update EC2Config and run the previous commands, then continue to the next steps.
2. Add an exception to allow Microsoft KMS traffic on any firewall or security software that controls outbound connections from your instance. Microsoft KMS runs on port 1688 as TCP traffic.
3. Set your Windows KMS setup key. To do this, identify the correct Microsoft KMS client setup key for your operating system (OS) version. For more information, see Key Management Services (KMS) client activation and product keys on the Microsoft website. Then, run this command as an administrator:
slmgr.vbs /ipk <KMSSetupKey>
4. Run this command as an administrator to set your Windows KMS machine IP address:
Note: Instances originating from a VM import or an older Amazon EC2 Classic instance might not have the correct IP addresses for the Microsoft KMS servers.
slmgr.vbs /skms 169.254.169.250:1688
5. Run this command as an administrator to activate Windows:
slmgr /ato
6. If the previous step fails activation, then check the network communication from the instance to the Microsoft KMS server. Perform telnet to the Microsoft KMS servers from the instance, and then open PowerShell and enter the following commands:
Test-netconnection 169.254.169.250 -Port 1688 Test-netconnection 169.254.169.251 -Port 1688
Note: For the previous commands, confirm that the connection status output is TcpTestSuccessed=True. If the connection status output is False, then proceed to the next step.
7. Confirm that these registry keys have the correct Microsoft KMS values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform KeyManagementServiceName - 169.254.169.250 or 169.254.169.251 KeyManagementServicePort - 1688
8. Repeat step 6. If the connection status output is still False, then check the Time Sync on your Amazon EC2 instance. For more information, see Set the time for a Windows instance.
Related information
Understanding KMS on the Microsoft website
Upgrade PV drivers on Windows instances
How do I troubleshoot time issues with my EC2 Windows instance?
Relevant content
- asked 6 months agolg...
- asked 2 years agolg...
- asked 2 years agolg...
- asked a year agolg...
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago