Recover AWS Instance When RDP is Not Working

If we are not getting connected to our instance, then there must be some below-mentioned issues:

1. Username and password issue
2. IGW Mapping
3. Ports enable or disable on Security Group
4. VNIC (Virtual Network Interface Card)
5. OS Firewall
6. RDP Service

Troubleshoot to get access when not able to get access of EC2 instance remotely.

Steps we need to follow:

1. Create a VPC named 'webshack-vpc'
2. Launch a Windows instance in the VPC, created by you
3. Login to Web Server and close RDP connection
4. Launch a temporary instance (in same AZ)
5. Login to the temporary instance
6. Detach root volume of Web Server
7. Attach this root volume to the temporary instance
8. Download EC2Rescue Software
9. Detach secondary volume and attach it back to the web server
10. Login to the original web server instance and verify its access using RDP

Fig: Recover the Instance When RDP is Not Working

Step 1: Create a VPC named 'webshack-vpc':

Follow the below-mentioned link to create a VPC:

https://redhatpanacia.blogspot.com/2019/06/create-amazon-virtual-private-cloud.html

Step 2: Launch a Windows instance in the VPC, created by you:

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Launch Instance ➔ Select 'Free tier only' ➔ Select 'Microsoft Windows Server 2008 R2 Base' AMI ➔ Next ➔ In Configure Instance Details: Select number of instances: '1'➔ Select Network: 'webshack-vpc' ➔ Subnet: select public subnet ➔ Next ➔ Next ➔ Click to add a Name tag ➔ Name: webshack-web-server ➔ Next ➔ Review and Launch ➔ Launch ➔ Choose an existing key pair or create a new one ➔ Launch Instances ➔ Vie Instances.

Decrypt password and save in a safe place.

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Select Instance 'webshack-web-server' ➔ Actions ➔ Get Windows Password ➔ Browse ➔ Provide Private Key ➔ Decrypt Password ➔ Copy password to notepad and save it to a safe place.

Step 3: Login to Web Server and close RDP connection:

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Select Instance ➔ From Description copy Public IP ➔ Go to Run ➔ type 'mstsc' ➔ paste Public IP ➔ Connect ➔ Username: Administrator ➔ Password: <paste from notepad> ➔ Connect.

Now, we will disallow RDP connection for a practical purpose:

In this RDP connection ➔ Right click on My Computer ➔ Properties ➔ Remote Settings ➔ Click on 'Don't allow connections to this computer' ➔ Apply.

Now we are not able to do any work on this instance and we need to close this RDP connection.

TROUBLESHOOTING:

Suppose, we are not aware of what the issue is, then we need to do some troubleshooting:

[1] Try to do a ping to the Web Server:

Go to Run ➔ type 'cmd' ➔ type 'ping <IP of your instance> ➔ Hit Enter.

We can see, we are getting reply. So, it means there is no issue in networking.

[2] Do telnet on the Web Server:

Syntax:
telnet <Server ip> <port_no> 3389

Example:
telnet 11.1.2.3 3389

Here also we are able to get a response.

This means there could be either a firewall or RDP issue.

NOTE: In some cases, Telnet service is disabled by default. So, we need to enable that first.

Go to Run ➔ Type 'control' ➔ OK ➔ Programs and features ➔ turn windows features on ➔ enable telnet client ➔ OK. Now try to do telnet.

Now, by troubleshooting, as we know that there is some Firewall or RDP issue. So, we need to use EC2Rescue software to rectify this issue. For this, we need to launch a temporary instance. Then attach root volume of web server to this temporary instance and run EC2Rescue software.

Step 4: Launch a temporary instance (in same AZ):

Before launching any instance make sure if you are launching an instance for detaching and attaching purpose, the instance must be created in same AZ and you should use different AMI as compared to the original instance.

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Launch Instance ➔ Select 'Free tier only' ➔ Select 'Microsoft Windows Server 2012 Base' AMI ➔ Next ➔ In Configure Instance Details: Select number of instances: '1'➔ Select Network: 'webshack-vpc' ➔ Subnet: select same AZ ➔ Next ➔ Next ➔ Click to add a Name tag ➔ Name: win-temp ➔ Next ➔ Review and Launch ➔ Launch ➔ Choose an existing key pair or create a new one ➔ Launch Instances ➔ View Instances.

Decrypt password and save in a safe place.

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Select Instance 'win-temp' ➔ Actions ➔ Get Windows Password ➔ Browse ➔ Provide Private Key ➔ Decrypt Password ➔ Copy password to notepad and save it to a safe place.

Step 5: Login to the temporary instance:

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Select Temporary Instance ➔ from Description copy Public IP ➔ Go to Run ➔ type 'mstsc' ➔ paste Public IP ➔ Connect ➔ Username: Administrator ➔ Password: <paste from notepad> ➔ Connect.

In Device manager, we can see that there is only one Disk is available, which is the root volume of temporary instance and is Online.

Step 6: Detach root volume of Web Server:

Before detaching root volume we need to make sure about two things:

1. We should stop the instance and
2. Copy path of root volume in a piece of paper, which is /dev/sda1

AWS ➔ Services ➔ EC2 ➔ Volumes ➔ Select root volume of web server ➔ Actions ➔ Detach Volume ➔ Yes, Detach.

Now, this volume is in available state.

Step 7: Attach this root volume to the temporary instance:

AWS ➔ Services ➔ EC2 ➔ Volumes ➔ Select root volume of web server ➔ Actions ➔ Attach Volume ➔ Select temp-inst instance ➔ Device: <as we are attaching as secondary volume, there is no need to change path> ➔ Attach.

In Device Manager, we can see that there are two disks available. One if the root volume of temporary instance, which is Online and another is offline, which is secondarily attached to the temporary instance.

Step 8: Download EC2Rescue Software:

In RDP of temporary instance, open Browser ➔ Search 'ec2rescue aws' OR directly paste below-mentioned link ➔ Save.

URL: https://s3.amazonaws.com/ec2rescue/windows/EC2Rescue_latest.zip?x-download-source=kc

In some cases, internet explorer could not download any file from the internet. Don't bother, just open Internet Options and do:

Go to Run ➔ type command 'inetcpl.cpl' ➔ Security ➔ Internet ➔ Custom Level ➔ Navigate to Downloads ➔ Click on Enable ➔ OK.

Now try to download the file.

Right Click on Downloaded file ➔ Extract All ➔ Navigate to Extracted Folder ➔ Run EC2Rescue.exe ➔ Agree License ➔ Next ➔ Offline Instance ➔ Select Offline Disk ➔ Next ➔ Verify: Yes ➔ OK ➔ Diagnose and Rescue ➔ In Summary, we can see that 'Remote Desktop Connections' is disabled ➔ Next ➔ Select Remote Desktop Connections option ➔ Next ➔ Rescue ➔ Proceed: OK ➔ Next ➔ Finish ➔ OK.

Note: Sometimes in one shot this does not happen. Don't panic, just do this exercise once again and then verify.

Step 9: Detach secondary volume and attach it back to the web server:

As this disk is already Offline, there is no need to unmount this, just detach the volume from AWS console:

AWS ➔ Services ➔ EC2 ➔ Volumes ➔ Select root volume of Web Server instance ➔ Actions ➔ Detach Volume ➔ Yes, Detach.

As its state converts from 'in use' to 'available', we will attach to its original instance:

AWS ➔ Services ➔ EC2 ➔ Volumes ➔ Select root volume of Web Server instance ➔ Actions ➔ Attach Volume ➔ Instance: Select original instance, which is still in stopped state ➔ Device: (now provide the path which you copied) /dev/sda1 ➔ Attach.

Step 10: Login to the original web server instance and verify its access using RDP:

AWS ➔ Services ➔ EC2 ➔ Volumes ➔ Select Web server Instance ➔ Actions ➔ Instance State ➔ Start ➔ Yes, Start.
Now login to this instance using RDP:

Go to Run ➔ type 'mstsc' ➔ Copy public IP from Dashboard > Connect > Username: administrator > Password: Copy from Notepad > Connect.


Yaayyy!
We are through…