Troubleshoot impaired Windows instance with the EC2Rescue GUI - Amazon Elastic Compute Cloud
Analyze an offline instanceCollect data from an active instance

Troubleshoot impaired Windows instance with the EC2Rescue GUI

EC2Rescue for Windows Server can perform the following analysis on offline instances:

Option Description

Diagnose and Rescue

EC2Rescue for Windows Server can detect and address issues with the following service settings:

  • System Time

    • RealTimeisUniversal ‐ Detects whether the RealTimeisUniversal registry key is enabled. If disabled, Windows system time drifts when the timezone is set to a value other than UTC.

  • Windows Firewall

    • Domain networks ‐ Detects whether this Windows Firewall profile is enabled or disabled.

    • Private networks ‐ Detects whether this Windows Firewall profile is enabled or disabled.

    • Guest or public networks ‐ Detects whether this Windows Firewall profile is enabled or disabled.

  • Remote Desktop

    • Service Start ‐ Detects whether the Remote Desktop service is enabled.

    • Remote Desktop Connections ‐ Detects whether this is enabled.

    • TCP Port ‐ Detects which port the Remote Desktop service is listening on.

  • EC2Config (Windows Server 2012 R2 and earlier)

    • Installation ‐ Detects which EC2Config version is installed.

    • Service Start ‐ Detects whether the EC2Config service is enabled.

    • Ec2SetPassword ‐ Generates a new administrator password.

    • Ec2HandleUserData ‐ Allows you to run a user data script on the next boot of the instance.

  • EC2Launch (Windows Server 2016 and later)

    • Installation ‐ Detects which EC2Launch version is installed.

    • Ec2SetPassword ‐ Generates a new administrator password.

  • Network Interface

    • DHCP Service Startup ‐ Detects whether the DHCP service is enabled.

    • Ethernet detail ‐ Displays information about the network driver version, if detected.

    • DHCP on Ethernet ‐ Detects whether DHCP is enabled.

  • Disk signature status

    • Signature on disk and Signature on Boot Configuration Database (BCD) ‐ Detects whether the disk signature and the BCD signature are the same. If the values are different, EC2Rescue attempts to overwrite the disk signature with the signature on BCD.

Restore

Perform one of the following actions:

  • Last Known Good Configuration ‐ Attempts to boot the instance into the last known bootable state.

  • Restore registry from backup ‐ Restores the registry from \Windows\System32\config\RegBack.

Capture Logs

Allows you to capture logs on the instance for analysis.

EC2Rescue for Windows Server can collect the following data from active and offline instances:

Item Description
Event Log Collects application, system, and EC2Config event logs.
Registry Collects SYSTEM and SOFTWARE hives.
Windows Update Log

Collects log files generated by Windows Update.

Note

In Windows Server 2016 and later, the log is collected in Event Tracing for Windows (ETW) format.
Sysprep Log Collects log files generated by the Windows System Preparation tool.
Driver Setup Log Collects Windows SetupAPI logs (setupapi.dev.log and setupapi.setup.log).
Boot Configuration Collects HKEY_LOCAL_MACHINE\BCD00000000 hive.
Memory Dump Collects any memory dump files that exist on the instance.
EC2Config File Collects log files generated by the EC2Config service.
EC2Launch File Collects log files generated by the EC2Launch scripts.
SSM Agent File Collects log files generated by SSM Agent and Patch Manager logs.
EC2 ElasticGPUs File Collects event logs related to elastic GPUs.
ECS Collects logs related to Amazon ECS.
CloudEndure Collects log files related to CloudEndure Agent.
AWS Replication Agent for MGN or DRS Log Files Collects log files related to AWS Application Migration Service or AWS Elastic Disaster Recovery.

EC2Rescue for Windows Server can collect the following additional data from active instances:

Item Description
System Information Collects MSInfo32.
Group Policy Result Collects a Group Policy report.

Analyze an offline instance

The Offline Instance option is useful for debugging boot issues with Windows instances.

To perform an action on an offline instance

  1. From a working Windows Server instance, download the EC2Rescue for Windows Server tool and extract the files.

    You can run the following PowerShell command to download EC2Rescue without changing your Internet Explorer Enhanced Security Configuration (ESC):

    
Invoke-WebRequest https://s3.amazonaws.com/ec2rescue/windows/EC2Rescue_latest.zip -OutFile $env:USERPROFILE\Desktop\EC2Rescue_latest.zip

    This command will download the EC2Rescue .zip file to the desktop of the currently logged in user.

    Note

    If you receive an error when downloading the file, and you are using Windows Server 2016 or earlier, TLS 1.2 might need to be enabled for your PowerShell terminal. You can enable TLS 1.2 for the current PowerShell session with the following command and then try again:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

  2. Stop the faulty instance, if it is not stopped already.

  3. Detach the EBS root volume from the faulty instance and attach the volume to a working Windows instance that has EC2Rescue for Windows Server installed.

  4. Run the EC2Rescue for Windows Server tool on the working instance and choose Offline Instance.

  5. Select the disk of the newly mounted volume and choose Next.

  6. Confirm the disk selection and choose Yes.

  7. Choose the offline instance option to perform and choose Next.

The EC2Rescue for Windows Server tool scans the volume and collects troubleshooting information based on the selected log files.

Collect data from an active instance

You can collect logs and other data from an active instance.

To collect data from an active instance

  1. Connect to your Windows instance.

  2. Download the EC2Rescue for Windows Server tool to your Windows instance and extract the files.

    You can run the following PowerShell command to download EC2Rescue without changing your Internet Explorer Enhanced Security Configuration (ESC):

    
Invoke-WebRequest https://s3.amazonaws.com/ec2rescue/windows/EC2Rescue_latest.zip -OutFile $env:USERPROFILE\Desktop\EC2Rescue_latest.zip

    This command will download the EC2Rescue .zip file to the desktop of the currently logged in user.

    Note

    If you receive an error when downloading the file, and you are using Windows Server 2016 or earlier, TLS 1.2 might need to be enabled for your PowerShell terminal. You can enable TLS 1.2 for the current PowerShell session with the following command and then try again:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

  3. Open the EC2Rescue for Windows Server application and accept the license agreement.

  4. Choose Next, Current instance, Capture logs.

  5. Select the data items to collect and choose Collect.... Read the warning and choose Yes to continue.

  6. Choose a file name and location for the ZIP file and choose Save.

  7. After EC2Rescue for Windows Server completes, choose Open Containing Folder to view the ZIP file.

  8. Choose Finish.