Collect action Rescue action Restore action

Troubleshoot impaired Windows instance with the EC2Rescue CLI

The EC2Rescue for Windows Server command line interface (CLI) allows you to run an EC2Rescue for Windows Server plugin (referred as an "action") programmatically.

The EC2Rescue for Windows Server tool has two execution modes:

/online—This allows you to take action on the instance that EC2Rescue for Windows Server is installed on, such as collect log files.
/offline:<device_id>—This allows you to take action on the offline root volume that is attached to a separate Amazon EC2 Windows instance, on which you have installed EC2Rescue for Windows Server.

Download the EC2Rescue for Windows Server tool to your Windows instance and extract the files. You can view the help file using the following command:


EC2RescueCmd.exe /help

EC2Rescue for Windows Server can perform the following actions on an Amazon EC2 Windows instance:

Collect action
Rescue action
Restore action

Collect action

Note

You can collect all logs, an entire log group, or an individual log within a group.

EC2Rescue for Windows Server can collect the following data from active and offline instances.

Log group	Available logs	Description
`all`		Collects all available logs.
`eventlog`	`'Application'` `'System'` `'EC2ConfigService'`	Collects application, system, and EC2Config event logs.
`memory-dump`	`'Memory Dump File'` `'Mini Dump Files'`	Collects any memory dump files that exist on the instance.
`ec2config`	`'Log Files'` `'Configuration Files'`	Collects log files generated by the EC2Config service.
`ec2launch`	`'Logs'` `'Config'`	Collects log files generated by the EC2Launch scripts.
`ssm-agent`	`'Log Files'` `'Patch Baseline Logs'` `'InstanceData'`	Collects log files generated by SSM Agent and Patch Manager logs.
`sysprep`	`'Log Files'`	Collects log files generated by the Windows System Preparation tool.
`driver-setup`	`'SetupAPI Log Files'` `'DPInst Log File'` `'AWS PV Setup Log File'`	Collects Windows SetupAPI logs (`setupapi.dev.log` and `setupapi.setup.log`).
`registry`	`'SYSTEM'` `'SOFTWARE'` `'BCD'`	Collects `SYSTEM` and `SOFTWARE` hives.
`egpu`	`'Event Log'` `'System Files'`	Collects event logs related to elastic GPUs.
`boot-config`	`'BCDEDIT Output'`	Collects `HKEY_LOCAL_MACHINE\BCD00000000` hive.
`windows-update`	`'Log Files'`	Collects log files generated by Windows Update. Note In Windows Server 2016 and later, the log is collected in Event Tracing for Windows (ETW) format.
`cloudendure`	`'Migrate Script Logs'` `'Driver Logs'` `'CloudEndure File List'`	Collects log files related to CloudEndure Agent.

EC2Rescue for Windows Server can collect the following additional data from active instances.

Log group	Available logs	Description
`system-info`	`'MSInfo32 Output'`	Collects `MSInfo32`.
`gpresult`	`'GPResult Output'`	Collects a Group Policy report.

The following are the available options:

/output:<outputFilePath> ‐ Required destination file path location to save collected log files in zip format.
/no-offline ‐ Optional attribute used in offline mode. Does not set the volume offline after completing the action.
/no-fix-signature ‐ Optional attribute used in offline mode. Does not fix a possible disk signature collision after completing the action.

Examples

The following are examples using the EC2Rescue for Windows Server CLI.

Online mode examples

Collect all available logs:


EC2RescueCmd /accepteula /online /collect:all /output:<outputFilePath>

Collect only a specific log group:


EC2RescueCmd /accepteula /online /collect:ec2config /output:<outputFilePath>

Collect individual logs within a log group:


EC2RescueCmd /accepteula /online /collect:'ec2config.Log Files,driver-setup.SetupAPI Log Files' /output:<outputFilePath>

Offline mode examples

Collect all available logs from an EBS volume. The volume is specified by the device_id value.


EC2RescueCmd /accepteula /offline:xvdf /collect:all /output:<outputFilePath>

Collect only a specific log group:


EC2RescueCmd /accepteula /offline:xvdf /collect:ec2config /output:<outputFilePath>

Rescue action

EC2Rescue for Windows Server can detect and address issues with the following service settings:

Service group	Available actions	Description
`all`
`system-time`	`'RealTimeIsUniversal'`	System Time RealTimeisUniversal ‐ Detects whether the `RealTimeisUniversal` registry key is enabled. If disabled, Windows system time drifts when the timezone is set to a value other than UTC.
`firewall`	`'Domain networks'` `'Private networks'` `'Guest or public networks'`	Windows Firewall Domain networks ‐ Detects whether this Windows Firewall profile is enabled or disabled. Private networks ‐ Detects whether this Windows Firewall profile is enabled or disabled. Guest or public networks ‐ Detects whether this Windows Firewall profile is enabled or disabled.
rdp	`'Service Start'` `'Remote Desktop Connections'` `'TCP Port'`	Remote Desktop Service Start ‐ Detects whether the Remote Desktop service is enabled. Remote Desktop Connections ‐ Detects whether this is enabled. TCP Port ‐ Detects which port the Remote Desktop service is listening on.
`ec2config`	`'Service Start'` `'Ec2SetPassword'` `'Ec2HandleUserData'`	EC2Config Service Start ‐ Detects whether the EC2Config service is enabled. Ec2SetPassword ‐ Generates a new administrator password. Ec2HandleUserData ‐ Allows you to run a user data script on the next boot of the instance.
`ec2launch`	`'Reset Administrator Password'`	Generates a new Windows administrator password.
`network`	`'DHCP Service Startup'`	Network Interface DHCP Service Startup ‐ Detects whether the DHCP service is enabled.

The following are the available options:

/level:<level> ‐ Optional attribute for the check level that the action should trigger. Allowed values are: information, warning, error, all. By default, it is set to error.
/check-only ‐ Optional attribute that generates a report but makes no modifications to the offline volume.

Note
If EC2Rescue for Windows Server detects a possible disk signature collision, it corrects the signature after the offline process completes by default, even when you use the /check-only option. You must use the /no-fix-signature option to prevent the correction.
/no-offline ‐ Optional attribute that prevents the volume from being set offline after completing the action.
/no-fix-signature ‐ Optional attribute that does not fix a possible disk signature collision after completing the action.

Rescue examples

The following are examples using the EC2Rescue for Windows Server CLI. The volume is specified using the device_id value.

Attempt to fix all identified issues on a volume:


EC2RescueCmd /accepteula /offline:xvdf /rescue:all

Attempt to fix all issues within a service group on a volume:


EC2RescueCmd /accepteula /offline:xvdf /rescue:firewall

Attempt to fix a specific item within a service group on a volume:


EC2RescueCmd /accepteula /offline:xvdf /rescue:rdp.'Service Start'

Specify multiple issues to attempt to fix on a volume:


EC2RescueCmd /accepteula /offline:xvdf /rescue:'system-time.RealTimeIsUniversal,ec2config.Service Start'

Restore action

EC2Rescue for Windows Server can detect and address issues with the following service settings:

Service Group	Available Actions	Description
Restore Last Known Good Configuration	`lkgc`	Last Known Good Configuration ‐ Attempts to boot the instance into the last known bootable state.
Restore Windows registry from latest backup	`regback`	Restore registry from backup ‐ Restores the registry from `\Windows\System32\config\RegBack`.

The following are the available options:

/no-offline—Optional attribute that prevents the volume from being set offline after completing the action.
/no-fix-signature—Optional attribute that does not fix a possible disk signature collision after completing the action.

Restore examples

The following are examples using the EC2Rescue for Windows Server CLI. The volume is specified using the device_id value.

Restore last known good configuration on a volume:


EC2RescueCmd /accepteula /offline:xvdf /restore:lkgc

Restore the last Windows registry backup on a volume:


EC2RescueCmd /accepteula /offline:xvdf /restore:regback

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Troubleshoot using EC2Rescue GUI

Troubleshoot using EC2Rescue and Systems Manager