can't log in to my EC2 windows instance - amazon-ec2

I've just created a windows EC2 instance. I got the password and downloaded the RDP shortcut. I tried to log in using the Administrator account and the provided password but it keep giving me a message saying that my credentials are wrong. What can I do? Amazon help just giving the simple steps that I did: 1) download the RDP shortcut, 2) retrieve the password using the .PEM file.

It was a matter of time. I waited for some more time (although, it was ready and all checks are done), but just waited and that solved the issue.

Related

Add user to login to an AWS EC2 instance

Im a newb to AWS, so please go easy on me. We currently just spun up a custom Windows 10 instance in AWS. I was able to login via RDP successfully, but I'd like to create a new user within the instance so they can login with a different user account using RDP. Any thoughts would be much appreciated.
Okay, After your response to my first, I think I see what you are asking. Plase watch this video:
https://www.youtube.com/watch?v=rgk2w3dQGSo
Download the RDP. Save it. You can then Edit the .rdp and enter the user name and password you created in Windows.
You can create users in the User Management Console in Windows. Ensure they have the rights needed (Remote Desktop User, Administrator, etc).
Enjoy!
Once an Amazon EC2 Windows instance has been launched, it is just a normal Windows computer.
Therefore, you should use use the standard Admin tools to create the user on the Windows computer, with their own username and password.
It is also recommended that you change the random Administrator password after initial login, or (even better) connect the instance to Active Directory or whatever standard authentication system your company uses.
Technoob here. I just figured out why all of you are having trouble. You need to go to the security group the machine is a part of and open port 3389 to your public IP address (ipchicken.com works). Enjoy
If you are trying to connect from another computer then you have to change the inbound rules.
Go to the security groups of your instance. Go to the inbound rules. Add ipv4 and ipv6 as a new rule and apply it. Download the RDP File and try to connect again. It worked for me.

Access to Amazon EC2 Windows instance via Remote Desktop

I'm new to AWS EC2 and I'm trying to access to a windows instance (it's an image created from another instance),
But when I click on Get password in RDP section, i got this message:
The instance was running since yesterday so why I still have this message? is this something related to missing configuration?
Thanks for your help!
Check the console output for the instance to see whether the AMI that you used to launch it was created with password generation disabled. If password generation is disabled, the console output contains the following:
Ec2SetPassword: Disabled
If password generation is disabled and you don't remember the password for the original instance, you can reset the password for this instance. For more information, see .Reset a lost or expired Windows administrator password

"Remote machine is AAD" but "The logon attempt failed"

I setup Remote Desktop Connection and the computer says: AzureAD\username already has access:
Very good, let's try to connect using AzureAD\username:
Unfortunately it says:
Your credential did not work. Remote machine is AAD joined. If you are
signing in to your work account, try using your work email address.
Of course it didn't work. Any idea?
To successfully connect to an AzureAD joined computer using Remote Desktop, you will need to first save your connection settings to a .rdp file.
To do this, open the Remote Desktop Connection program, enter the IP Address or computer name, then click the "Save As" button at the bottom of the screen. Save it someplace convenient, since we'll need to edit this file by hand.
Next, Right-Click the saved .rdp file and open with Notepad.
Go to the very bottom of the file, add the following lines:
enablecredsspsupport:i:0
authentication level:i:2
Save the file and close.
Now, try double clicking the modified .rdp file and login using the format:
AzureAD\YourFullUsername
Screenshots, original information and credit go to bradleyschacht.com
As an updated answer, the solution is to simply open up the options for the connection, go to the Advanced tab, and check "Use a web account to sign in to the remote computer".
As long as RDP is enabled on the remote machine and the user you are trying to logon is with authorized, it should work.
The Azure Active Directory username is not exactly clear though.
Joined computer via 'FirstName#domain.com', an Azure Active Directory domain account.
Computer shows 'AzureAD\FirstNameLastName' as authorized for RDP since it's an administrator account.
Must use 'AzureAD\FirstName#domain.com' for RDP username.
No other settings changes needed, no manual editing of RDP file just had to get the username right.
from your window, it doesn't seem like you logged in with an azuread account, try with francescomantovani#yourazureaddomain.com as a username?
as per here:https://learn.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc
When you connect to the remote PC, enter your account name in this
format: AzureAD UPN. The local PC must either be domain-joined or
Azure AD-joined. The local PC and remote PC must be in the same Azure
AD tenant.
For some reason the old remote desktop connection application was throwing the same error. I tried connecting through new remote desktop application( included in windows 10 ), it connected without any problem.
The issue is related to the password, which we have set at the time of the creation of VM.
That password doesn't meet the complexity criteria that we didn't get informed about while setting the username & password firstly. Therefore we need to reset the password.
1). click on created VM --> choose reset Password from the side menu.
2). This time they will tell us about constraints for setting the password.
3). Choose the appropriate password.
4). Now login via this format as below:
username : <publicIpOfVM>/<username>
password: newPassword

Lost .pem file. Need help connecting to EC2 remote server

My secretary created a new instance in Amazon using their EC2 server but lost the .pem file. Doing research online I was able to go to the instance system settings/get system log and retrieve some type of password there. The instance system log shows something like this:
2019/04/15 12:15:19Z: Username: Username
2019/04/15 12:15:19Z: Password: <Password>
It is a very long code of random characters.
Is there any way I can use this to log in via remote desktop or is there a way to decrypt it? I tried several decryption methods online and they said this was not a valid "hash"...whatever this means. I am not a technical person so I need hopefully a response in layman terms.
It appears that you are connecting to a Windows instance. When a new Amazon EC2 Windows instance is launched, a program on the AMI (disk image) automatically generates a random Administrator password. This is done so that you can access the instance, but nobody else can.
To keep the password secret, the program encrypts the password with the keypair nominated when the instance was launched. The encrypted password is passed back to AWS via the console. That is the string of 'random characters' you saw.
To decrypt the password, you can use the Get Windows Password feature, which requires you to supply the nominated keypair. It will then decrypt the password, which can be used to login to the instance as Administrator.
Since you no longer have the keypair, you cannot decrypt the password and therefore cannot login to the server. This is good! This proves that security works, because you would not want other people to be able to login to the server.
So, can do you regain access?
Refer to the steps on: I need to reset the administrator password on a Windows Server instance in Amazon EC2
Basically, there are two methods:
If Systems Manager is enabled for the instance, you can run a "rescue" script
Otherwise, there is a series of scripts that assist with the process of:
Detaching the disk
Attaching it to another instance
Resetting a configuration on the disk
Reattaching the disk to the original instance
The second process is a bit like plugging a USB disk into another computer to change a file (except that EC2 disks are managed differently).

Recovering RDP access to potentially compromised GCE Windows 2008 R2 server

I have a Windows 2008R2 server in GCE that is behaving oddly (may be compromised). I can no longer access it via RDP. When I reboot the machine and look at the serial console, I see at the very bottom after the boot sequence, that something called Credentials Manager runs and appears to delete or change some username/password. I suspect that this is what is changing the RDP password. (see image attached). On a normally running Windows VM, I do not see this in the trace.
GCE Agent started.
Starting AddressManager
Starting CredentialsManager
Credentials have changed. Updating...
Changing username...
Deleting old user...
Username or password was updated successfully.```
I have tried resetting or adding a new password using the metadata windows-startup-script-cmd = net user but that does not seem to do anything.
What I get is an error message of the form:
Booting on date 05/05/2015 10:22:49
WARNING: Computer Name windows does not match Compute Engine Instance Name XXXXX.
Did you forget to run gcesysprep?
attributes/windows-startup-script-bat value is not set or metadata server is not reachable.
attributes/windows-startup-script-ps1 value is not set or metadata server is not reachable.
So the question is, how can I get into the machine to see what is happening? Is there a way that the GCE startup sequence could be changed to not call the credential manager to change the password or username?
What you could do is if you have a Gcloud SDK (https://cloud.google.com/compute/docs/gcloud-compute/) installed, you can run the following command while that instance is running:
gcloud compute instances decribe instance_name
This will provide all the information about the instance and you will see a section called MetaData which will display the users and the passwords. Then you can try to remote in and remove any credentials setup in the Credentials Manager located in Control Panel -> User Accounts.
I hope this give you access to your VM

Resources