Shulou(Shulou.com)06/02 Report--

This problem has been bothering me for 2 days, so we should make a good record. The handling of Windows Server 2012 before and after Server 2016 is not the same. In the accident, I used 2012 method to solve the 2016 problem, because I did not know that the EC2 that forgot the password was version 2016.

And the way Windows handles such problems (forgetting key pair and passwords) is more complicated than Linux's.

Close the instance and mark the instance tag as original-instance

Go to Volume to find the volume of the instance, and then Detach

Delete old Key

Create a new EC2 Instance,tag marked as new-instance

The new Instance should be in the same area as the problematic one, such as us-east-1a, otherwise the volume cannot be loaded.

Launch, then get the same key name as before (the forgotten key), and download and save the key

The following step is crucial. I got it all wrong in previous attempts.

Create an Image from an instance that forgot your password

Then check the progress in IMAGES-- > AMI. It will take a few minutes. Click Launch after completion. This step is similar to the new instance. In order to distinguish it from the new instance, we named this instance image-instance.

Close the Instance after you have created it, and then mount the volume of image-instance to new-instance

Log in to new-instance and download the tool: https://s3.amazonaws.com/ec2rescue/windows/EC2Rescue_latest.zip (this tool is only available for Windows Server versions 2016 and later)

In addition, I read the document and said that the password could be changed by modifying Ec2Config service, but after groping, I found that this was only possible in version 2012 and earlier, and my server that forgot my password was version 2016, which is also because I was surprised that I didn't see the folder C:\ Program Files\ Amazon\ Ec2ConfigService under the path before, so I copy a path to this path from 2012, and at the same time modify the config.xml file, changing EC2Password to Enabled. I don't know if it has anything to do with this, but let's put it on the record.

Then offline the volume on new-instance, Deattach it from Volume, and then hang it back to image-instance. Make sure that Device is set to / dev/sda1, so that it is disk C.

Get the password of image-instance

Import the saved key file to obtain the password. (at the beginning, it failed. It was prompted that the password could not be obtained and the verification was not correct. Here I struggled for a few hours, switching and mounting each other before these three instance, and then I could get the password. I don't know where I got it right.)

Then close the image-instance, mount the volume back to orignal-instance disk C, and start it, so that you can use the new key to get the new password.

Reference documentation

For server 2012 and previous versions: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ResettingAdminPassword_EC2Config.html

For server 2016 and later: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ResettingAdminPassword_EC2Launch.html

I was also inspired by the fact that I should follow the steps completely. When I looked at the document again, I found that I didn't have launch image, but did launch new instance, which is very important. Https://stackoverflow.com/questions/50686939/resetting-administrator-password-for-aws-ec2-windows-server-2012-instance

Later, I received an email support message from AWS Support, but my problem has been solved by myself, so I did not use their method, which is recorded as follows:

For server 2016

In the Amazon IAM Console (https://console.aws.amazon.com/iam/), in the navigation pane, choose Roles, Create new role.

Choose Amazon EC2 Role for Simple Systems Manager, and then choose Select.

Under Policy Name, check AmazonEC2RoleforSSM, Next Step, enter a Role name that is meaningful to you and choose Create Role.

Open the Amazon EC2 console, https://console.aws.amazon.com/ec2/ and choose the appropriate region.

Select the affected instance, choose Actions, Instance Settings, Attach/Replace IAM role. This would attach the IAM role you just created to your instance.

From EC2 console select, "Run Command" and "Run a command" option.

Select "AWS-RunPowershellScript" from Command document

In Select Targets, Select the instance you want to reset password for. Should the instance not be populated in the list, please wait for some time so that the changes can be propagated.

Under Commands, run the following command while replacing "new_password" with your password.

Net user Administrator new_password

Click Run in the lower right, leaving all the settings at default.

Following the successful completion of the run command, you should now be able to log in with that local administrator password you just keyed in under step 9. Once you've regained access to the instance, change the password to a more permanent value by running the command from step 9 again in command prompt of the instance.

Another procedure you can follow to reset the password on the instance is to use the AWSSupport-ResetAccess Automation document from the Systems Manager console. This document is useful if you have lost your EC2 key pair and want to create a password-enabled AMI from your EC2 instance, so you can launch a new instance with an existing key pair. To perform this, you can follow the steps given on the link under the section headed "Systems Manager Automation AWSSupport-ResetAccess (Offline Method)":

[+] https://aws.amazon.com/premiumsupport/knowledge-center/reset-admin-password/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.