Why did Windows activation fail on my EC2 Windows instance?

Last updated: 2020-09-10

I received a "Windows activation failed" message on my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance. How can I fix this? 

Short description

Windows instances use Microsoft Key Management Service (KMS) on Amazon Web Services (AWS) for activation. You might get a Windows activation error message if your instance can’t reach the KMS server. Or, there might be an issue with the KMS client configuration.

You can either use an AWS Systems Manager Automation document or follow a manual process to activate Windows.


Activate Windows using a Systems Manager Automation document

The AWSSupport-ActivateWindowsWithAmazonLicense Automation document activates an Amazon EC2 Windows instance with a license provided by Amazon. The automation checks the current status of Windows for your instance, and then activates Windows if the status is inactive.

Note: This solution isn't applicable for Bring Your Own License (BYOL) Windows instances. To use your own license, see Microsoft licensing on AWS.

1.    Open the AWS Systems Manager console. Be sure to select the same Region as the EC2 Windows instance that requires Windows activation.

2.    Choose Automation from the navigation pane, and then choose Execute automation.

3.    In the search field, enter AWSSupport-ActivateWindowsWithAmazonLicense. Select the Automation document, and then choose Next.

4.    For Execute automation document, choose Simple execution.

5.    For Input parameters, turn on Show interactive instance picker.

6.    Choose your EC2 instance.

Note: If you don't see your instance in the list, then the instance isn't enabled for Systems Manager. Review the prerequisites for using Systems Manager to manage your Amazon EC2 instances.

If you don't want to enable Systems Manager, or if the instance isn't available in Input parameters, turn off Show interactive instance picker. For InstanceID, enter the ID for your impaired instance. For AllowOffline, choose True.

Important: If you set AllowOffline to True, your instance will stop and then restart. Data in instance store volumes is lost. The public IP address changes if you aren’t using an Elastic IP address.

7.    Choose Execute.

8.    To monitor the execution progress, open the Systems Manger console, and then choose Automation from the navigation pane. Choose the running automation, and then review the Executed steps. To view the automation output, expand Outputs.

Activate Windows manually

1.    Update EC2Config, or run the EC2Launch initialization script.

For Windows Server 2012 R2 and earlier: Update EC2Config, and then restart the instance.

For Windows Server 2016 and later: Run the following command to set the correct route to the KMS server:

PS C:>Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"
PS C:>Add-Routes
PS C:>Set-ActivationSettings
PS C:>slmgr /ato

If Windows still isn't activated, proceed with step 2.

2.    KMS runs on port 1688 as TCP traffic. Be sure to add an exception to allow KMS traffic on any firewall or security software that controls outbound connections from your instance.

3.    Set your Windows KMS setup key. First, identify the correct KMS client setup key for your operating system version. Then, run the following command as administrator:

slmgr.vbs /ipk <KMSSetupKey>

4.    Set your Windows KMS machine IP address. Instances that originate from a VM import or an older EC2-Classic instance might not have the correct IP addresses for the KMS servers. Run the following command as administrator:

slmgr.vbs /skms

5.    To activate Windows, run the following command as administrator:

slmgr /ato

Did this article help?

Do you need billing or technical support?