Jaco shows you how
to resolve common activation issues
with Microsoft Windows Server


I get a message on my Amazon EC2 Windows instance that says "Windows activation failed." How do I resolve this?

When Windows fails to activate, it could be for a variety of reasons. Windows instances use KMS for activation. You can receive a Windows activation error message if your instance can't reach the KMS server.

Update the EC2Config service: The EC2Config service adds the required network routes for your instance to reach the AWS Key Management Service (KMS) activation servers. If the EC2Config service is out of date, it can cause an activation error. You can get the latest update from the Amazon Windows EC2Config Service page.

After the update, you can verify that the required network routes are present by running this command in a Command Prompt window:

route print

You should see entries listed for the IP addresses and

Update AWS Windows drivers: Outdated drivers can also cause Windows activation problems. Ensure that you are using the latest Drivers According to Windows Version.

To verify your driver version, check the Amazon EC2 console:

  1. In the left navigation pane, choose Instances, and then select your instance.
  2. Choose Actions, Instance Settings, Get System Log.

If the driver versions are outdated, follow the instructions for Upgrading PV Drivers on Your Windows AMI.

Check your firewall/security software: KMS runs on port 1688 as TCP traffic. If you have any security or firewall software in place that controls outbound connections from your instance, add an exception to allow the KMS traffic.

Target IP address


Traffic type






Set your Windows KMS setup key: When activating Windows via KMS, generic keys are used based on your operating system version. Some of the most commonly used ones are:

Operating system edition

KMS client setup key

Windows Server 2012

Windows Server 2012 R2 Datacenter


Windows Server 2008 R2 Standard YC6KT-GKW9T-YTKYR-T4X34-R7VHC

A complete list of all Windows editions and their KMS client setup keys are available on TechNet at https://technet.microsoft.com/en-us/library/jj612867.aspx.

After you locate the correct Windows key, open an administrator Command Prompt window and run:

slmgr.vbs /ipk <KMSSetupKey>

Set your Windows KMS machine IP address: If your instance originates from a VM import or an older EC2-Classic instance, it might not have the correct IP addresses for the AWS KMS servers. Set your KMS server by running the following command in an administrator Command Prompt window:

slmgr.vbs /skms

Activate Windows: Now that we’ve addressed all the common remediation steps, we will force an activation of Windows. Open an administrator Command Prompt window and run:

slmgr /ato

A successful product activation message should be displayed.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2014-07-03

Updated: 2016-09-15