Jaco shows you how
to resolve common activation issues
with Microsoft Windows Server

windows-activation-fails-jaco

I get a message on my Amazon EC2 Windows instance that says "Windows activation failed." How do I resolve this?

Windows might fail to activate for a variety of reasons. Windows instances use AWS Key Management Service (AWS KMS) for activation. You can receive a Windows activation error message if your instance can't reach the AWS KMS server.

Automated Version

The AWSSupport-ActivateWindowsWithAmazonLicense automation document activates an Amazon EC2 Windows Server instance with a license provided by Amazon. The automation checks the current status of Windows for your instance, and then activates Windows if the status is inactive.

Note: This solution can't be used with Bring Your Own License (BYOL) Windows instances. To use your own license, see Microsoft Licensing on AWS.

1.   Open the AWS Systems Manager console.

2.   Verify that you are in the region where your EC2 instance is.

3.   Open the AWSSupport-ActivateWindowsWithAmazonLicense document.

4.   In Execution Mode, choose Execute the entire automation at once.

5.   In Input parameters, in the InstanceId field, enable Show interactive instance picker.

6.   Choose your EC2 Instance, and then choose Execute automation.

Note: If you don't see your instance in the list, it's not enabled for AWS Systems Manager. To configure AWS Identity and Access Management (IAM) for SSM Agent, see Create an Instance Profile for Systems Manager.

7.   To monitor the execution progress, choose the running automation, then see Executed steps. To view the output of the automation, expand Outputs.

Manual Version

Update the EC2Config service: The EC2Config service adds the required network routes for your instance to reach the AWS KMS activation servers. If the EC2Config service is out of date, you might receive an activation error. You can get the latest update from the Amazon Windows EC2Config Service page.

After the update, verify that the required network routes are present by running this command in a command prompt window:

route print

You should see entries listed for the IP addresses 169.254.169.250 and 169.254.169.251.

Update AWS Windows drivers: Outdated drivers can also cause Windows activation problems. Be sure that you are using the latest Drivers According to Windows Version.

To verify your driver version, check the EC2 console:

  1. In the navigation pane, choose Instances, and then choose your instance.
  2. Choose Actions, Instance Settings, and then choose Get System Log.

If the driver versions are outdated, follow the instructions for Upgrading PV Drivers on Your Windows AMI.

Check your firewall/security software: AWS KMS runs on port 1688 as TCP traffic. If you have any security or firewall software in place that controls outbound connections from your instance, add an exception to allow the AWS KMS traffic.

Target IP address

Port

Traffic type

 

169.254.169.250

1688

TCP

 

169.254.169.251

1688

TCP

 

Set your Windows AWS KMS setup key: When activating Windows with AWS KMS, generic keys are used based on your operating system version. Some of the most commonly used ones are:

Operating system edition
AWS KMS client setup key
Windows Server 2012 BN3D2-R7TKB-3YPBD-8DRP2-27GG4
Windows Server 2012 R2 Datacenter W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9
Windows Server 2008 R2 Standard YC6KT-GKW9T-YTKYR-T4X34-R7VHC

A complete list of all Windows editions and the AWS KMS client setup keys are available on Microsoft documentation Appendix A: KMS Client Setup Keys. Locate the correct Windows key, open an administrator command prompt, and then run:

slmgr.vbs /ipk <KMSSetupKey>

Set your Windows AWS KMS machine IP address: If your instance originates from a VM import or an older EC2-Classic instance, the instance might not have the correct IP addresses for the AWS KMS servers. Set your AWS KMS server by running the following command in an administrator command prompt window:

slmgr.vbs /skms 169.254.169.250:1688

Activate Windows: Open an administrator command prompt and run:

slmgr /ato

A successful product activation message should appear.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2014-07-03

Updated: 2018-06-14