Why did Windows activation fail on my EC2 Windows instance?

Last updated: 2020-02-11

I received a “Windows activation failed” message on my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance. How can I fix this? 

Short Description

Windows instances use AWS Key Management Service (AWS KMS) for activation. You might get a Windows activation error message if your instance can’t reach the AWS KMS server. Or, there might be an issue with the AWS KMS client configuration.

You can either use an AWS Systems Manager Automation document or follow a manual process to activate Windows.

Resolution

Activate Windows using a Systems Manager Automation document

The AWSSupport-ActivateWindowsWithAmazonLicense Automation document activates an Amazon EC2 Windows instance with a license provided by Amazon. The automation checks the current status of Windows for your instance, and then activates Windows if the status is inactive.

Note: This solution can't be used with Bring Your Own License (BYOL) Windows instances. To use your own license, see Microsoft Licensing on AWS.

1.    Open the AWS Systems Manager console. Be sure to select the same Region as the EC2 Windows instance that requires Windows activation.

2.    Choose Automation from the navigation pane, and then choose Execute automation.

3.    In the search field, enter AWSSupport-ActivateWindowsWithAmazonLicense. Select the Automation document, and then choose Next.

4.    For Execute automation document, choose Simple execution.

5.    For Input parameters, turn on Show interactive instance picker.

6.    Choose your EC2 instance.

Note: If you don't see your instance in the list, the instance isn't enabled for Systems Manager. Review the prerequisites for using Systems Manager to manage your Amazon EC2 instances.

If you don't want to enable Systems Manager, or if the instance is not available in Input parameters, turn off Show interactive instance picker. For InstanceID, enter the ID for your impaired instance. For AllowOffline, choose True.

Important: If you set AllowOffline to True, your instance will stop and restart. Data in instance store volumes will be lost. The public IP address changes if you aren’t using an Elastic IP address.

7.    Choose Execute.

8.    To monitor the execution progress, open the Systems Manger console, and then choose Automation from the navigation pane. Choose the running automation, and then review the Executed steps. To view the automation output, expand Outputs.

Activate Windows manually

1.    Update EC2Config, or run the EC2Launch initialization script.

For Windows Server 2012 R2 and earlier: Update EC2Config, and then restart the instance.

For Windows Server 2016 and later: Run the following command to set the correct route to the AWS KMS server:

PS C:>Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"
PS C:>Add-Routes
PS C:>Set-ActivationSettings
PS C:>slmgr /ato

If Windows still isn't activated, proceed with step 2.

2.    AWS KMS runs on port 1688 as TCP traffic. Be sure to add an exception to allow AWS KMS traffic on any firewall or security software that controls outbound connections from your instance.

3.    Set your Windows AWS KMS setup key. First, identify the correct KMS client setup key for your operating system version. Then, run the following command as administrator:

slmgr.vbs /ipk <KMSSetupKey>

4.    Set your Windows AWS KMS machine IP address. Instances that originate from a VM import or an older EC2-Classic instance might not have the correct IP addresses for the AWS KMS servers. Run the following command as administrator:

slmgr.vbs /skms 169.254.169.250:1688

5.    To activate Windows, run the following command as administrator:

slmgr /ato

Did this article help you?

Anything we could improve?


Need more help?