Need help?

Our experts have had an average response time of 13.52 minutes in October 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Can’t connect to EC2 Windows instance launched from custom AMI

by | Sep 1, 2021

Stuck with ‘ can’t connect to EC2 Windows instance launched from custom AMI‘? We can help you with this!

As a part of our AWS Support Services, we often receive similar requests from our AWS customers.

Today, let’s see the steps followed by our Support Techs to help our customers to fix the connectivity issue with the EC2 Windows instance.


Can’t connect to EC2 Windows instance launched from custom AMI


For Amazon EC2 Windows instances launched from a public AMI, one of the following will automatically generate the default Administrator account password:

  • EC2Config service – Windows Server 2012 R2 and before.
  • EC2Launch service – Windows Server 2016 and after.

It is always better to change the default account password to a new password.

Here the instance launched from custom AMIs takes the Administrator password from the source instance. If we change the default password for the Administrator account in the source instance, then the new instance takes the same password.

If we didn’t configure EC2Launch or EC2Config to generate a new password on the next instance boot, decrypting the password using a key pair file is not possible.

We are able to retrieve access to the new instance by resetting the password. But if we launch any other instance from the same AMI will also experience the same issue. So we need to do some initialization tasks from EC2Launch or EC2Config to enable auto-generated passwords for avoiding this issue.

  1. Firstly, log in to the AWS Management console and then open the Amazon EC2 console.

2. Then using RDP, we need to connect to the original Windows EC2 instance.

3. We have to do the following from the Windows Start option:

For Windows Server 2016 or after, we need to open EC2 Launch Settings.

For Windows Server 2012 R2 and before, we need to open EC2ConfigService Settings, and then select the Image tab.

4. Select Random for Administartor Password.

5. Then select Shutdown without Sysprep *.

6. Now Select Yes.

7. Now open the Amazon EC2 console and then select Instances.

8. Select the instance after the status changes to stopped.

9. Then select Actions, Image, Create image.

10. Enter a name for image name and then click Create image.

Now all the Amazon EC2 instances launched from this AMI will be able to decrypt passwords using a key pair.

Also note that Shutting down with Sysprep standardizes our AMI by removing unique information such as for instance security identifiers (SID), computer name, and drivers. This allows us to launch multiple copies of our instances.

Important points to be noted:


  • The data will be lost while stoping the instance if our instance is instance store-backed or has instance store volumes containing data. So make sure to back up any data that want to keep on the instance store volume.
  • Also, note that stopping and restarting the instance changes the public IP address of the instance. So it is always better to use an Elastic IP address instead of a public IP address when routing external traffic to the instance.
  • If the instance is part of an Amazon EC2 Auto Scaling group then stopping the instance could terminate the instance. Also, if the instance is launched by services that use AWS Auto Scaling, such as Amazon EMR, AWS CloudFormation, etc., then stopping the instance could lead to its termination. In these cases, the instance termination depends on the instance scale-in protection settings for the Auto Scaling group. So If the instance is a part of an Auto Scaling group, remove the instance temporarily from the Auto Scaling group first. Then we can proceed with the recovery.

[Need help with more AWS queries? We’d be happy to assist]


To conclude, today we discussed the steps followed by our Support Engineers to help our customers to fix the ‘can’t connect to EC2 Windows instance launched from custom AMI’ issue.


Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.



Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center


Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]


Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid


Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie


These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.