AWS Troubleshooting – Remote access to instance is not working.

Brief:

We recently added some restrictions to remote access the server, so we tried to change the default remote desktop port to a different one through “Regedit” but forgot to add the exception in windows firewall, in doing so we lost remote access to the instance.

This post will explain the methods to get the remote access back.

How It Works:

To resolve the issue, we can revert the changes back to default (remote desktop port) in multiple ways. 

Please Note: Before proceeding with the troubleshooting steps below, I would strongly recommend that you create an AMI of the instance or take a snapshot of the root volume since we will be modifying root volume.

Method 1 (Without taking the instance offline):

1. Create a temporary instance with an OS of either same or higher version. You may use t2.micro free tier for temporary instance.

2. Edit security group of impaired instance and allow traffic to TCP ports 135 and 445 temporarily.

3. Download PsTools on temporary instance –
 https://technet.microsoft.com/enus/sysinternals/pstools.aspx.

4. Enable the remote registry using psservice.exe. To do so, you will need the admin password for the impaired instance. Once you obtain the administrator password for the impaired instance, run the command below through the temporary instance - psservice.exe \\ImpairedInstanceIPAddress -u Administrator -p "Password" start remoteregistry. You should get a message informing the status of the remoteregistry service. If you get a message that an instance of remoteregistry is already running, please proceed to step 9.

If you get any error, please raise a ticket with amazon.

5. Open regedit on the temporary instance.

6. In the registry editor, go to File > Connect Network registry.

7. For the object name, enter \\ImpairedInstanceIP and click ok.

8. Enter administrator username and password and click ok.

9. You should now see the remote registry populated in the registry editor. You should be able to revert the changes back.

10. Once changes are reverted, please try to login now.

Method 2 (Take instance offline):

1.  Create a temporary instance with an OS of either same or higher version. You may use t2.micro free tier for temporary instance.

2.  Shut down the impaired instance and detach the root volume.

3.  Attach root volume of the impaired instance as a secondary volume to the temporary instance.

4.  Open diskmgmt.msc and ensure that secondary disk is online.

5.  Open regedit on the temporary instance and select "HKEY_LOCAL_MACHINE".

6.  Click on File and select "Load Hive" and open the system registry hive of the impaired instance by browsing to <secondaryDrive>:\Windows\System32\Config\System.

7.  On the key name, please enter 00System. You should see registry hive being loaded from impaired instance.

8.  Please roll back the RDP default port to the 3389 and close registry editor.

9.  Please bring secondary disk offline and detach secondary disk from temporary instance.

10. Please attach the root volume back to the impaired instance and start the instance. Please try to login now.

Podcast

Michael Patterson sat down with the CEO of Boston Byte, Mustapha Shaikh to discuss the significance and rapid digitization of the healthcar...