Unable to start Remote Desktop service
Troubleshoot connecting to your Windows instanceThe following are possible problems you may have and error messages you may see while trying to connect to your Windows instance. Show
Contents
Remote Desktop can't connect to the remote computerTry the following to resolve issues related to connecting to your instance:
Error using the macOS RDP clientIf you are connecting to a Windows Server 2012 R2 instance using the Remote Desktop Connection client from the Microsoft website, you may get the following error: Remote Desktop Connection cannot verify the identity of the computer that you want to connect to.Download the Microsoft Remote Desktop app from the Mac App Store and use the app to connect to your instance. RDP displays a black screen instead of the desktopTry the following to resolve this issue:
Unable to remotely log on to an instance with a user account that is not an administratorIf you are not able to remotely log on to a Windows instance with a user account that is not an administrator account, ensure that you have granted the user the right to log on locally. See Grant a user or group the right to log on locally to the domain controllers in the domain. Troubleshooting Remote Desktop issues using AWS Systems ManagerYou can use AWS Systems Manager to troubleshoot issues connecting to your Windows instance using RDP. AWSSupport-TroubleshootRDPThe AWSSupport-TroubleshootRDP automation document allows the user to check or modify common settings on the target instance that can impact Remote Desktop Protocol (RDP) connections, such as the RDP Port, Network Layer Authentication (NLA), and Windows Firewall profiles. By default, the document reads and outputs the values of these settings. The AWSSupport-TroubleshootRDP automation document can be used with EC2 instances, on-premises instances, and virtual machines (VMs) that are enabled for use with AWS Systems Manager (managed instances). In addition, it can also be used with EC2 instances for Windows Server that are not enabled for use with Systems Manager. For information about enabling instances for use with AWS Systems Manager, see AWS Systems Manager Managed Instances in the AWS Systems Manager User Guide. To troubleshoot using the AWSSupport-TroubleshootRDP document
AWSSupport-TroubleshootRDP examplesThe following examples show you how to accomplish common troubleshooting tasks using AWSSupport-TroubleshootRDP. You can use either the example AWS CLI start-automation-execution command or the provided link to the AWS Management Console. Example: Check the current RDP status AWS CLI: aws ssm start-automation-execution --document-name "AWSSupport-TroubleshootRDP" --parameters "InstanceId=instance_id" --region region_code AWS Systems Manager console: https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-TroubleshootRDP?region=region#documentVersion=$LATEST Example: Disable the Windows Firewall AWS CLI: aws ssm start-automation-execution --document-name "AWSSupport-TroubleshootRDP" --parameters "InstanceId=instance_id,Firewall=Disable" --region region_code AWS Systems Manager console: https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-TroubleshootRDP?region=region_code#documentVersion=$LATEST&Firewall=Disable Example: Disable Network Level Authentication AWS CLI: aws ssm start-automation-execution --document-name "AWSSupport-TroubleshootRDP" --parameters "InstanceId=instance_id,NLASettingAction=Disable" --region region_code AWS Systems Manager console: https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-TroubleshootRDP?region=region_code#documentVersion Example: Set RDP Service Startup Type to Automatic and start the RDP service AWS CLI: aws ssm start-automation-execution --document-name "AWSSupport-TroubleshootRDP" --parameters "InstanceId=instance_id,RDPServiceStartupType=Auto, RDPServiceAction=Start" --region region_code AWS Systems Manager console: https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-TroubleshootRDP?region=region_code#documentVersion=$LATEST&RDPServiceStartupType=Auto&RDPServiceAction=Start Example: Restore the default RDP Port (3389) AWS CLI: aws ssm start-automation-execution --document-name "AWSSupport-TroubleshootRDP" --parameters "InstanceId=instance_id,RDPPortAction=Modify" --region region_code AWS Systems Manager console: https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-TroubleshootRDP?region=region_code#documentVersion=$LATEST&RDPPortAction=Modify Example: Allow remote connections AWS CLI: aws ssm start-automation-execution --document-name "AWSSupport-TroubleshootRDP" --parameters "InstanceId=instance_id,RemoteConnections=Enable" --region region_code AWS Systems Manager console: https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-TroubleshootRDP?region=region_code#documentVersion=$LATEST&RemoteConnections=Enable AWSSupport-ExecuteEC2RescueThe AWSSupport-ExecuteEC2Rescue automation document uses Use EC2Rescue for Windows Server to automatically troubleshoot and restore EC2 instance connectivity and RDP issues. For more information, see Run the EC2Rescue Tool on Unreachable Instances. The AWSSupport-ExecuteEC2Rescue automation document requires a stop and restart of the instance. Systems Manager Automation stops the instance and creates an Amazon Machine Image (AMI). Data stored in instance store volumes is lost. The public IP address changes if you are not using an Elastic IP address. For more information, see Run the EC2Rescue Tool on Unreachable Instances in the AWS Systems Manager User Guide. To troubleshoot using the AWSSupport-ExecuteEC2Rescue document
Enable Remote Desktop on an EC2 Instance With Remote RegistryIf your unreachable instance is not managed by AWS Systems Manager Session Manager, then you can use remote registry to enable Remote Desktop.
|