Disable NIC via RDP on AWS EC2 instance - amazon-web-services

I've made a mistake - disabled a NIC on a AWS EC2 instance. Currently I'm trying to get access to it. Google search gave me 3 possible solutions:
Create VPC and add a NIC for it - that didn't work for me. Actually I couldn't access to it even from another machine inside the VPC.
Detach the volume and attach to other instance. Load a registry hive and try to enable NIC via registry settings - that also didn't work for me. It seems there are about 100 keys that should be changed (created 2 registry snapshot and compare them) - it's not worth a try.
Detach the volume and attach to other instance. Load a registry hive and try to set AutoAdminLogon. And add a script
netsh interface set interface "Local Area Connection 2" enabled
to HKLM/.../RunOnce folder.
This third solution doesn't work for me because AutoLogon doesn't work for some reason. I'm sure AutoLogon doesn't work because in the other case the key from RunOnce folder will be removed. But it's still there!
I've create a new intance (let it be Instance0), go to register and set 3 keys: AutoAdminLogon, DefaultUserName and DefaultPassword.
Add a key with "netsh ..." to RunOnce folder. Disable NIC, restart the instance and ... it worked!
Then I disable NIC on this intance. Create a new intance - Instance1. Attach the volume from Instance0. Load "%Instance0-Windows%\System32\config\SOFTWARE" hive (It's HKLM/Software). Make the same operations as I did, attach the volume to Instace0, start it and ... it doesn't work!
My guess is that there are some differences between setting keys for your local machine and settings key using load hive for registry of not the local machine.
Can anyone help me in this problem? The question is not "Why does auto logon not work?" The question is "How to get access to the Instance0?" It seems for me that getting an access via autoLogon would be very easy if autoLogon works. If anyone knows a different method, that would be really appreciated.

it's easy, just allocate a new NIC in the same advisability zone on the ES2 instance, then attached the new NIC to the instance and allocate new Elastic IP and associate it to the new NIC, then use remote login to log into the EC2 instance using the new Elastic IP.
after login to the ES2 instance you have the choice to reconnect the old local area connection or stay on the new local area connection, best practice is to reconnect the old one because it increase the bandwidth available to your instance.
and have a nice day :)

Easy way is to make an AMI from that instance.
Then fire up the AMI with User Data Code (Powershell script) to enable the NIC
Amazon Elastic Compute Cloud -> User Data
Enabling and Disabling Network Adapters with PowerShell

If anyone else needs this in future this is how i resolved my issue.
Added a new network interface via the console.
attached an elastic IP to the new nic
connected via RDP to the new elastic IP
removed the new nic and reverted back to the original one.
disconnected via RDP
reconnected on the original and it worked.

Related

New EC2 not connecting to RDS

I lost my PEM and had to create a new EC2. I duplicated it with "make same". I then tried to connect to the RDS database and it gives me cannot connect with user#. now, the IP address of the server has changed, but it is in the same security group, so shouldn't matter.
I changed the user to be from anywhere % and flushed privileges. I even rebooted the DB. I've tried messing with the security stuff, but everything is as it should be, the same as it was before hand when it was working on the previous server.
either something was not "duplicated" when the EC2 was duplicated or there is something somewhere I have to change because the IP of the EC2 changed.
if they are in the same security group, this shouldn't be an issue however.
any help is appreciated. as I can no longer connect to the DB with the app.
the EC2 is linux running a docker container for node.
I can still connect to the RDS via local machine.
So i still don't know what the issue was, but I was able to get around it by creating a new user. I'm thinking that the host wasn't actually changing when I was changing it in RDS - even with a reboot.
If somebody comes across this same issue, try creating a new MySQL user.

Unable to ssh to instance after changing port

I have a running EC2 instance on which one of the database having transactional records stored through the application running on the same instance. I've change the port due to some security reasons but after changing port I'm unable to SSH to the instance.
My security group and NACL both having old as well as new port configured in it.
I've tried to SSH several times but it gives error Network Error: Connection timeout.
I'm scared about to data lost if this instance gets stopped. Need help!
You can login to instance without losing data with the help of 'session manager' option under the "System Manager". You will need to complete certain per-requisites of the session manager as follows given in the Amazon docs for Systems Manager Prerequisites
After completing the per-requisites assign the IAM role to the EC2 instance created for SSM.
Into the AWS console, search for the session manager option under the System manager and your instance ID will get listed over there.
Select the instance and choose for the Start session, you will get the shell console of your instance.
Revert the changes made in /etc/ssh/sshd_config for the port and try to SSH again.

With AWS I removed elastic IP and can no longer access the instance

I have a load balancer and EC2 instance with AWS. I had problems with e-mail restrictions and was recommended to use an elastic IP. I then read somethere that you can't use elastic IP and a load balancer so I removed the elastic IP. I can no longer access my instance even when I've rebooted it and waiting 2 hours later. I can ping it (after enabling ICMP with network security) but I can't SSH or go to the web server. All the network settings remain, which included allowing TCP ports for HTTP and SSH. Does anyone know what has happened to make port 80 and 23 no longer accessible? This is a real nightmare for me because I did a bit of a marketing campaign, got increased traffic, noticed emails weren't getting sent, then in an attempt to fix that I've screwed the server completely so the website is down at the worst possible time :(
I fixed it all up. This isn't a direct solution to the problem, more like a workaround. I couldn't connect to that server no matter what, so I created a new instance and that worked. It was as if the Linux server itself was corrupt, not the AWS settings. I detached the volume from the old instance and attached it as a secondary volume on the new instance. When I logged into the new instance I was able to mount the secondary volume as a new drive and I just copied the files over that way. I don't have a bloated server so this wasn't really a big deal to pull off. Anyway, if you can't log in to a server anymore, you can always mount it to a new instance and access it via the file-system

Accessing an Amazon RDS MySQL instance from an IronWorker instance

We're using IronWorkers from http://www.iron.io/ to do some heavy image and PDF processing.
I want to connect an IronWorker instance to a RDS MySQL database on our Amazon AWS account, so that the our code running on the IronWorker can directly make chances in this database.
I'm not too sure how to go about this, as we have a few technical issues to work around.
My understanding is that IronWorkers that get launched won't be in the RDS instance's security group, and would be blocked from accessing our RDS MySQL instance. It won't be possible to create a security group, by creating an CIDR/IP entry either, since we don't know what the IP address for the launched server is going to be.
Another approach would be to somehow get the .pem file on the launched instance, and configure the MySQL connection to use a PEM file through SSH, but I'm not too convinced that it's the most secure way to go about achieving a connection.
Does anyone know of any means a direct connection can be made from an IronWorker instance to a MySQL RDS instance?
There's a tricky way to get around this by finding the internal IP of your RDS instance then using that instead of the dns entry AWS gives you, example:
$ ping myserverabcdefg.us-east-1.rds.amazonaws.com
PING ec2-X-XX-XXX-X.compute-1.amazonaws.com (10.111.222.33) 56(84) bytes of data.
Then add a dns entry using that internal host and and use the new dns entry in your workers.
Let us know how that works.

Unable to RDP to EC2 instance

I created a VM using Hyper-V on my local machine which I can RDP onto fine. I exported the VHDX to VHD and then uploaded it to AWS via the API.
This created a new EC2 instance for me but I cannot connect to it as it has no security keypair associated.
Thus I created a private AMI from the instance and re-instantiated a new EC2 instance from this AMI, setting the keypair in the process to ensure HTTP, RDP etc are permitted. The EC2 instance is running, but when I download teh RDP shortcut if fails to connect. I've tried rebooting the instance several times (as this was one of the suggested solutions on here when I searched) but it hasn't helped.
I also cannot ping any of these instances via the public DNS or private DNS.
Any idea what I'm doing wrong? I'm not even getting as far as the password prompt, its the connectivity is the problem.
Thanks
I had a similar problem - this is the tip from the AWS documentation that helped me solve it:
Verify that the route table for the subnet has a route that sends all traffic
destined outside the VPC (0.0.0.0/0) to the Internet gateway for the VPC
Additional debugging tips for this problem can be found here: Remote Desktop can't connect to the remote computer
The problem is probably the security group configuration attached to the instance. Make sure you have inbound TCP port 3389 permitted to be able to connect via RDP.
in username type:
.\Administrator
....and your decrypted password
See, this is local user. but you dont know real local hostname, that different from public DNS name.
Was helpful for me, hope for you too.
My guess for the reason you aren't getting anywhere has to do with the host certificates.
Be mindful that each computer connecting to the server via RDP needs to have an IAM user in AWS with an X.509 certificate uploaded to their account.
When importing or creating a windows AMI it is best to install and configure the EC2Config service.
The EC2 Config service does the following when you launch the instance:
At initial setup:
Sets the hostname to the private DNS name
Generates and sets a random password on the Administrator account
Initializes and formats the ephemeral disks
Generates and installs the host certificate used for Terminal
Services
Syncs the instance clock with a time server
After initial setup:
Writes the last three entries in the System event log to the Amazon
EC2 console so you can debug startup problems.
Prepares instances for bundling
Also, by default, security groups do not allow you to ping the instances. You must enable ICMP in the security group.
Hope that helps.
EDIT: Here is the link to the 64bit version of the EC2Config Installer
I also had the same problem. This is what I got from EC2.
Public DNS ec2-23-22-109-251.compute-1.amazonaws.com
User name Administrator
Password MyPassword
On the remote desktop, enter the domain and user name as
ec2-23-22-109-251\Administrator
If you paste the password is may not work, try to paste it but reenter the last 1 or 2 characters. Once you get the security certificate prompt accept/install it and your connection should open soon.
This is what worked for me:
Use your cell phone as a "hot spot" - which gives you a static IP address. That worked. Now, I'll need to contact my Internet provider to assign a static IP to my wireless router. Currently, it is spitting out DHCP IP addresses.
UPDATE:
12.7.2016
You need to go to the Security Group, select the Instance, then EDIT the RDP. If you click "MyIP" that should work for those of us working from home. If you are onsite, you may need to put in a custom CIDR.
After rebooting an EC2 instance, I found that I needed to reassociate the Elastic IP address associated with the instance. You click the button below then select the instance and private instance IP address when prompted.
RDP access worked after this step.
After patching Windows 2019 on my server, I couldn't access the instance anymore despite all my working settings didn't change. I used EC2Rescue to fix my issue
Please refer to the link below for details on how to use it: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshoot-connect-windows-instance.html#AWSSupport-ExecuteEC2Rescue