AWS Diagnostics for Windows Server - Beta
AWS Diagnostics for Windows Server is a easy-to-use tool that you run on an Amazon EC2 Windows Server instance to diagnose and troubleshoot possible problems. It is valuable not just for collecting log files and troubleshooting issues, but also proactively searching for possible areas of concern. For example, this tool can diagnose configuration issues between the Windows Firewall and the AWS security groups that might affect your applications. It can even examine EBS boot volumes from other instances and collect relevant logs for troubleshooting Windows Server instances using that volume.
One use for AWS Diagnostics for Windows Server is diagnosing problems with Key Management Service (KMS) activations. KMS activation can fail if you have changed the DNS server, added instances to a domain, or if the server time is out of sync. In this case, instead of trying to examine your configuration settings manually and debugging the issue, run the AWS Diagnostics for Windows Server tool to give you the information you need about possible issues.
The tool can also find differences between the rules in an security group and the Windows Firewall. If you provide your AWS user credentials to describe your security groups, the AWS Diagnostics for Windows Server tool is able verify whether the ports listed in a security group are allowed through the Windows Firewall. You eliminate the need to look at firewall rules manually and verify them against the security group rules.
The AWS Diagnostics for Windows Server tool is free and can be downloaded and installed from AWS Diagnostics for Windows Server - Beta.
AWS Diagnostics for Windows Server has two different modules: a data collector module that collects data from all different sources, and an analyzer module that parses the data collected against a series of predefined rules to identify issues and provide suggestions.
The AWS Diagnostics for Windows Server tool only runs on Windows Server running on an EC2
instance. When the tool starts, it checks whether it is running on an EC2 instance. If the check
fails, the tool displays the
EC2InstanceCheckFailed error message.
AWS Diagnostics for Windows Server provides the following analysis rules:
Check for activation status and KMS settings
Check for proper route table entries for metadata and KMS access
Compare security group rules with Windows Firewall rules
Check the version of the PV driver (RedHat or Citrix)
Check whether the
RealTimeIsUniversalregistry key is set
Check the default gateway settings if using multiple NICs
Bug check code in mini dump files
Even if the analyzer doesn't report any problems, the data collected by the tool might still be useful. You can view the data files created by the tool to look for problems or provide these files to AWS Support to help resolve a support case.
Analyzing the Current Instance
To analyze the current instance, run the AWS Diagnostics for Windows Server tool and select Current Instance for the type of instance. In the Data to Collect section of the main window, specify the data that AWS Diagnostics for Windows Server collects.
|Drivers Installed||Collects information about all drivers installed on the instance.|
|Windows Clock Information||Collects current time and time zone information for the instance.|
|Event Log Information||Collects critical, error, and warning messages from the event logs.|
|Services||Collects information about the services that are installed on the instance.|
|Instance Information||Collects information from the instance metadata and local environment variables.|
|Updates Installed||Collects information about the updates that are installed on the instance.|
|Firewall Data Collector||Collects information about the Windows Firewall settings.|
|EC2 Security Group Rules||Collects information about the rules in the Amazon EC2 security groups associated with the instance.|
|Network Information||Collects route table and IP address information for the instance.|
|KMS Settings||Collects Key Management Service settings.|
|Memory Dump Files||Collects any memory dump files that exist on the instance.|
|EC2Config Service Logs||Collects log files generated by the EC2Config service.|
Collecting Data From an Offline Instance
The Offline Instance option is useful when you want to debug a problem with a Windows instance that is either unable to boot up or is preventing you from running the AWS Diagnostics for Windows Server tool on it. In this case, you can detach the EBS boot volume from that instance and attach it to another Windows instance.
To collect data from an offline instance
Stop the faulty instance, if it is not stopped already.
Detach the EBS boot volume from the faulty instance.
Attach the EBS boot volume to another working Windows instance that has AWS Diagnostics for Windows Server installed on it
Mount the volume in the working instance, assigning it a drive letter (for example,
Run the AWS Diagnostics for Windows Server tool on the working instance and select Offline Instance.
Choose the drive letter of the newly mounted volume (for example,
The AWS Diagnostics for Windows Server tool scans the volume and collects troubleshooting information based on the log files that are on the volume. For offline instances, the data collected is a fixed set, and no analysis of the data is performed.
Data File Storage
By default, the AWS Diagnostics for Windows Server tool places its data files in the
directory from which you launch the tool. You can choose where to save the data files that are
collected by the AWS Diagnostics for Windows Server tool. Within the chosen directory, the tool
creates a directory named
DataCollected. Each time it runs, the tool also
creates a separate directory with the current date and time stamp. Each data collection module
produces an XML file that contains information for that data set. Finally, the tool creates a
ZIP file archive containing copies of all of the data files generated. You can provide this
archive to an AWS support engineer if needed.