Menu
Amazon Elastic Compute Cloud
User Guide for Windows Instances

Using EC2Rescue for Windows Server with the Command Line

The EC2Rescue for Windows Server command line interface (CLI) allows you to run an EC2Rescue for Windows Server plugin (referred as an "action") programmatically.

The EC2Rescue for Windows Server tool has two execution modes:

  • /online—This allows you to take action on the instance that EC2Rescue for Windows Server is installed on, such as collect log files.

  • /offline:<device_id>—This allows you to take action on the offline root volume that is attached to a separate Amazon EC2 Windows instance, on which you have installed EC2Rescue for Windows Server.

Download the EC2Rescue for Windows Server tool to your Windows instance and extract the files. You can view the help file with the following command:

Copy
EC2RescueCmd.exe /help

EC2Rescue for Windows Server can perform the following actions on an Amazon EC2 Windows instance:

Collect Action

EC2Rescue for Windows Server is able to collect the following data from active and offline instances. You can collect all logs, an entire log group, or an individual log within a group.

Log Group Available Logs Description
all Collects all available logs.
system-info 'MSInfo32 Output' Collects MSInfo32.
eventlog
  • 'Application'

  • 'System'

  • 'EC2ConfigService'

Collects application, system, and EC2Config event logs.
memory-dump
  • 'Memory Dump File'

  • 'Mini Dump Files'

Collects any memory dump files that exist on the instance.
ec2config
  • 'Log Files'

  • 'Configuration Files'

Collects log files generated by the EC2Config service.
ec2launch
  • 'Logs'

  • 'Config'

Collects log files generated by the EC2Launch scripts.
ssm-agent 'Log Files' Collects log files generated by the SSM agent.
sysprep 'Log Files' Collects log files generated by the Windows System Preparation tool.
driver-setup
  • 'SetupAPI Log Files'

  • 'DPInst Log File'

  • 'AWS PV Setup Log File'

Collects Windows SetupAPI logs (setupapi.dev.log and setupapi.setup.log).
registry
  • 'SYSTEM'

  • 'SOFTWARE'

  • 'BCD'

Collects SYSTEM and SOFTWARE hives.
gpresult 'GPResult Output'

Collects a Group Policy report.

egpu
  • 'Event Log'

  • 'System Files'

Collects event logs related to elastic GPUs.
boot-config 'BCDEDIT Output' Collects HKEY_LOCAL_MACHINE\BCD00000000 hive.
windows-update 'Log Files' Collects information about the updates that are installed on the instance.

Note

Windows Update logs are not captured on Windows Server 2016 instances.

The following are the available options:

  • /output:<outputFilePath> ‐ Required destination file path location to save collected log files in zip format.

  • /no-offline ‐ Optional attribute used in offline mode. Does not set the volume offline after completing the action.

  • /no-fix-signature ‐ Optional attribute used in offline mode. Does not fix a possible disk signature collision after completing the action.

Examples

The following are examples using the EC2Rescue for Windows Server CLI.

Online Mode Examples

Collect all available logs:

Copy
EC2RescueCmd /accepteula /online /collect:all /output:<outputFilePath>

Collect only a specific log group:

Copy
EC2RescueCmd /accepteula /online /collect:ec2config /output:<outputFilePath>

Collect individual logs within a log group:

Copy
EC2RescueCmd /accepteula /online /collect:'ec2config.Log Files,driver-setup.SetupAPI Log Files' /output:<outputFilePath>

Offline Mode Examples

Collect all available logs from an EBS volume. The volume is specified by the device_id value.

Copy
EC2RescueCmd /accepteula /offline:xvdf /collect:all /output:<outputFilePath>

Collect only a specific log group:

Copy
EC2RescueCmd /accepteula /offline:xvdf /collect:ec2config /output:<outputFilePath>

Rescue Action

EC2Rescue for Windows Server is able to attempt to detect and modify and the following service settings to attempt to fix possible issues:

Service Group

Available Actions

Description

all
system-time 'RealTimeIsUniversal' System Time
  • RealTimeisUniversal ‐ Detects whether the RealTimeisUniversal registry key is enabled. If disabled, Windows system time drifts when the timezone is set to a value other than UTC.

firewall
  • 'Domain networks'

  • 'Private networks'

  • 'Guest or public networks'

Windows Firewall

  • Domain networks ‐ Detects whether this Windows Firewall profile is enabled or disabled.

  • Private networks ‐ Detects whether this Windows Firewall profile is enabled or disabled.

  • Guest or public networks ‐ Detects whether this Windows Firewall profile is enabled or disabled.

rdp
  • 'Service Start'

  • 'Remote Desktop Connections'

  • 'TCP Port'

Remote Desktop

  • Service Start ‐ Detects whether the Remote Desktop service is enabled.

  • Remote Desktop Connections ‐ Detects whether this is enabled.

  • TCP Port ‐ Detects which port the Remote Desktop service is listening on.

ec2config
  • 'Service Start'

  • 'Ec2SetPassword'

  • 'Ec2HandleUserData'

EC2Config

  • Service Start ‐ Detects whether the EC2Config service is enabled.

  • Ec2SetPassword ‐ Generates a new administrator password.

  • Ec2HandleUserData ‐ Allows you to execute a user data script on the next boot of the instance.

ec2launch 'Reset Administrator Password' Generates a new Windows administrator password.
network 'DHCP Service Startup'

Network Interface

  • DHCP Service Startup ‐ Detects whether the DHCP service is enabled.

The following are the available options:

  • /level:<level> ‐ Optional attribute for the check level that the action should trigger. Allowed values are: information, warning, error, all. By default, it is set to error.

  • /check-only ‐ Optional attribute that generates a report but makes no modifications to the offline volume.

  • /no-offline ‐ Optional attribute that prevents the volume from being set offline after completing the action.

  • /no-fix-signature ‐ Optional attribute that does not fix a possible disk signature collision after completing the action.

Rescue Examples

The following are examples using the EC2Rescue for Windows Server CLI. The volume is specified using the device_id value.

Attempt to fix all identified issues on a volume:

Copy
EC2RescueCmd /accepteula /offline:xvdf /rescue:all

Attempt to fix all issues within a service group on a volume:

Copy
EC2RescueCmd /accepteula /offline:xvdf /rescue:firewall

Attempt to fix a specific item within a service group on a volume:

Copy
EC2RescueCmd /accepteula /offline:xvdf /rescue:rdp.'Service Start'

Specify multiple issues to attempt to fix on a volume:

Copy
EC2RescueCmd /accepteula /offline:xvdf /rescue:'system-time.RealTimeIsUniversal,ec2config.Service Start'

Restore Action

EC2Rescue for Windows Server is able to detect and modify the following service settings to attempt to fix possible issues:

Service Group

Available Actions

Description

Restore Last Known Good Configuration

lkgc Last Known Good Configuration ‐ Attempts to boot the instance into the last known bootable state.
Restore Windows registry from latest backup regback Restore registry from backup ‐ Restores the registry from \Windows\System32\config\RegBack.

The following are the available options:

  • /no-offline—Optional attribute that prevents the volume from being set offline after completing the action.

  • /no-fix-signature—Optional attribute that does not fix a possible disk signature collision after completing the action.

Restore Examples

The following are examples using the EC2Rescue for Windows Server CLI. The volume is specified using the device_id value.

Restore last known good configuration on a volume:

Copy
EC2RescueCmd /accepteula /offline:xvdf /restore:lkgc

Restore the last Windows registry backup on a volume:

Copy
EC2RescueCmd /accepteula /offline:xvdf /restore:regback