Use SAC to troubleshoot your Windows instance - Amazon Elastic Compute Cloud

Use SAC to troubleshoot your Windows instance

The Special Admin Console (SAC) capability of Windows provides a way to troubleshoot a Windows instance. By connecting to the instance's serial console and using SAC, you can interrupt the boot process and boot Windows in safe mode.

Before you can use SAC, make sure you have completed the prerequisites, which include granting access to the serial console and enabling SAC and the boot menu.

Note

If you enable SAC on an instance, the EC2 services that rely on password retrieval will not work from the Amazon EC2 console. Windows on Amazon EC2 launch agents (EC2Config, EC2Launch v1, and EC2Launch v2) rely on the serial console to execute various tasks. These tasks do not perform successfully when you enable SAC on an instance. For more information about Windows on Amazon EC2 launch agents, see Configure your Windows instance. If you enable SAC, you can disable it later. For more information, see Disable SAC and the boot menu.

Use SAC

To use SAC
  1. Connect to the serial console.

    If SAC is enabled on the instance, the serial console displays the SAC> prompt.

    
                SAC prompt displayed in the serial console.
  2. To display the SAC commands, enter ?, and then press Enter.

    Expected output

    
                Enter a question mark to display the SAC commands.
  3. To create a command prompt channel (such as cmd0001 or cmd0002), enter cmd, and then press Enter.

  4. To view the command prompt channel, press ESC, and then press TAB.

    Expected output

    
                The command prompt channel.
  5. To switch channels, press ESC+TAB+channel number together. For example, to switch to the cmd0002 channel (if it has been created), press ESC+TAB+2.

  6. Enter the credentials required by the command prompt channel.

    
          The command prompt requiring credentials.

    The command prompt is the same full-featured command shell that you get on a desktop, but with the exception that it does not allow the reading of characters that were already output.

    A full-featured command shell.

PowerShell can also be used from the command prompt.

Note that you might need to set the progress preference to silent mode.

PowerShell within the command prompt.

Use the boot menu

If the instance has the boot menu enabled and is restarted after connecting via SSH, you should see the boot menu, as follows.


            Boot menu in the command prompt.

Boot menu commands

ENTER

Starts the selected entry of the operating system.

TAB

Switches to the Tools menu.

ESC

Cancels and restarts the instance.

ESC followed by 8

Equivalent to pressing F8. Shows advanced options for the selected item.

ESC key + left arrow

Goes back to the initial boot menu.

Note

The ESC key alone does not take you back to the main menu because Windows is waiting to see if an escape sequence is in progress.

Advanced boot options.

Disable SAC and the boot menu

If you enable SAC and the boot menu, you can disable these features later.

Use one of the following methods to disable SAC and the boot menu on an instance.

PowerShell
To disable SAC and the boot menu on a Windows instance
  1. Connect to your instance and perform the following steps from an elevated PowerShell command line.

  2. First disable the boot menu by changing the value to no.

    bcdedit /set '{bootmgr}' displaybootmenu no
  3. Then disable SAC by changing the value to off.

    bcdedit /ems '{current}' off
  4. Apply the updated configuration by rebooting the instance.

    shutdown -r -t 0
Command prompt
To disable SAC and the boot menu on a Windows instance
  1. Connect to your instance and perform the following steps from the command prompt.

  2. First disable the boot menu by changing the value to no.

    bcdedit /set {bootmgr} displaybootmenu no
  3. Then disable SAC by changing the value to off.

    bcdedit /ems {current} off
  4. Apply the updated configuration by rebooting the instance.

    shutdown -r -t 0