Connect from Computer to Microsoft Windows Server 2025 Instance

Connecting to Your Microsoft Windows Server 2025 Instance

ℹ️ Information: In this section, you’ll learn how to connect to your Windows Server 2025 instance using Remote Desktop Protocol (RDP). This process involves retrieving the administrator password using your key pair and establishing a secure connection.

Step 1: Access the Connection Options

  1. In the EC2 console:

    • Select Instances from the navigation pane
    • Select your Windows-instance
    • Click the Connect button

    Instance Connect Step 1

Step 2: Prepare the RDP Connection

  1. In the Connect to Instance interface:

    • Select the RDP Client tab
    • Click Download Remote Desktop File to save the .rdp file to your computer
    • Click Get Password to retrieve the administrator credentials

    Instance Connect Step 2

Step 3: Decrypt the Administrator Password

  1. In the Get Windows Password interface:

    • Click Browse to locate your key pair file
    • Select the kp-windows.pem file you downloaded earlier
    • Verify the Private Key field is populated
    • Click Decrypt Password

    Instance Connect Step 3

🔒 Security Note: The private key never leaves your computer during this process. The decryption happens locally in your browser.

Step 4: Copy the Administrator Password

  1. After successful decryption:
    • Copy the displayed password to your clipboard
    • Keep this password secure as it provides administrative access to your instance

Step 5: Launch the Remote Desktop Connection

  1. On your local computer:

    • Open the Remote Desktop File (.rdp file) you downloaded earlier
    • When the Remote Desktop Connection dialog appears, click Connect

    Instance Connect Step 5

Step 6: Authenticate to the Windows Instance

  1. In the Windows Security dialog:

    • Enter the password you copied in Step 4
    • Click OK to proceed with the connection

    Instance Connect Step 6

Step 7: Accept the Certificate Warning

  1. When prompted about the identity of the remote computer:

    • Click Yes to proceed with the connection despite the certificate warning

    Instance Connect Step 7

💡 Pro Tip: For production environments, consider setting up proper certificates to avoid these warnings and enhance security.

Step 8: Verify Successful Connection

  1. After successfully connecting:

    • You’ll see the Windows Server 2025 desktop
    • The Server Manager dashboard will display system information

    Instance Connect Step 8

Preparing Sysprep for AMI Creation

ℹ️ Information: Sysprep (System Preparation) is a Microsoft tool that prepares a Windows installation for imaging. This is essential when creating custom AMIs to ensure each instance launched from your AMI has unique security identifiers.

Step 9: Access EC2Launch Settings

  1. On your Windows Server instance:

    • In the Windows search box, type EC2LaunchSettings
    • Select the EC2Launch Settings application from the results

    Access EC2Launch Settings

⚠️ Warning: Different Windows Server versions use different EC2 launch agents. Windows Server 2025 uses EC2Launch v2, while older versions may use EC2Launch v1 or EC2Config. Refer to the AWS documentation for version-specific instructions.

Step 10: Configure Administrator Password Settings

  1. In the EC2Launch Settings window:
    • Under Administrator Password, select Random to generate a new password on next boot
    • At the bottom of the window, click Shutdown with Sysprep

Step 11: Confirm Sysprep Operation

  1. When prompted for confirmation:

    • Click Yes to proceed with the Sysprep operation and shut down the instance

    Configure EC2Launch Settings

  2. The Sysprep process will begin:

    • You’ll see a command prompt window showing the Sysprep progress

    Sysprep Progress

Step 12: Verify Instance Shutdown

  1. Your RDP session will end automatically when the instance shuts down

  2. Return to the EC2 console:

    • Verify that your Windows-instance state has changed to Stopped

    RDP Session Ended Instance Stopped

🔒 Security Note: Running Sysprep before creating an AMI is a security best practice. It removes unique system information like the Security Identifier (SID), computer name, and driver cache, ensuring each instance launched from your AMI has unique identifiers.

Why Sysprep is Important

⚠️ Warning: If you don’t run Sysprep before creating an AMI, instances launched from that AMI may have password retrieval issues. You’ll see an error like this:

Password Not Available Error

💡 Pro Tip: While you can reset key pairs through the process described in lab 5.5, using Sysprep is more efficient when you plan to launch multiple instances from your AMI. It allows you to retrieve a new password for each instance without manual intervention.