HandsON! Review: AWS EC2Rescue for Windows instances

back to home

HandsON! Review: AWS EC2Rescue for Windows instances

Monday, 31 July 2017 By Sravan Kumar E Category AWS
When it comes to troubleshooting Windows server issues, it is not easy to get all required logs at same time with single tool. Systems Administrators will spend their valuable time on collecting logs when troubleshooting below issues:

  • Boot Issues
  • Restore
  • Disk issues
  • Generate OS logs
  • Generate Memory dumps
  • Export Registry entries
  • Windows Update Logs
  • Export Event Logs

We will spend time on lot of multiple tools/utilities to generate or export above logs/dumps when it comes to cloud environment expectation to resolve the issues is much higher at the same time we need to equip with right tools to achieve the same supporting the cause Amazon had recently released EC2Rescue GUI based troubleshooting tool to help us to resolve operations system issues to generate logs faster.

The following are a few common issues that are addressed by EC2Rescue:

  • Instance connectivity issues due to:
    • Firewall configuration
    • RDP service configuration
    • Network interface configuration
  • Operating system (OS) boot issues due to:
    • Blue screen or stop error
    • Boot loop
    • Corrupted registry
  • Any issues that might require advanced log analysis and troubleshooting

Here are the System Requirements to install EC2Rescue which can be downloaded

  • Windows Server 2008 R2 or later
  • NET Framework 3.5 SP1 or later installed
  • Is accessible from a Remote Desktop Protocol (RDP) connection
Note: EC2Rescue can only be run on Windows Server 2008 R2 or later, but it can also analyze the offline volumes of Windows Server 2008 or later.

How to USE:

Note: Here are the few things where this tool cannot help:
  • Windows Update logs are not captured on Windows Server 2016 instances.
  • Offline instance refers to a stopped instance whose root volume has been detached and then attached to another instance as a secondary volume for troubleshooting with EC2Rescue.
  • Run this tool with the account which have local administrator access.

Step 1: One we downloaded tool from here 

Step 2: Unzip the download zip file

Step 3: Double click on EC2Rescue.exe to open and click on next to begin.

Step 4: Now we can select mode Current Instance / Offline instance

Current Instance Mode
This mode analyzes the instance on which EC2Rescue is currently running. It is read-only and does not modify the current instance, and therefore it does not directly fix any issues. Use this mode to gather system information and logs for analysis or for submission to system administrators or AWS Support.

When we select Current instance mode, we will get option to capture logs:

Here EC2Rescue tool will give us more options to select which ever logs we need to generate based on kind of issue we can select type of logs we need.

Once we select required logs click on Collect and it will prompt information dialog box (Note: Read it very carefully when you are sharing logs with any third party vendors).

Once you accept by clicking yes it will be prompted to select the filename and file location to store. Give appropriate filename and location as required.

It will generate above selected logs and place @ your mentioned location, once you extract selected logs will be available as below:

We can share this logs with third party as required or we can use ourself to troubleshoot.

Now lets see what we can perform using Offline Instance Mode:

Offline Instance Mode
This mode allows you to select the volume of the offline system. EC2Rescue analyzes the volume and presents a number of automated rescue and restore options. Also included is the same log collection feature as the Current Instance Mode.

Note: Offline instance refers to a stopped instance whose root volume has been detached and then attached to another instance as a secondary volume for troubleshooting with EC2Rescue.

Once we attach the volume which we need to troubleshoot to the instance where we can run Ec2Rescue Tool. we can select offline instance as above.

Now we should be able to see newly attached volume in Computer Management panel:

Make it disk Online by right clicking (In my case it is Disk 1 your disk number may change based on number of existing disks you may have)

Open Ec2Rescue tool by double clicking on Ec2Rescue.exe as mentioned above.

This time we have to select Offline Instance

Now we will get the additional Volume which is Disk 1 in my case will be visible to select.

It will be prompter the warning whether we selected appropriate volume and we can agree the same by clicking yes

Volume Successfully loaded

Now we will have Offline instance troubleshooting options a follows:
  • Diagnose and Rescue
  • Restore
  • Capture Logs

Lets Explore "Diagnose and Rescue"

Now it will display summary of possible issues:

We can select Next to proceed to issue selection

Select appropriate option as required to fix the issue. In my case I tried to set Ec2 Password to Rescue.

Lets Explore "Restore"

We will have below restore options:

Select appropriate restore option in my case restore registry and then click on restore.

Lets Explore "Capture Logs" this as like as which we perform for Current instance option.

Select appropriate logs to collect

Once we are done with troubleshooting for additional volume which we attached can be detached and add back to original instance to boot as usual.

Final Verdict 

As we can see Ec2Rescue tool will be very handy for troubleshooting windows instance (Online/offline) related issues, So I would definitely encourage others to use and make benefit out of it.

Hope this review post help you.