0

I have a Server 2016 datacenter cloud server running in AWS that I "Locked Down" following the CIS L2 guidelines a year or so ago.

Recently I tried migrating the instance to a new account. Everything went smoothly until I got a message for activating windows. I have followed the AWS guidelines (which has always worked for me when dealing with other non-CIS migrations) and had no luck.

I am able to set the location of the AWS KMS by IP however I always end up with an error that no KMS could be contacted.

I tried doing the activation in windows on the local machine as well as in the systems manager of AWS using the "Automation" solution which also fails with a permission issue when I execute the automation.

Is anyone aware of a registry setting or group policy that needs to be reset during the activation process on the locked down instance?

Thanks for any insight you may have.

Gimini
  • 1

1 Answers1

0

what I ended up having to do to get windows to activate was create a new instance server 2016 sql web with fresh amazon ami and then turn it off.

then i detached the drive from it and replaced it with the drives from my instance that would not activate. then in elavted PS:

slmgr.vbs /skms 169.254.169.251:1688

slmgr /ato

to activate.

Gimini
  • 1
  • This may have worked but doesn't really sound right. I suspect you may have firewalled off the windows activation resources in AWS. I do recall seeing that VPC Flow Logs don't record this traffic, so I wonder if it's actually backchannel. This would be a good question for AWS Support. – Tim Aug 18 '20 at 22:02