Tuesday, May 01, 2012

Retrieve Amazon EC2 windows password

I recently was given to work with an existing Amazon EC2 AMI without having the benefit of the previous key-pair. Additionally when the AMI was created the Set Password was not enabled. This led to the problem that even though the AMI could be used to launch a Windows EC2 instance, we could not login.

To surmount this, we need to make use of an Ubuntu linux instance launched on Amazon EC2. Following steps help in recovering the password.


  1. Launch a Windows instance from the given AMI. Use your own or newly created Key-Pair.
  2. Stop the instance and detach the volume which contains the root partition. This is usually /dev/sda1. The root partition contains the setting for Set Password. (C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml)
  3. Launch a micro Ubuntu server instance. We do not need a larger instance since it is a simple operation.
  4. Attach the volume detached in step 2 to the Ubuntu instance under /dev/xvdf.
  5. Login into the Ubuntu instance via ssh or whichever way you do.
  6. Create a mount point  sudo mkdir /opt/tempm/
  7. Use fdisk to check the correct volume to mount sudo fdisk -l This will list two volumes - /dev/xvdf1 and /dev/xvdf2. Of these xvdf1 is the boot partition, and xvdf2 is the one containing the requisite file.
  8. Mount the Windows NTFS volume onto this directory using: sudo mount -t ntfs-3g /dev/xvdf2 /opt/tempm/ Take care to include the "2" in xvdf2 otherwise you will get errors.
  9. Once mounted, navigate to the configuration windows directory. cd /opt/tempm/Program\ Files/Amazon/Ec2ConfigService/Settings/
  10. Use your favorite editor to launch the config.xml file using sudo sudo vi config.xml
  11. In this file, change the tag from "Disabled" to "Enabled". Save and exit.
  12. Unmount the volume sudo umount /opt/tempm/
  13. Detach the volume from the ubuntu instance and reattach to the Windows instance. When attaching to the Windows instance take care to use the right mount point - "/dev/sda1". Otherwise the disk will not be treated as a boot partition.
  14. Start your windows instance and use "Get Windows Admin Password" to recover the password using your new key-pair.

Note: Obviously if the "Set Password" had been set correctly while creating the AMI, this problem should not have arisen. Please let me know otherwise in the comments section.
Post a Comment