Article number
Affected Versions
Source Hypervisor
Target Hypervisor

Windows VM boots in AWS and passes both health checks but is not accessible via RDP.

Viewed 310 times

Root Cause

Any of the below configurations on the protected VM prior to Failover/Move to AWS can result in a failure to RDP to the recovered Windows instance:
  • Firewall configuration
  • RDP service configuration
  • Network interface configuration


After a successful Failover/Move of a Windows VM to AWS, and the AWS health checks succeed as well, RDP to the recovered Windows instance is not possible.


Option 1, in the case where the protected VM is still available to edit (i.e. issue seen during a Failover Test or not yet committed Failover Live/Move):
  1. If the Failover Test has not yet been stopped or the Failover Live/Move has not yet been rolled back, kindly do so to bring the VPG back to a healthy standpoint.
  2. On the protected VM, check if any firewall profile is turned on under System and Security -> Windows Firewall.Windows Firewall
  3. Available options are: Domain Network / Private network Guest / public networks. Green means enabled and red means disabled.ports
  4. If a firewall is required due to security concerns, please ensure the RDP port is allowed (by default this port is 3389).
  5. Let the VPG create new checkpoints that cover the above changes and select one of these new checkpoints.
  6. If this issue persists, or no protected VM is available to edit, continue to Option 2 below.

Option 2, in case the protected VM is not available anymore (i.e. Failover Live/Move has been committed) utilizing the EC2Rescue tool is the best option left.

Note: EC2Resuce is an AWS GUI based troubleshooting tool that can be run on your Amazon EC2 instance (i.e. the ZCA instance).
  1. Shutdown the recovered Windows instance in AWS.
  2. Detach the boot volume (renaming the disk can be helpful as well to recall which disk is which).
  3. Attach this same boot disk to the ZCA or any other Windows instance that has EC2Rescue installed on it (ideally on the same VPC and subnet).
  4. Kindly see the link below for EC2Rescue installation and setup video.
  5. Run the EC2Rescue utility and point to the boot disk of the recovered instance by clicking on Diagnose and Rescue.
  6. Once complete, detach the boot disk from the Windows instance (ZCA or other Windows instance) and re-attach the boot disk to the initial recovered Windows instance as "/dev/sda1".
For more information on the EC2Rescue utility, kindly visit the AWS Knowledgebase Article below: