Cannot connect to an AWS EC2 Windows instance with WINRM

When we launch an AWS EC2 instance with Windows 2012, Windows 2016, Windows 2019, the “Administrator” local account is automatically created and added to the Administrators group. We can decrypt the Administrator password using the private key of the key pair we used to launch the server.

On Windows servers WINRM access is necessary during the bootstrap process to install the Chef Infra Client and set up the node to communicate with the Chef Infra Server.

When we try to access the instance via WINRM using the “Administrator” account, the Windows Event Log saves an error entry with Login Failure.

To access the server with WINRM

  • Create a new local user account and add it to the Administrators group,
  • Open inbound port 5985 in the AWS security group,
  • Make sure inbound port 5985 is enabled in the Windows firewall,
  • Configure WINRM running the command in a PowerShell window:
    winrm quickconfig
  • Make sure the WINRM listener is enabled by running the command in a PowerShell window:
    winrm e winrm/config/listener

Leave a comment

Your email address will not be published. Required fields are marked *