EC2 Rescue in AWS

 

Analyze an offline instance

The Offline Instance option is useful for debugging boot issues with Windows instances.

To perform an action on an offline instance

1. From a working Windows Server instance, download the EC2Rescue for Windows Server<?XML:NAMESPACE PREFIX = "[default] http://www.w3.org/2000/svg" NS = "http://www.w3.org/2000/svg" /> tool and extract the files.

   You can run the following PowerShell command to download EC2Rescue without changing your Internet Explorer Enhanced Security Configuration (ESC):

   PS C:\> Invoke-WebRequest https://s3.amazonaws.com/ec2rescue/windows/EC2Rescue_latest.zip -OutFile $env:USERPROFILE\Desktop\EC2Rescue_latest.zip
   

   This command will download the EC2Rescue .zip file to the desktop of the currently logged in user.

2. Stop the faulty instance, if it is not stopped already.

3. Detach the EBS root volume from the faulty instance and attach the volume to a working Windows instance that has EC2Rescue for Windows Server installed.

4. Run the EC2Rescue for Windows Server tool on the working instance and choose Offline Instance.

5. Select the disk of the newly mounted volume and choose Next.

6. Confirm the disk selection and choose Yes.

7. Choose the offline instance option to perform and choose Next.

The EC2Rescue for Windows Server tool scans the volume and collects troubleshooting information based on the selected log files.

Collect data from an active instance

You can collect logs and other data from an active instance.

To collect data from an active instance

1. Connect to your Windows instance.

2. Download the EC2Rescue for Windows Server tool to your Windows instance and extract the files.

   You can run the following PowerShell command to download EC2Rescue without changing your Internet Explorer Enhanced Security Configuration (ESC):

   PS C:\> Invoke-WebRequest https://s3.amazonaws.com/ec2rescue/windows/EC2Rescue_latest.zip -OutFile $env:USERPROFILE\Desktop\EC2Rescue_latest.zip
   

   This command will download the EC2Rescue .zip file to the desktop of the currently logged in user.

3. Open the EC2Rescue for Windows Server application and accept the license agreement.

4. Choose Next, Current instance, Capture logs.

5. Select the data items to collect and choose Collect.... Read the warning and choose Yes to continue.

6. Choose a file name and location for the ZIP file and choose Save.

7. After EC2Rescue for Windows Server completes, choose Open Containing Folder to view the ZIP file.

8. Choose Finish.

 

 

 

How to USE:

Note: Here are the few things where this tool cannot help:

• Windows Update logs are not captured on Windows Server 2016 instances.
• Offline instance refers to a stopped instance whose root volume has been detached and then attached to another instance as a secondary volume for troubleshooting with EC2Rescue.
• Run this tool with the account which have local administrator access.

Step 1: One we downloaded tool from here

 

Step 2: Unzip the download zip file

 

Step 3: Double click on EC2Rescue.exe to open and click on next to begin.

 

Step 4: Now we can select mode Current Instance / Offline instance

Current Instance Mode

This mode analyzes the instance on which EC2Rescue is currently running. It is read-only and does not modify the current instance, and therefore it does not directly fix any issues. Use this mode to gather system information and logs for analysis or for submission to system administrators or AWS Support.

 

When we select Current instance mode, we will get option to capture logs:

 

Here EC2Rescue tool will give us more options to select which ever logs we need to generate based on kind of issue we can select type of logs we need.

 

Once we select required logs click on Collect and it will prompt information dialog box (Note: Read it very carefully when you are sharing logs with any third party vendors).

 

Once you accept by clicking yes it will be prompted to select the filename and file location to store. Give appropriate filename and location as required.

 

It will generate above selected logs and place @ your mentioned location, once you extract selected logs will be available as below:

 

We can share this logs with third party as required or we can use ourself to troubleshoot.

Now lets see what we can perform using Offline Instance Mode:

Offline Instance Mode

This mode allows you to select the volume of the offline system. EC2Rescue analyzes the volume and presents a number of automated rescue and restore options. Also included is the same log collection feature as the Current Instance Mode.

Note: Offline instance refers to a stopped instance whose root volume has been detached and then attached to another instance as a secondary volume for troubleshooting with EC2Rescue.

Once we attach the volume which we need to troubleshoot to the instance where we can run Ec2Rescue Tool. we can select offline instance as above.

Now we should be able to see newly attached volume in Computer Management panel:

 

Make it disk Online by right clicking (In my case it is Disk 1 your disk number may change based on number of existing disks you may have)

 

Open Ec2Rescue tool by double clicking on Ec2Rescue.exe as mentioned above.

This time we have to select Offline Instance

 

Now we will get the additional Volume which is Disk 1 in my case will be visible to select.

 

It will be prompter the warning whether we selected appropriate volume and we can agree the same by clicking yes

 

Volume Successfully loaded

 

Now we will have Offline instance troubleshooting options a follows:

• Diagnose and Rescue
• Restore
• Capture Logs

 

Lets Explore “Diagnose and Rescue”

 

Now it will display summary of possible issues:

 

We can select Next to proceed to issue selection

 

Select appropriate option as required to fix the issue. In my case I tried to set Ec2 Password to Rescue.

 

Lets Explore “Restore”

 

We will have below restore options:

 

Select appropriate restore option in my case restore registry and then click on restore.

 

Lets Explore “Capture Logs” this as like as which we perform for Current instance option.

Select appropriate logs to collect

 

Once we are done with troubleshooting for additional volume which we attached can be detached and add back to original instance to boot as usual.