From the Canyon Edge -- :-Dustin

Friday, April 1, 2011

Windows in EC2 takes 15-30 minutes to generate a password? What the...?!?

I needed to check something on Windows today.  I don't have any Windows installations locally, so my good buddy Scott Moser suggested  that I just launch one in EC2.  A t1.micro Windows instances costs something like $0.03/hour.  Good idea.  That can't be too hard...

Here's what I did...
  1. I started at the web console,
  2. Logged in, and then clicked on the EC2 tab
  3. Then I clicked on Launch Instance
  4. There was a popup for Quick Start, which listed a few AMIs, mostly Amazon's ripoff of CentOS, a couple of SUSE images, and Windows.  Notably, there's no Ubuntu AMIs here...
  5. I selected Windows Server 2008 Base (ami-c3e40daa), 32-bit
  6. I used a t1.micro, and clicked Launch Instance
  7. I clicked continue enough times to make a Canonical Design Team member drive a stake through their MacBook Pro
  8. I selected my ec2 keypair
  9. I accepted the default Security Group configuration, which opens the RDP port 3389
  10. I clicked Launch again (I think this is the 3 button in this process that said "Launch")
  11. Then I clicked a link to View your instances on the Instances page
  12. From there, I could see my instance running, and was given the hostname, and instructions on how to connect to the instance through Windows
  13. Instead, I dropped to an Ubuntu shell and ran:
  14. Alternatively, I could have clicked Applications -> Internet -> Terminal Server Client
  15. Now I tried to login
  16. I wasn't able to do so, as I needed a password, so I went back to my AWS web page, right clicked on my running instance, and my jaw hit the floor when I saw this:

  17. Wow.  Wow.  Wow.  15-30 minutes to generate a 10-character password.  All I can think is that it takes this long to gather enough entropy to seed their equivalent of /dev/random.  Still, this seems broken, in so many ways...
  18. So I waited the obligatory 15-30 minutes, right-clicking and checking if my password was ready multiple times.  Eventually, it was.  I needed to dig up the clear text of my private ec2-keypair.pem to symmetrically decrypt that 10-character password.  (Another thing that seems so broken to me about AWS ... they generated my private key and gave it to me, rather than me giving them my public key, and us operating with a public/private asymmetric scheme.)
  19. Anyway, once this was all said and done, I had a Windows machine running in EC2.  That 30 minutes spent waiting for a password was kind of a waste, though...  :-/

If nothing else, it reminds me why I love me some Ubuntu and ssh-import-id :-)



  1. Maybe they have a scheduled process run every 30 minutes to generate the password (eg. on another machine for security reasons) and so you need to wait up to 30 mins for it to be ready.

  2. You can upload your own generated keypairs using the ec2 command line tool. You need to convert it into pem format first using openssl. But that's a minor detail. I do agree a total windows fail as usual. I have been running training courses with micro instances with ubuntu on it. Worked awesome cause I was able to constantly connect to student's byobu sessions and display them on the room's projector for everyone else to see. Everyone loved it ;-)


Please do not use blog comments for support requests! Blog comments do not scale well to this effect.

Instead, please use Launchpad for Bugs and StackExchange for Questions.