Tips and Troubleshooting for Windows Instances

This page describes steps to troubleshoot problems that you might have while using Windows instances on Google Cloud Platform.

Troubleshooting Windows Server instances

Connecting to the Emergency Management Services console

You can use the Emergency Management Services console to troubleshoot problems with your Windows Server instance, such as issues with drivers. For an overview of the EMS console, see the EMS Technical Reference.

To connect to the EMS console:

  1. From your terminal or in Cloud Shell, enable connections to your instance's serial ports. In the following command, replace [INSTANCE_NAME] with the name of your migrated instance:

    gcloud compute instances add-metadata [INSTANCE_NAME] \
    --metadata=serial-port-enable=1
    
  2. Connect to the EMS console on the instance's serial port 2. In the following command, replace [INSTANCE_NAME] with the name of your migrated instance:

    gcloud compute connect-to-serial-port [INSTANCE_NAME] --port 2
    

    When you are connected to the serial port, you see the following prompt:

    Computer is booting, SAC started and initialized.

    Use the "ch -?" command for information about using channels.

    Use the "?" command for general help.

    SAC>Windows has finished checking the disk.

    EVENT: The CMD command is now available. SAC>

  3. To create a new command prompt session, type cmd.

  4. To connect to the new command prompt session, type ch -si 1. The session details are shown. Press Enter to connect to the session.

  5. To sign in to the session, type your Windows username and password. After you have successfully signed in, the Windows command prompt opens.

Enabling Remote Desktop Protocol (RDP) connections

If you cannot connect to your migrated instance using the Remote Desktop Protocol (RDP), try enabling RDP using the Emergency Management Services (EMS) console.

For steps to connect to the EMS console, see Connecting to the EMS console.

To enable RDP connections, in the EMS command prompt, type the following commands:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal ^
  Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

net stop TermServices
net start TermServices

Windows License

By default, Compute Engine Windows instances automatically connect to the KMS server every seven days via TCP port 1688 to renew their activation. If you receive messages about license expiration or any other issues related to licenses on your Windows instances, check the following items:

  • Confirm that your Windows Server instance has an external IP address, which is required to communicate with the KMS server.

  • Confirm there are no firewall egress rules blocking connections to kms.windows.googlecloud.com over TCP 1688.

If you still have licensing issues, run the following commands from an elevated command prompt window to force set the KMS server IP address and force an activation:

cscript \windows\system32\slmgr.vbs /skms 35.190.247.13:1688
cscript \windows\system32\slmgr.vbs /ato

For more informaton about licensing, read: licensing windows server images.

Tips to keep a Windows Server 2003 instance secure

Support for Windows Server 2003 has ended, and no updates or patches are being released. As a result, your instance might be vulnerable to security exploits. Use the following tips to reduce the risk to your Windows Server 2003 instance.

  • You must not assign an external IP address to your Windows Server 2003 instance. Because support for Windows Server 2003 has ended, your instance might be vulnerable to security exploits. Use a VPC network to set up a private IP address for your instances.

  • Restrict remote desktop (RDP) access to your Windows Server 2003 instances by setting up a Remote Desktop Gateway.

Was this page helpful? Let us know how we did:

Send feedback about...

Compute Engine Documentation