Tips and troubleshooting for Windows instances

This page describes steps to troubleshoot problems that you might have while using Windows instances on Google Cloud.

Troubleshooting Windows Server instances

Connecting to the Emergency Management Services console

You can use the Emergency Management Services (EMS) console to troubleshoot problems with your Windows Server instance, such as issues with drivers. For an overview of the EMS console, see the EMS Technical Reference.

To connect to the EMS console:

From your terminal or in Cloud Shell, enable connections to your instance's serial ports. In the following gcloud command, replace [INSTANCE_NAME] with the name of your migrated instance:
```
gcloud compute instances add-metadata [INSTANCE_NAME] \
--metadata=serial-port-enable=1
```

Connect to the EMS console on the instance's serial port 2. In the following command, replace [INSTANCE_NAME] with the name of your migrated instance:

gcloud compute connect-to-serial-port [INSTANCE_NAME] --port 2

When you are connected to the serial port, you see the following prompt:

Computer is booting, SAC started and initialized.

Use the "ch -?" command for information about using channels.

Use the "?" command for general help.

SAC>Windows has finished checking the disk.

EVENT: The CMD command is now available.
SAC>

To create a new command prompt session, type cmd.
To connect to the new command prompt session, type ch -si 1. The session details are shown. Press Enter to connect to the session.
To sign in to the session, type your Windows username and password. After you have successfully signed in, the Windows command prompt opens.

Enabling Remote Desktop Protocol (RDP) connections

If you cannot connect to your migrated instance using the Remote Desktop Protocol (RDP), try enabling RDP using the Emergency Management Services (EMS) console.

For steps to connect to the EMS console, see Connecting to the EMS console.

To enable RDP connections, in the EMS command prompt, type the following commands:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal ^
  Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

net stop TermService
net start TermService

Enabling advanced boot options

You can use the Windows Boot Manager (BOOTMGR) to enter Safe Mode and to access other advanced boot options. Before you can connect to the Boot Manager, you must enable interactive access on the serial console and enable the Windows boot menu:

Enable interactive access to the serial console. For example, you can enable it on a single instance with the following command:
```
gcloud compute instances add-metadata [INSTANCE_NAME] \
    --metadata serial-port-enable=1 \
    --zone [ZONE]
```
Enable the Windows boot menu.
1. RDP into the Windows instance.
2. From an administrative command prompt, run the following commands:
```
bcdedit /set {bootmgr} displaybootmenu yes
```
```
bcdedit /set {bootmgr} timeout 10
```
```
bcdedit /set {bootmgr} bootems yes
```
Use the Cloud Console or the gcloud command-line tool to connect to the instance's interactive serial console on serial port 2. For example:
```
gcloud compute connect-to-serial-port [INSTANCE_NAME] --port 2
```
Restart the instance through the Windows UI or in a command prompt on the instance:
```
shutdown /r /f
```
If you cannot access the instance using RDP, you can reset the instance using the Cloud Console or gcloud tool.
The boot manager will appear through the interactive serial console and you can interact with it, for example, to select and start an operating system.
Before an operating system starts, press Esc+8, which is interpreted by Windows as Fn+8, to select Advanced Options. From here you can access Windows system recovery tools.

Windows license

By default, Compute Engine Windows instances automatically connect to the KMS server every seven days via TCP port 1688 to renew their activation. If you receive messages about license expiration or any other issues related to licenses on your Windows instances, check the following items:

Confirm that your Windows Server instance has an IP address that is configured to allow communication with the KMS server.
Confirm there are no firewall egress rules blocking connections to kms.windows.googlecloud.com over TCP 1688.

If you still have licensing issues, run the following commands from an elevated command prompt window to force set the KMS server IP address and force an activation:

cscript \windows\system32\slmgr.vbs /skms 35.190.247.13:1688
cscript \windows\system32\slmgr.vbs /ato

For more information about licensing, read: licensing Windows Server images.

Tips to keep a Windows Server 2003 instance secure

Support for Windows Server 2003 has ended, and no updates or patches are being released. As a result, your instance might be vulnerable to security exploits. Use the following tips to reduce the risk to your Windows Server 2003 instance.

You must not assign an external IP address to your Windows Server 2003 instance. Because support for Windows Server 2003 has ended, your instance might be vulnerable to security exploits. Use a VPC network to set up a private IP address for your instances.
Restrict remote desktop (RDP) access to your Windows Server 2003 instances by setting up a Remote Desktop Gateway.

Trang này có hữu ích không? Hãy cho chúng tôi biết đánh giá của bạn:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Cập nhật lần cuối Tháng 12 5, 2019.