EC2: Windows activation

Today I had a problem with a Amazon EC2 Windows instance. It said “this copy of windows is not genuine”. I tried to activate it, but it kept giving me errors.

After some searching on the EC2 Forums I found this post which helped me out.

In short:

1. Open "C:\Program Files\Amazon\Ec2ConfigService\Settings\DnsSuffixSettings.xml"
2. Remove the extra </RegionMapping> tag from line 34
3. Open "C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml"
4. On line 34, change the state of EC2WindowsActivate plugin from Disabled to Enabled
5. Stop and Start the Ec2Config service
6. Wait couple minutes and then run slui.exe to verify Windows is activated (for core installation use "slmgr.vbs /dli")

Backup solution using PowerShell and Amazon S3

The company I work for has some Amazon EC2 Instances. These instances are running all kinds of custom developed software and some databases.
We wanted to create some kind of backup solution for these and sql databases and the software.

Here are my requirements:

  • Backup solution must be done to some kind of storage and not local on the server
  • Backup solution must run automatically (Scheduled)

Optional requirements:

  • files must be zipped
  • databases must be backupped from within script
    reason: so I am not depended of a sql backup that has to be run first

After some research I came to the conclusion that I am going to be using PowerShell and that I will do my backup to a S3 storage bucket. I found a nice utililty named Cloudberry S3 Explorer which had some PowerShell Snap-in I could use. They even had an example script I could use as the base of my script.

To get the Cloudberry S3 Explorer powershell snap-in working (I did not wanted to install the tool on the server), follow these steps:

  • Install Cloudberry S3 Explorer somewhere and copy all dll, xml and ps1xml files to a directory on your server
  • Set the powershell execution policy to unrestricted by executing the command set-executionpolicy unrestricted
  • From within the directory where you copied the dll, xml and ps1xml files run the following command:
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe –I  CloudBerryLab.Explorer.PSSnapIn.dll
    In x64, I suggest you also use: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe CloudBerryLab.Explorer.PSSnapIn.dll
    (as you see, you need the
    .net framework installed)

After some coding I had the following script (I did not implement the optional requirements just yet):

#declare variables
$SourceFolder = "D:\backup"
$key = "<your access key id>" 
$secret = "<your secret access key>"
$destBucket = "<name of your s3 bucket>"

#load CloudBerryLab PSSnapin

Add-PSSnapin CloudBerryLab.Explorer.PSSnapIn

$s3 = Get-CloudS3Connection -Key $key -Secret $secret
$destination
 = $s3 | Select-CloudFolder -Path 
$destBucket
$source
 = Get-CloudFilesystemConnection | Select-CloudFolder 
$SourceFolder
$source
 | Copy-CloudSyncFolders $destination -DeleteOnTarget -IncludeSubFolders

Execute it, and you will see that all files in the $SourceFolder will be copied to you $destbucket. As we are using the Copy-CloudSyncFolders the next time it runs, it will synchronize the 2 directories.

I can now create a windows task which will execute the powershell with the following parameters:
-command "& ‘<location to your ps1 script>\<filename>.ps1′"

Add PowerShell Task

As I still do not have my secondary goals, I will try to work on that. But there is one thing I want to add to the Primary Goals list, that is the fact that the script has the access Key Id and the Secret Access Key in it, in plain text. Off course “not secure”. As more people can access the EC2 server, I don’t want them to see the passwords.
I know the Cloudberry command can’t handle a SecureString object, so I cant use the commands convertfrom-securestring and convertto-securestring to supply the credentials via a plain text file.

So I am thinking of putting this powershell script on one of my on premise servers and using PowerShell Remoting to execute the commands for a backup (I already tested this and it works, but it’s 2 long for now to write down :-) ). So I will come back on that later.

In the mean time if some of the PowerShell Guru’s have a better idea to handle this in a more secure way, I would be most  grateful with any advice.

Serving multiple SSL domains on one EC2 instance

One of the annoying things of Amazon EC2 (and a highly requested feature), is the ability to connect multiple elastic IP’s to one instance, it can’t be done (atm).
You need these IP’s if you want to have more than SSL site on your server (if you are not using a wildcard or a multi domain certicate).

This article from James Elwood has a workaround for it. It makes use of the Elastic Load Balancer.

A little bit of background info on the fact why you can’t use one ip with multiple SSL sites:

The HTTPS protocol encrypts the HTTP request, including the Hostheader which identifies the domain it is requesting. The server then needs to decrypt the request with the correct SSL certificate. But the server does not know which one to use if there are more than one SSL site on 1 ip-address. You can see why you need a dedicated IP per SSL Site, the server can then look at the IP address to which the request was send and match it with the SSL site listening on this address.

EC2: Image Manifest differs from s3

I tried to start one of my Amazon EC2 AMI’s a few day’s ago, and received the error:

Insufficient capacity

Which I found was very weird. I think that’s just we’re cloud computing stands out from traditional computing, the possibility to add capacity on demand. I found out that I had to AMI’s with the same source (the manifest).

I de-registered one of them, but still received the same error.
Today I tried again (yes, I am stubborn) by starting the one AMI that was left. This resulted in a completely different error:

registered machine image manifest for ami-******* and manifest in S3 differ. Has the image been rebundled but not re-registered.

Start Instance Wizard

I solved it by firing up the EC2 API Command Line Tools, and executing the command:

ec2-register <bucket>/<name.manifest.xml> -n <Name>

For the parameter Name I opened up CloudBerry Explorer for Amazon S3 and opened the manifest.xml file that was causing the problem. Inside this file there is a xml tag named <name>, Use this one to register your AMI.

New Powerful Amazon EC2 Boot Features

Yesterday Amazon announced some cool new feature on their EC2 platform: Boot your instance  from EBS (Amazon Block Store).

Your root partition of your image will be EBS, so this will give you the ability to:

  • fine-grain control of software and data configuration
  • increase the size of the local disk up to 1TB in size
  • boot faster
  • stop an instance and restart it at a later time with the disk configuration intact
  • restart an instance and choose to use a different instance type (e.g., with more memory or CPU), a different operating system (e.g., with new security patches installed), or add new user data

read more @ source

Amazon EBS: Increasing Disk size

Whenever you got an EBS Disk which size is not sufficient enough anymore, you can easily make it larger. Here’s how (OS: Windows off course).

  • First of all create a snapshot of the volume (the larger the disk, the longer it takes)
  • Create a volume from your snapshot and give it a greater size
  • Detach your original volume and attach your snapshot volume

If you open your Disk Management in Windows, you can see that you’re disk has “Unallocated” disk space

Disk Management

  • Start a command prompt and enter [diskpart]
  • In diskpart enter [list volume], this command will list your volumes. Write down the volume senumber of the disk you just attached
  • Enter [select volume #], where # represents the number of your disk
  • Now enter [Extend]

Now see the magic happen :-)

Amazon Web Services – disable sysprep changes

Whenever you start or restart your Amazon Instance, it will change your time zone back to GMT (if you changed it). As I am going to install Microsoft SQL Integration Server and Microsoft SQL Reporting  Server, I want the time zone to be GMT+1.

To stop Amazon to changing the Time Zone:

  • Open %programfiles%\Amazon\Ec2ConfigSetup\bundleconfig.xml
  • Change the SetSysPrep from <Yes> to <No>

Amazon will also change your machine name, which is not usefull when hosting an SQL Server (think about the connection string). You can also change this behavior (also change the SetSysPrep option explained above in this article):

  • Open %programfiles%\Amazon\Ec2ConfigSetup\config.xml
  • Change the Ec2SetComputerName from <Enabled> to <Disabled>

  • Amazon – saving your instance

    If you configured your instance you might want to save a backup of it. You can save this instance to S3 storage.

    You first have to create a bucket which will hold your files (an instance will be saved to severall “zipped” parts). A great tool is s3 browser, you can download a free version here.
    Just install it, and add your account access identifiers details (you can find these on the Amazon  “your account” page under “access identifiers” )
    Then create a bucket, be sure to create one in the correct region (US or Europe).

    Login to your AWS Management Console and, click on Instances in the left menu. You can now right click on your running instance and choose [Bundle Instance], this will bring up a pop up box. You have to provide the bucket name which you created and a S3 key name (this is just a name for your instance files, in S3 browser you will see these files as <s3 key name>.part.### ). Press [Brundle] and be prepared to wait a little while. 
    You can view the status of your bundle task in the [bundle tasks] menu. Your instance will shutdown during this task, and when it is ready it will start up again.

    Bundle Tasks

    If the bundle task is done, you can right click the bundle task and choose [Register as an AMI]. This will create a personalized AMI, which you can start and shutdown.
    This is like a snapshot in VMWare.

    Registered AMI's

    Keep in mind that it everything on your C: drive is stored in the just created personal AMI. The provided D: drive is lost. To get more persistant disk space you have to use EBS disk space.