Skip to main content
EC2 Windows Unable to Mount SMB: EDR Interception and Workgroup Authentication

Two EC2 Windows instances in the same VPC fail to access a shared folder via SMB. Security groups and NACLs are open, Windows Firewall is disabled, but net use reports error 1792, and packet capture shows STATUS_NETLOGON_NOT_STARTED. The root cause is not VPC networking — security software is intercepting the SMB authentication flow.

Checo6/3/26About 2 minAWSWindowsAWSEC2SMBWindowsEDR
Exporting EC2 Windows Root Volume as VMDK and Booting in VMware

EC2 instances launched from public Windows AMIs cannot be directly exported as VMDK via VM Import/Export because they contain AWS-licensed software. The workaround is to perform a block-level read of the EBS root volume after stopping the instance, convert it with qemu-img, and offline-enable Windows generic storage drivers to avoid blue screens in VMware.

Checo6/3/26About 3 minAWSWindowsAWSEC2WindowsVMDKqemu-img
Windows Server 2008 CloudWatch Agent Certificate Verification Failure
CloudWatch Agent certificate chain fix architecture diagram
CloudWatch Agent certificate chain fix architecture diagram

On a Windows Server 2008 EC2 instance, the CloudWatch Agent service status was normal, but monitoring metrics could never be reported to CloudWatch. The logs repeatedly showed x509: certificate signed by unknown authority, and the root cause was ultimately traced to outdated system root certificates and insufficient TLS support.

Checo5/1/26About 2 minAWSWindowsAWSEC2WindowsCloudWatchCertificate
EC2 Windows Unable to RDP: Winlogon Failure Due to Memory Exhaustion

When an EC2 Windows instance passes status checks, responds to ping, but RDP connections fail, and Stop & Start resolves the issue — don't only look at the network. Windows internal resource exhaustion can also cause critical processes like Winlogon to crash.

Checo4/25/26About 2 minAWSWindowsAWSEC2RDPWindowsOOM
Key Considerations for Deploying BitLocker on EC2 Windows Instances

Enabling BitLocker system drive encryption on EC2 Windows instances is feasible, but the risks are higher than on physical machines. The key issue is that EC2 typically lacks a traditional TPM, so after encrypting the system drive, a password is required during the boot phase, and the standard console may not provide a reliable input channel.

Checo3/28/26About 2 minAWSWindowsAWSEC2WindowsBitLockerSerial Console
Installing Kali WSL on Windows 10

Kali comes with many security testing tools. If you don't want to take up C drive space, you can migrate the WSL distribution to the E drive. This article documents the process of installing Kali WSL, exporting a backup, reimporting to a specified directory, and setting the default login user.

Checo12/11/25About 1 minWindowsLinuxWindowsLinuxWSLKali
Launching a Windows 11 EC2 Instance on AWS

AWS China does not directly provide a Windows 11 AMI, and VM Import/Export also requires additional image preparation and import procedures. A compromise approach is to first launch a Linux EC2 instance and then reinstall the system as Windows using an open-source reinstall script.

Project repository: bin456789/reinstall

Reference documentation: CSDN original article

Checo12/3/25Less than 1 minuteAWSAWSWindowsEC2Linux
© 2026 Checo's Blog. All rights reserved.
Copyright © 2026 Checo