amazon-ssm-agent: Unable to start AWS ssm-agent service on Win server 2016 Datacenter

I am trying to setup Run command. One of the prerequisite was to check whether ssm-agent is running. I checked services on AWS Windows sever 2016 instance but the service status was “Starting”. After few tries, i removed the service and downloaded the latest binary which is version 2.2.916.0. It’s also giving the same message “Starting”. I tried running the executable on the command prompt with Administrator privilege and i see the following:

C:\>"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"
2018/08/06 07:17:30 Failed to load instance info from vault. RegistrationKey does not exist.
Initializing new seelog logger
New Seelog Logger Creation Complete
2018-08-06 07:17:30 INFO Windows Only: Job object creation on SSM agent successful
2018-08-06 07:17:30 INFO Agent enters hibernate mode. Reducing logging...
2018-08-06 07:17:30 INFO Getting IE proxy configuration for current user: The operation completed successfully.
2018-08-06 07:17:30 INFO Getting WinHTTP proxy default configuration: The operation completed successfully.
2018-08-06 07:17:30 INFO Proxy environment variables:
2018-08-06 07:17:30 INFO http_proxy:
2018-08-06 07:17:30 INFO https_proxy:
2018-08-06 07:17:30 INFO no_proxy:
2018-08-06 07:22:31 INFO Backing off health check to every 600 minutes for 1800 minutes. Logging will be reduced to one log per backoff period

I have another Windows server 2016 instance where ssm-agent version 2.2.392.0 is installed. That’s running fine. I tried looking for Windows binary of that version but it seems only source code is available to download which has to be compiled.

Any idea what’s the issue with the latest version? Also, are older versions’ binary available for download anywhere?

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 15 (3 by maintainers)

Most upvoted comments

Sorry about that.

Basically the error you are receiving is stating that it cannot access the meta-data service to pick up the IAM credentials.

This is usually due to the routing table not routing traffic to the correct gateway for your subnet.

To check the current routes on the instance you can open an administrative command prompt window and run the following command: Route Print

Please Note Below I am assuming that 10.0.0.1 is your Default Gateway address, please replace it with your own instance default gateway address.

You should see 3 persistent routes as below: Persistent Routes: Network Address Netmask Gateway Address Metric 169.254.169.254 255.255.255.255 10.0.0.1 15 169.254.169.250 255.255.255.255 10.0.0.1 15 169.254.169.251 255.255.255.255 10.0.0.1 15

If these routes do not exist or are pointing to a different gateway address, please delete the routes by running the following from an Administrative command prompt: Route Delete 169.254.169.254 Route Delete 169.254.169.250 Route Delete 169.254.169.251

You can then add them in again by running the following (replace 10.0.0.1 with your gateway address): route -p ADD 169.254.169.254 MASK 255.255.255.255 10.0.0.1 route -p ADD 169.254.169.250 MASK 255.255.255.255 10.0.0.1 route -p ADD 169.254.169.251 MASK 255.255.255.255 10.0.0.1

If you have any Proxy settings that may be applied to the instance. There needs to be proxy exceptions made for the following IP addresses as well: 169.254.169.254, 169.254.169.250 and 169.254.169.251.

Once you have completed these steps the service should be able to access the meta-data service and the instance will then start up normally.

+3
Kitsune-Fox on Aug 6, 2018
Read more comments on GitHub
← amazon-ssm-agent: ssm agent failing to start after reboot
amazon-vpc-cni-k8s: Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container network for pod : NetworkPlugin cni failed to set up pod network: add cmd: failed to assign an IP address to container Error: context deadline exceeded →