5

my amazon VM instance (type c4.large, Windows Server 2016 Data Center) is on eu-central-1. I need to get metadata (primarily to check if my software is running on an AWS instance) and I try to fetch this from http://169.254.169.254.

Neither wget, nor tracert can access this IP though.

I can browse any http site from this VM.

C:\Users\Administrator>curl --verbose 169.254.169.254/latest/meta-data/
* timeout on name lookup is not supported
*   Trying 169.254.169.254...
* TCP_NODELAY set
* connect to 169.254.169.254 port 80 failed: Timed out
* Failed to connect to 169.254.169.254 port 80: Timed out
* Closing connection 0
curl: (7) Failed to connect to 169.254.169.254 port 80: Timed out

google.com works:

C:\Users\Administrator>curl --verbose www.google.com
* Rebuilt URL to: www.google.com/
* timeout on name lookup is not supported
*   Trying 172.217.16.196...
* TCP_NODELAY set
* Connected to www.google.com (172.217.16.196) port 80 (#0)
> GET / HTTP/1.1
> Host: www.google.com
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< Referrer-Policy: no-referrer
< Location: http://www.google.de/?gfe_rd=cr&ei=9pvwWJD5G8jb8Aemn6iABA
< Content-Length: 258
< Date: Fri, 14 Apr 2017 09:52:54 GMT
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.de/?gfe_rd=cr&amp;ei=9pvwWJD5G8jb8Aemn6iABA">here</A>.
</BODY></HTML>
* Curl_http_done: called premature == 0
* Connection #0 to host www.google.com left intact
Paul
  • 295
  • 5
  • 10
  • Since this is a Windows server, I'd suggest we take a look at the output from `route print`, particularly any lines referencing 169.254.169.254 (or lack of any such lines). Since I have no Windows machines in AWS to look at myself, it might also be helpful for someone to compare the route table entries from another instance that *does* have access to the metadata service. – Michael - sqlbot Apr 14 '17 at 23:14
  • 3
    Stock windows 2016 AMI (ami-b9b71ad9) has network bug. For more detailed info: https://forums.aws.amazon.com/thread.jspa?threadID=242194 If you are using small/medium instance type, this poweshell script should solve your problem. https://gist.github.com/Gonzales/e000b7c2e72e13701c77431d3a2ffd73 you might want to run this powershell script on intance startup. As User Data is using metadata server , your best change is to use **EC2Config service**: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_Install.html – Gonzales Gokhan Apr 04 '18 at 09:57

1 Answers1

5

In my case, this issue was caused by an invalid network route (specifically, an incorrect NextHop). Here's my patch implementation, inspired by @gonzales-gokhan comment above:

$destinationPrefix = '169.254.169.254/32'
$defaultNetIPConfig = @(Get-NetIPConfiguration | Sort-Object -Property 'InterfaceIndex')[0]
try {
  if (@(Get-NetRoute -DestinationPrefix $destinationPrefix -PolicyStore 'ActiveStore').Length) {
    Remove-NetRoute -DestinationPrefix $destinationPrefix -PolicyStore 'ActiveStore' -Confirm:$false -ErrorAction SilentlyContinue
    Write-Host 'network route for instance metadata removed from ActiveStore'
  }
  if (@(Get-NetRoute -DestinationPrefix $destinationPrefix -PolicyStore 'PersistentStore').Length) {
    Remove-NetRoute -DestinationPrefix $destinationPrefix -PolicyStore 'PersistentStore' -Confirm:$false -ErrorAction SilentlyContinue
    Write-Host 'network route for instance metadata removed from PersistentStore'
  }
  New-NetRoute -DestinationPrefix $destinationPrefix -InterfaceIndex $defaultNetIPConfig.InterfaceIndex -NextHop $defaultNetIPConfig.IPv4DefaultGateway.NextHop -RouteMetric 1 -ErrorAction Stop
  Write-Host 'network route for instance metadata added.'
}
catch {
  Write-Host ('failed to add network route for instance metadata. {0}' -f $_.Exception.Message)
}
grenade
  • 312
  • 1
  • 3
  • 8