DEV Community

Cover image for Fixing “Invalid Credentials” in AWS SSM Fleet Manager RDP
Adedamola Ajibola
Adedamola Ajibola

Posted on

Fixing “Invalid Credentials” in AWS SSM Fleet Manager RDP

When granting RDP access to a Windows EC2 instance, it’s tempting to open port 3389 to the world 0.0.0.0/0. That’s a major security risk. Instead, AWS SSM Fleet Manager lets you connect over a secure channel without exposing RDP to the internet.

Recently, I ran into an issue where Fleet Manager failed with this error:

Unable to establish Remote Desktop connection. Verify that valid credentials were provided, and that the user you specified has been granted permission to log in through Remote Desktop

Root Cause

On the Windows Server 2022 Base AMI, the default Administrator account was present, but its password had already expired. Since RDP connections including those tunneled through SSM Fleet Manager require a valid and active password, the expired credentials caused the login failure.

Ssm fleetmanager

The Fix

Reset the Administrator password via SSM Run Command:

net user Administrator "xxxxx28xx@xxxx!73"
net localgroup "Remote Desktop Users" Administrator /add
Enter fullscreen mode Exit fullscreen mode

Then log in through Fleet Manager RDP with your username and the new password.

Best Practices

  • Never expose RDP 3389 to 0.0.0.0/0
  • Use SSM Fleet Manager for secure access
  • Enforce strong passwords and rotate them regularly
  • Ensure EC2 has the IAM role: AmazonSSMManagedInstanceCore

Takeaway
If Fleet Manager RDP shows Invalid credentials, it’s usually not an SSM issue but a Windows password problem. Just reset the password through SSM and you’re good to go.

References

Top comments (0)