I took the image from the parent instance in which the key is working by using the .pem file but the instance which was created from the image the local administrator password is not working and it is failing with the below error.

After the investigation, I found that whenever we launch a new Windows instance using an Amazon-provided AMI, EC2Launch service is configured to generate a random password from the console.

However, after we launch the instance, this setting will be disabled on EC2Launch and you will need to enable it before creating a custom AMI. If this setting is not enabled on EC2Launch before creating the AMI, you won’t be able to retrieve the Password from the console and the same password of the source/parent instance would need to be used to access the new instance. Ideally, we should be able to login to this instance using the local Administrator password which was captured from the parent instance during the creation of the AMI.

As we are not able to login using the local administrator password of the parent AMI, we can use EC2-rescue tool to set random password and retrieve random generated password from the EC2 console using Key-pair for this instance.

Below Steps were shared from the Amazon support:

=========

Please follow steps to use EC2 Rescue to set password:

To troubleshoot this issue we used EC2Rescue tool and followed below steps:

[1] Launch helper instance from a Windows AWS Public AMI in the same VPC and subnet in which your current instance is launched.

[2] Detach the root volume of the instance and attach it to the helper instance as the secondary volume.

[3] Now, login to your helper Instance via RDP.

[4] Please download EC2Rescue tool by using the below link on the helper instance.

[+] https://urldefense.proofpoint.com/v2/url?u=https-3A__s3.amazonaws.com_ec2rescue_windows_EC2Rescue-5Flatest.zip&d=DwIFaQ&c=76Q6Tcqc-t2x0ciWn7KFdCiqt6IQ7a_IF9uzNzd_2pA&r=ASemgKwYoytcsNGsg8cXc5YaWLC-52xuua2vDpCIG7A&m=m867DpcKhdYKq72sdzlFex1c08omm9ZHhWYu9MP8Mf4&s=8N6DFpivJTrWpZgHQFg6qGzMeFnjkNnjLf0KQLLTYII&e=

[5] Open EC2Rescue application -> Select the offline drive -> Click Diagnose and Rescue -> Select Ec2SetPassword

[6] Next, then Rescue, and OK for the volume to be offline.

[7]  Once EC2Rescue has completed, detach the volume from the helper instance and re-attach the volume back to the original instance  as /dev/sda1.

[8] Start the instance and Next, retrieve the password from the EC2 Console using your key-pair  and connect to the instance.

Below links which have video included for the same steps.

[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__aws.amazon.com_premiumsupport_knowledge-2Dcenter_ec2rescue-2Dwindows-2Dtroubleshoot_&d=DwIFaQ&c=76Q6Tcqc-t2x0ciWn7KFdCiqt6IQ7a_IF9uzNzd_2pA&r=ASemgKwYoytcsNGsg8cXc5YaWLC-52xuua2vDpCIG7A&m=m867DpcKhdYKq72sdzlFex1c08omm9ZHhWYu9MP8Mf4&s=3iaHYXJL_0UnkyB-H-31Ij5-kVOyQwtxpjiNAh1kj1U&e=

[2] https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.aws.amazon.com_AWSEC2_latest_WindowsGuide_ResettingAdminPassword-5FEC2Launch.html-23resetting-2Dpassword-2Dec2launch-2Dstep3&d=DwIFaQ&c=76Q6Tcqc-t2x0ciWn7KFdCiqt6IQ7a_IF9uzNzd_2pA&r=ASemgKwYoytcsNGsg8cXc5YaWLC-52xuua2vDpCIG7A&m=m867DpcKhdYKq72sdzlFex1c08omm9ZHhWYu9MP8Mf4&s=WCfu0_HDpc-2Stn6AnsJPK2EMcBQnq9rUSZ9RI8e7yM&e=

Future reference:

=============

Going ahead, I suggest that you SysPrep an instance before creating its AMI so that password access is enabled and you are able to retrieve console generated password.

[+] Using SysPrep with EC2Launch: https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.aws.amazon.com_AWSEC2_latest_WindowsGuide_ec2launch.html-23ec2launch-2Dsysprep&d=DwIFaQ&c=76Q6Tcqc-t2x0ciWn7KFdCiqt6IQ7a_IF9uzNzd_2pA&r=ASemgKwYoytcsNGsg8cXc5YaWLC-52xuua2vDpCIG7A&m=m867DpcKhdYKq72sdzlFex1c08omm9ZHhWYu9MP8Mf4&s=4py_NId0on0jc-DvpjVwp-0SJShdbKtNU78RiJ1lpdQ&e=