Applications

JBoss EAP on Windows User Guide

Last updated: 2026-03-25 | Product: JBoss EAP on Windows

Overview

The JBoss EAP on Windows AMI by cloudimg provides a fully preconfigured Red Hat JBoss Enterprise Application Platform installation running on Windows Server. JBoss EAP is an enterprise grade Java application server built on the WildFly open source project, delivering a robust, scalable platform for deploying Java EE applications in production environments.

This AMI includes JBoss EAP 7.4.0 preconfigured as a Windows Service that starts automatically on boot, along with Java preinstalled and ready to use. The JBoss EAP Administration Console is accessible via a web browser on port 9990, and the JBoss Welcome Page is available on port 8080, giving you a fully operational application server within minutes of launching the instance.

This guide walks you through connecting to the Windows instance via Remote Desktop, managing the JBoss EAP service, creating an administrator user for the management console, deploying applications, and applying security best practices.

Visit www.cloudimg.co.uk to explore the full catalogue of preconfigured AMIs available on the AWS Marketplace.

Prerequisites

Before launching the JBoss EAP on Windows AMI, ensure you have the following in place.

AWS Account You need an active AWS account with permissions to launch EC2 instances and manage security groups.

EC2 Key Pair Create or select an existing EC2 key pair in the region where you plan to launch the instance. This key pair is required to decrypt the Windows Administrator password.

Remote Desktop Client You need a Remote Desktop Protocol (RDP) client installed on your local machine. Options include Microsoft Remote Desktop (macOS/Windows), Remmina (Linux), or any compatible RDP client.

Security Group Configuration Your security group must allow inbound traffic on the following ports:

Protocol	Type	Port	Description
RDP	TCP	3389	Remote Desktop access
TCP	TCP	9990	JBoss EAP Administration Console
TCP	TCP	8080	JBoss Welcome Page

Restrict RDP access to your own IP address or a trusted CIDR range. The JBoss management port (9990) should also be limited to trusted administrators only.

Minimum System Requirements

Minimum CPU	Minimum RAM	Required Disk Space
1 vCPU	1 GB	30 GB

For production workloads, consider a t3.medium or larger instance type with at least 4 GB of RAM to ensure consistent performance.

Step by Step Setup

Step 1: Launch the Instance

Open the AWS Marketplace listing for JBoss EAP on Windows by cloudimg.
Click Continue to Subscribe, then Continue to Configuration.
Select your preferred AWS Region and instance type.
On the launch page, choose your VPC, subnet, and assign the security group you prepared above.
Select your EC2 key pair and launch the instance.

Step 2: Wait for Status Checks

Allow the EC2 instance to reach 2/2 status checks passed before attempting to connect. Windows instances may take several minutes to complete their initial boot process.

Step 3: Retrieve the Windows Administrator Password

Log in to the AWS Console and navigate to EC2 > Instances.
Select the radio button next to your newly launched instance.
Click Actions > Security > Get Windows password.
Click Browse and upload the .pem key pair file that was selected during launch.
Click Decrypt password.
The Administrator password will appear in plain text. Copy this value and store it securely.

Step 4: Connect via Remote Desktop

Open your Remote Desktop client application.
Create a new connection using the public IP address of your EC2 instance.
If your instance is on a private subnet and you have a VPN connection, use the private IP address instead.
Click Add or Connect.
When prompted for credentials, enter:
Username: Administrator
Password: The decrypted password from Step 3
Click Continue.
If a certificate warning appears, click Continue to proceed.

You should now see the Windows Server desktop.

Step 5: Verify Java Installation

Open a Command Prompt (CMD) and check the Java version:

java --version

Java should be preinstalled and available on the system PATH.

Step 6: Verify the JBoss EAP Service

The JBoss EAP service starts automatically on boot. To verify it is running:

Open the Start Menu and search for Services.
Click Services to open the Services management console.
Locate the JBossEAP7 service in the list.
Verify that the Status column shows Running and Startup Type shows Automatic.

The service properties show: - Service name: JBossEAP7 - Display name: JBossEAP7 - Description: JBoss Enterprise Application Platform 7 - Path to executable: C:\Users\Administrator\jboss-eap-7.2\bin\prunsrv.exe //RS//JBossEAP7 - Startup type: Automatic

Step 7: Verify the JBoss Welcome Page

Open a web browser on the instance (or from your local machine if port 8080 is open in the security group) and navigate to:

http://<PUBLIC_IP>:8080

You should see the JBoss EAP Welcome Page confirming the application server is running.

Step 8: Create a Management User

Before accessing the Administration Console, you must create a management user. Open a Command Prompt as Administrator and run:

cd C:\Users\Administrator\EAP-7.4.0\bin
add-user.bat

The script will prompt you through the following steps:

What type of user do you wish to add? Enter a for Management User.
Username: Enter your desired username (for example, admin). If the user already exists, choose option a to update the existing user's password and roles.
Password: Enter a strong password. The password must contain at least 8 characters, including 1 alphabetic character, 1 digit, and 1 non alphanumeric symbol. It must not be the same as the username or a restricted value (root, admin, administrator).
Re-enter Password: Confirm the password.
What groups do you want this user to belong to? Press Enter to leave blank.
Is this new user going to be used for one AS process to connect to another? Enter no.

Step 9: Access the Administration Console

Navigate to the JBoss EAP Administration Console:

http://<PUBLIC_IP>:9990

A sign in popup will appear. Enter: - Username: The management username you created (for example, admin) - Password: The password you set in the add-user script

Click Sign In. The Red Hat JBoss Enterprise Application Platform management console will load, providing access to: - Deployments for managing deployed applications - Configuration for subsystem settings - Runtime for monitoring server status, JVM usage, and logs - Patching for applying JBoss EAP patches - Access Control for managing user roles and permissions

Server Components

The JBoss EAP on Windows AMI includes the following preconfigured components.

Component	Version	Description
JBoss EAP	7.4.0	Red Hat JBoss Enterprise Application Platform
Java	Latest compatible version	Java Runtime Environment required by JBoss EAP
Windows Server	2012 R2 or later	Windows Server operating system

JBoss EAP is installed in the Administrator user's home directory at C:\Users\Administrator\EAP-7.4.0 and is registered as a Windows Service for automatic startup.

Filesystem Layout

The AMI uses a single C: drive containing the operating system and all JBoss EAP components.

Drive	Description
C:	Local disk containing Windows Server, JBoss EAP, and Java

Key directories and their purposes:

Path	Purpose
C:\Users\Administrator\EAP-7.4.0	JBoss EAP installation directory
C:\Users\Administrator\EAP-7.4.0\bin	JBoss EAP binaries, scripts, and service management tools
C:\Users\Administrator\EAP-7.4.0\standalone	Standalone server configuration, deployments, and data
C:\Users\Administrator\EAP-7.4.0\standalone\configuration	Server configuration files including standalone.xml
C:\Users\Administrator\EAP-7.4.0\standalone\deployments	Application deployment directory (hot deploy folder)
C:\Users\Administrator\EAP-7.4.0\standalone\log	Server log files
C:\Users\Administrator\EAP-7.4.0\domain	Domain mode configuration (for multi server setups)

Managing Services

The JBoss EAP service is managed through the Windows Services console or via the command line.

Using the Windows Services Console

Open the Start Menu and search for Services.
Locate JBossEAP7 in the service list.
Right click to Start, Stop, Restart, or change the Startup Type.

Using the Command Line

Open a Command Prompt as Administrator:

:: Check the JBoss EAP service status
sc query JBossEAP7

:: Stop the JBoss EAP service
net stop JBossEAP7

:: Start the JBoss EAP service
net start JBossEAP7

:: Restart the JBoss EAP service
net stop JBossEAP7 && net start JBossEAP7

Using PowerShell

# Check service status
Get-Service JBossEAP7

# Stop the service
Stop-Service JBossEAP7

# Start the service
Start-Service JBossEAP7

# Restart the service
Restart-Service JBossEAP7

Changing the Startup Type

To prevent JBoss EAP from starting automatically on boot:

sc config JBossEAP7 start=demand

To re-enable automatic startup:

sc config JBossEAP7 start=auto

Scripts and Log Files

Script or Log	Path	Description
add-user.bat	C:\Users\Administrator\EAP-7.4.0\bin	Create or modify management and application users
standalone.bat	C:\Users\Administrator\EAP-7.4.0\bin	Start JBoss EAP in standalone mode (manual start)
jboss-cli.bat	C:\Users\Administrator\EAP-7.4.0\bin	JBoss EAP command line interface for administration
server.log	C:\Users\Administrator\EAP-7.4.0\standalone\log	Main JBoss EAP server log file
standalone.xml	C:\Users\Administrator\EAP-7.4.0\standalone\configuration	Primary server configuration file
mgmt-users.properties	C:\Users\Administrator\EAP-7.4.0\standalone\configuration	Management user credentials store

Deploying Applications

Hot Deployment

The simplest way to deploy a Java application is to copy your WAR, EAR, or JAR file into the deployments directory:

copy C:\path\to\your\application.war C:\Users\Administrator\EAP-7.4.0\standalone\deployments\

JBoss EAP will automatically detect and deploy the application. A .deployed marker file will appear once deployment is complete.

Using the Administration Console

Log in to the Administration Console at http://<PUBLIC_IP>:9990.
Click Deployments on the homepage.
Click Add and browse to your application file.
Follow the wizard to upload and enable the deployment.

Using the CLI

Open a Command Prompt and launch the JBoss CLI:

cd C:\Users\Administrator\EAP-7.4.0\bin
jboss-cli.bat --connect
deploy C:\path\to\your\application.war

Troubleshooting

Cannot connect via RDP

Confirm the instance has reached 2/2 status checks in the EC2 console.
Verify your security group allows inbound TCP traffic on port 3389 from your IP address.
Ensure you are using the correct decrypted Administrator password.
Try using the private IP address if you have a VPN connection to the VPC.

JBoss EAP service is not running

Open Services and check the status of the JBossEAP7 service.
If the service has stopped, check the server log at C:\Users\Administrator\EAP-7.4.0\standalone\log\server.log for error messages.
Ensure there is sufficient disk space on the C: drive.
Verify that Java is properly installed and accessible from the command line.

Cannot access the Administration Console on port 9990

Verify the JBossEAP7 service is running.
Ensure you have created a management user using the add-user.bat script. The console requires authentication and will not be accessible without a management user.
Check that port 9990 is open in your security group.

Cannot access the Welcome Page on port 8080

Verify the JBossEAP7 service is running.
Check that port 8080 is open in your security group.
Review the server log for startup errors.

Deployment fails

Check the server log for deployment error messages.
Verify the application is compatible with the installed JBoss EAP version.
Ensure there is sufficient disk space for the deployment.

Password requirements not met during add-user

The password must be at least 8 characters long.
It must contain at least 1 alphabetic character, 1 digit, and 1 non alphanumeric symbol.
It must not match the username or be a restricted value such as root, admin, or administrator.

Security Recommendations

Change the Windows Administrator Password

After first login, change the default Administrator password through Windows:

Press Ctrl+Alt+Del (or use the RDP client's equivalent).
Select Change a password.
Enter the current password and set a new strong password.

Note: Once you change the password, it cannot be retrieved again from the AWS Console.

Restrict RDP Access

Limit RDP (port 3389) to specific trusted IP addresses in your security group. Never expose RDP to 0.0.0.0/0. Consider using a bastion host or AWS Systems Manager for remote access.

Restrict Management Console Access

Port 9990 provides full administrative control over the JBoss EAP server. Only open this port to trusted administrator IP addresses.

Use Strong Management Passwords

When creating management users with add-user.bat, use strong passwords that meet enterprise password policy requirements.

Enable Windows Firewall

In addition to AWS security groups, ensure Windows Firewall is configured to restrict inbound traffic to only the required ports.

Apply Windows Updates

Keep the Windows Server operating system up to date with the latest security patches:

Open Server Manager.
Navigate to Windows Update.
Check for and install available updates.

Apply JBoss EAP Patches

Monitor Red Hat's security advisories for JBoss EAP and apply patches through the Administration Console's Patching section.

Enable HTTPS

For production deployments, configure JBoss EAP to use HTTPS with a TLS certificate for both the application port (8080) and the management port (9990).

Backup Configuration and Deployments

Regularly back up the JBoss EAP configuration and deployed applications. Use AWS EBS snapshots for volume level backups or manually copy the standalone\configuration and standalone\deployments directories.

Support

If you encounter any issues not covered in this guide or need further assistance, the cloudimg support team is available 24/7.

Email: support@cloudimg.co.uk Phone: (+44) 02045382725 Website: www.cloudimg.co.uk Address: 3rd Floor, 86 90 Paul Street, London, EC2A 4NE

When contacting support, please include your EC2 instance ID, the AWS region, and a description of the issue along with any relevant log output or screenshots.