Packer: WinRM timouts on Creating encrypted win 2016 AMI on AWS

Created on 24 May 2018  ·  2Comments  ·  Source: hashicorp/packer
  • Packer version from packer version
    1.2.3
  • Host platform
    Windows
  • **Debug log output from PACKER_LOG=1 packer build template.json.
C:\Users\rahul18564\Desktop\2018\packer>packer build -debug sample13.json
Debug mode enabled. Builds will not be parallelized.
amazon-ebs output will be in this color.

==> amazon-ebs: Prevalidating AMI Name: Microsoft Windows Server 2016
==> amazon-ebs: Pausing after run of step 'StepPreValidate'. Press enter to continue.
    amazon-ebs: Found Image ID: ami-f0df538f
==> amazon-ebs: Pausing after run of step 'StepSourceAMIInfo'. Press enter to continue.
==> amazon-ebs: Using existing SSH private key
==> amazon-ebs: Pausing after run of step 'StepKeyPair'. Press enter to continue.
==> amazon-ebs: Pausing after run of step 'StepSecurityGroup'. Press enter to continue.
==> amazon-ebs: Pausing after run of step 'stepCleanupVolumes'. Press enter to continue.
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Adding tags to source instance
    amazon-ebs: Adding tag: "Name": "Packer Builder"

    amazon-ebs: Instance ID: i-0498408e22b2fa231
==> amazon-ebs: Waiting for instance (i-0498408e22b2fa231) to become ready...
    amazon-ebs: Private IP: 10.23.3.61
==> amazon-ebs: Pausing after run of step 'StepRunSourceInstance'. Press enter to continue. ==> amazon-ebs: Skipping waiting for password since WinRM password set...
==> amazon-ebs: Pausing after run of step 'StepGetPassword'. Press enter to continue.
==> amazon-ebs: Waiting for WinRM to become available...**

Please paste this in a gist https://gist.github.com
The Scripts

{
     "builders": [{

        "type": "amazon-ebs",
        "access_key": “”,
        "secret_key": “”,
        "region": "us-east-1",
         "ssh_keypair_name": "packer_testing",
        "ssh_private_key_file": "packer_testing.pem",
        "source_ami": "ami-f0df538f",
        "instance_type": "m3.medium",
        "ami_name": "Microsoft Windows Server 2016 ",
        "user_data_file": "./ec2-userdata1.ps1",
        "communicator": "winrm",
        "winrm_username": "admin_raxxxxx",
          "winrm_password": "xxxxxxxxx",
           "winrm_timeout": "1h",
        "winrm_use_ssl": true,
        "winrm_insecure": true,
                             "winrm_use_ntlm": true,
                             "ssh_interface": "private_dns",
                             "vpc_id": "xxxxxxxx",
                             "subnet_id": "xxxxxxxxx",
                             "security_group_id": "xxxxxxxx"                     
    }]

 }

Powershell Scripts 

<powershell>

write-output "Running User Data Script"
write-host "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
bug buildeamazon communicatowinrm question
Source
picture ghost

All 2 comments

@Otsuka-ansible

The formatting of the output above is rather messed up - you should really use GitHub's gists to provide your scripts and templates. However:

cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"

I suspect the firewall is not configured properly.
You are using the old netsh firewall command instead of the new netsh advfirewall.

cmd.exe /c ...

There is no need to use cmd.exe. PowerShell can run these commands directly.

cmd.exe /c winrm quickconfig -q

Don't use winrm quickconfig -q - it can lead to race conditions.

See HERE for an example user_data_file along with netsh advfirewall commands

Also see HERE for a comparison between the old and new firewall commands.

DanHam picture DanHam on 25 May 2018
👍1

@SwampDragons Hopefully the user found the answers they were looking for... however, suggest we now delete as this user is no longer on GitHub...

DanHam picture DanHam on 5 Jun 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shashanksinha89 picture shashanksinha89  ·  3Comments
jesse-c picture jesse-c  ·  3Comments
Nikoos picture Nikoos  ·  3Comments
mwhooker picture mwhooker  ·  3Comments
mushon4 picture mushon4  ·  3Comments