Azure Windows 11 Single user image need a first login

Overview of the Issue

I’m using Packer to generate a Multi User image of Windows 11 (win11-23h2-avd) This use case works well.
I’m using Packer to generate a Single User image of Windows 11 (win11-23h2-pro)

The single user image still being stuck and waiting for a first login onto the virtual machine.
Once you just login to the VM, the process unstuck and keep preparing the image.

image1202×801 109 KB

Here is the screen that we get once we first logon.

Reproduction Steps

Packer init

packer build -force        
-var-file="pipelines/images/Packer/config/northEu/azure-windows-11-SU.pkrvars.hcl"        
-var-file="pipelines/images/Packer/config/northEu/build.pkrvars.hcl"        
pipelines/images/Packer/builds/windows/azure/windows-11/SU 

Plugin and Packer version

Packer v1.9.2

packer {
  required_version = ">= 1.7.7"
  required_plugins {
    azure = {
      version = ">= 1.0.2"
      source  = "github.com/hashicorp/azure"
    }
    windows-update = {
      version = ">= 0.14.0"
      source  = "github.com/rgl/windows-update"
    }
  }
}

Simplified Packer Buildfile

Operating system and Environment details

 Static hostname: ******
       Icon name: computer-vm
         Chassis: vm
      Machine ID: b7a4cde26cd04a9a8b619b977f5368df
         Boot ID: 93be12a3c96b4271a370d04dadf68059
  Virtualization: microsoft
Operating System: Ubuntu 22.04.3 LTS
          Kernel: Linux 6.2.0-1016-azure
    Architecture: x86-64
 Hardware Vendor: Microsoft Corporation
  Hardware Model: Virtual Machine

Logs

azure-arm.agent-source: output will be in this color.

==> azure-arm.agent-source: Running builder ...
    azure-arm.agent-source: Creating Azure Resource Manager (ARM) client ...
==> azure-arm.agent-source: Getting source image id for the deployment ...
==> azure-arm.agent-source:  -> SourceImageName: '/subscriptions/****/providers/Microsoft.Compute/locations/North Europe/publishers/microsoftwindowsdesktop/ArtifactTypes/vmimage/offers/windows-11/skus/win11-23h2-pro/versions/latest'
==> azure-arm.agent-source: Creating resource group ...
==> azure-arm.agent-source:  -> ResourceGroupName : 'pkr-Resource-Group-d6qrzbqshq'
==> azure-arm.agent-source:  -> Location          : 'North Europe'
==> azure-arm.agent-source:  -> Tags              :
==> azure-arm.agent-source: Validating deployment template ...
==> azure-arm.agent-source:  -> ResourceGroupName : 'pkr-Resource-Group-d6qrzbqshq'
==> azure-arm.agent-source:  -> DeploymentName    : 'kvpkrdpd6qrzbqshq'
==> azure-arm.agent-source: Deploying deployment template ...
==> azure-arm.agent-source:  -> ResourceGroupName : 'pkr-Resource-Group-d6qrzbqshq'
==> azure-arm.agent-source:  -> DeploymentName    : 'kvpkrdpd6qrzbqshq'
==> azure-arm.agent-source: Getting the certificate's URL ...
==> azure-arm.agent-source:  -> Key Vault Name        : 'pkrkvd6qrzbqshq'
==> azure-arm.agent-source:  -> Key Vault Secret Name : 'packerKeyVaultSecret'
==> azure-arm.agent-source:  -> Certificate URL       : 'https://pkrkvd6qrzbqshq.vault.azure.net/secrets/packerKeyVaultSecret/9215eca47fce45c2ba0e6866eaf586bf'
==> azure-arm.agent-source: Setting the certificate's URL ...
==> azure-arm.agent-source: Validating deployment template ...
==> azure-arm.agent-source:  -> ResourceGroupName : 'pkr-Resource-Group-d6qrzbqshq'
==> azure-arm.agent-source:  -> DeploymentName    : 'pkrdpd6qrzbqshq'
==> azure-arm.agent-source: Deploying deployment template ...
==> azure-arm.agent-source:  -> ResourceGroupName : 'pkr-Resource-Group-d6qrzbqshq'
==> azure-arm.agent-source:  -> DeploymentName    : 'pkrdpd6qrzbqshq'
==> azure-arm.agent-source: Getting the VM's IP address ...
==> azure-arm.agent-source:  -> ResourceGroupName   : 'pkr-Resource-Group-d6qrzbqshq'
==> azure-arm.agent-source:  -> PublicIPAddressName : 'pkripd6qrzbqshq'
==> azure-arm.agent-source:  -> NicName             : 'pkrnid6qrzbqshq'
==> azure-arm.agent-source:  -> Network Connection  : 'PrivateEndpoint'
==> azure-arm.agent-source:  -> IP Address          : '10.72.2.12'
==> azure-arm.agent-source: Waiting for WinRM to become available...
    azure-arm.agent-source: WinRM connected.
==> azure-arm.agent-source: Connected to WinRM!
==> azure-arm.agent-source: Provisioning with Powershell...
==> azure-arm.agent-source: Provisioning with powershell script: /tmp/powershell-provisioner605831079

And it wait here, forever, waiting for a first logon.

Thank you for your help

have you found a solution? I have a similar issue

Hey @tothger ,

Yes I did.

I’ve prevent the privacy window to appear by setting up a few registry key.

I added a “custom script” in my windows-11.pkr.hcl file as below:

custom_script = "powershell -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -Command \"New-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE' -Name 'PrivacyConsent' -PropertyType DWORD -Value 1; Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE' -Name DisablePrivacyExperience -Value 1; Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name AutoAdminLogon -Value 1; Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultUserName -Value '${var.build_username}'; Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultPassword -Value '${var.build_password}'; Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name EnableFirstLogonAnimation -Value 0; Restart-Computer \""

After this, I disable the autologon using a .ps1 script.