Packer azure-arm build of Windows 2019-Datacenter perpetually "Waiting for WinRM to become available"

ayoungdahl · June 5, 2020, 11:13pm

Hello, I have a case of consistently getting “Waiting for WinRM to become available…” despite absurdly long winrm_timeout values. Oddly, this same build has been successful in the past and also works on portal.azure.us (as opposed the .com). When it has been successful the wait time has been typically 10-15s. I’m not aware of any recent network disruptions. I have a support request open with Microsoft, but am also wondering if anyone in the community has any thoughts on what may be going on here? Pasting the relevant parts of Packerfile.json and log output below.

  "variables": {
    "client_id": "{{env `clientId`}}",
    "client_secret": "{{env `clientSecret`}}",
    "tenant_id": "{{env `ad_tenantId`}}",
    "subscription_id": "{{env `SubscriptionId`}}",
    "location": "{{env `Location`}}",
    "managed_image_resource_group_name": "{{env `ResourceGroupName`}}",
    "image_name": "{{env `imageName`}}",
    "temp_resource_group_name": "packer-Resource-Group-{{uuid}}",
    "owner": "{{env `triggeredUser`}}",
    "published_date": "{{env `publishedDate`}}",

    "chef_version": "14.10.9",
    "runlist": "atf_jenkins_agent_image::default"
  },

  "builders": [{
    "type": "azure-arm",

    "client_id": "{{user `client_id`}}",
    "client_secret": "{{user `client_secret`}}",
    "tenant_id": "{{user `tenant_id`}}",

    "subscription_id": "{{user `subscription_id`}}",
    "cloud_environment_name": "{{user `azure_environment`}}",
    "temp_resource_group_name": "{{user `temp_resource_group_name`}}",
    "managed_image_resource_group_name": "{{user `managed_image_resource_group_name`}}",
    "managed_image_name": "{{user `image_name`}}",

    "os_type": "Windows",
    "location": "{{user `location`}}",
    "image_publisher": "MicrosoftWindowsServer",
    "image_offer": "WindowsServer",
    "image_sku": "2019-Datacenter",
    "image_version": "2019.0.20190603",
    "vm_size": "Standard_D2s_v3",

    "communicator": "winrm",
    "winrm_use_ssl": "true",
    "winrm_insecure": "true",
    "winrm_timeout": "720m",
    "winrm_username": "packer",

    "azure_tags": {
        "dept": "Operations",
        "publishedOn": "{{user `published_date`}}",
        "imageOwner": "{{user `owner`}}"
    }
  }],
...

[2020-06-05T19:34:30.989Z] Executing Build
[2020-06-05T19:34:30.989Z] azure-arm: output will be in this color.
[2020-06-05T19:34:30.989Z] 
[2020-06-05T19:34:30.989Z] ==> azure-arm: Running builder ...
[2020-06-05T19:34:30.989Z] ==> azure-arm: Getting tokens using client secret
[2020-06-05T19:34:30.989Z] ==> azure-arm: Getting tokens using client secret
[2020-06-05T19:34:30.989Z]     azure-arm: Creating Azure Resource Manager (ARM) client ...
[2020-06-05T19:34:30.989Z] ==> azure-arm: WARNING: Zone resiliency may not be supported in EastUS2, checkout the docs at https://docs.microsoft.com/en-us/azure/availability-zones/
[2020-06-05T19:34:30.989Z] ==> azure-arm: Creating resource group ...
[2020-06-05T19:34:30.989Z] ==> azure-arm:  -> ResourceGroupName : 'packer-Resource-Group-5eda9e3e-e286-699d-d3ba-33cd0693f978'
[2020-06-05T19:34:30.989Z] ==> azure-arm:  -> Location          : 'EastUS2'
[2020-06-05T19:34:30.989Z] ==> azure-arm:  -> Tags              :
[2020-06-05T19:34:30.989Z] ==> azure-arm:  ->> publishedOn : 20200605
[2020-06-05T19:34:30.989Z] ==> azure-arm:  ->> imageOwner : andrew.youngdahl
[2020-06-05T19:34:30.989Z] ==> azure-arm:  ->> dept : Operations
[2020-06-05T19:34:30.989Z] ==> azure-arm: Validating deployment template ...
[2020-06-05T19:34:30.989Z] ==> azure-arm:  -> ResourceGroupName : 'packer-Resource-Group-5eda9e3e-e286-699d-d3ba-33cd0693f978'
[2020-06-05T19:34:30.989Z] ==> azure-arm:  -> DeploymentName    : 'pkrdpw976qupd1z'
[2020-06-05T19:34:30.989Z] ==> azure-arm: Deploying deployment template ...
[2020-06-05T19:34:30.989Z] ==> azure-arm:  -> ResourceGroupName : 'packer-Resource-Group-5eda9e3e-e286-699d-d3ba-33cd0693f978'
[2020-06-05T19:34:30.989Z] ==> azure-arm:  -> DeploymentName    : 'kvpkrdpw976qupd1z'
[2020-06-05T19:35:27.224Z] ==> azure-arm: Getting the certificate's URL ...
[2020-06-05T19:35:27.224Z] ==> azure-arm:  -> Key Vault Name        : 'pkrkvw976qupd1z'
[2020-06-05T19:35:27.224Z] ==> azure-arm:  -> Key Vault Secret Name : 'packerKeyVaultSecret'
[2020-06-05T19:35:27.490Z] ==> azure-arm:  -> Certificate URL       : 'https://pkrkvw976qupd1z.vault.azure.net/secrets/packerKeyVaultSecret/2d9cd2e4d4664faabfdf6dfbc482fcd1'
[2020-06-05T19:35:27.490Z] ==> azure-arm: Setting the certificate's URL ...
[2020-06-05T19:35:27.491Z] ==> azure-arm: Validating deployment template ...
[2020-06-05T19:35:27.491Z] ==> azure-arm:  -> ResourceGroupName : 'packer-Resource-Group-5eda9e3e-e286-699d-d3ba-33cd0693f978'
[2020-06-05T19:35:27.491Z] ==> azure-arm:  -> DeploymentName    : 'pkrdpw976qupd1z'
[2020-06-05T19:35:28.431Z] ==> azure-arm: Deploying deployment template ...
[2020-06-05T19:35:28.431Z] ==> azure-arm:  -> ResourceGroupName : 'packer-Resource-Group-5eda9e3e-e286-699d-d3ba-33cd0693f978'
[2020-06-05T19:35:28.431Z] ==> azure-arm:  -> DeploymentName    : 'pkrdpw976qupd1z'
[2020-06-05T19:36:36.117Z] ==> azure-arm: Getting the VM's IP address ...
[2020-06-05T19:36:36.117Z] ==> azure-arm:  -> ResourceGroupName   : 'packer-Resource-Group-5eda9e3e-e286-699d-d3ba-33cd0693f978'
[2020-06-05T19:36:36.117Z] ==> azure-arm:  -> PublicIPAddressName : 'pkripw976qupd1z'
[2020-06-05T19:36:36.117Z] ==> azure-arm:  -> NicName             : 'pkrniw976qupd1z'
[2020-06-05T19:36:36.117Z] ==> azure-arm:  -> Network Connection  : 'PublicEndpoint'
[2020-06-05T19:36:36.117Z] ==> azure-arm:  -> IP Address          : 'PUB.IP.EDITED.OUT'
[2020-06-05T19:36:36.117Z] ==> azure-arm: Waiting for WinRM to become available...

ayoungdahl · June 8, 2020, 2:35pm

I came across this thread https://github.com/danielsollondon/azvmimagebuilder/issues/14#issuecomment-577856888

Following some advice from the thread I changed "vm_size": "Standard_D2s_v3" to "vm_size": "Standard_D2_v3". So far this appears to work.

kirannhegde · June 17, 2020, 9:33am

Hello @ayoungdahl I am still running into the issue were Packer waits with the message:
“Waiting for WinRM to become available” and then eventually times out.

I am using the following details for the build:
Standard_D2_v3, region: UKSouth, image_sku = ‘2019-Datacenter’

I have tried the following:
-A post at https://github.com/hashicorp/packer/issues/8650 suggested that WinRM cannot connect using a user other than Administrator. Hence, i used the Powershell script to configure WinRM. The PowerShell script can be found at: https://gist.github.com/GloverChris/d28280d41278d4a7753b77cc248ec2ac

Unfortunately, when using the “Administrator” user in the Powershell script, the build failed with the message:
“The Admin username specified is not allowed”

What am i doing wrong?
Do i need to configure something as part of the first boot for WinRM to connect successfully?

Thanks,
Kiran Hegde

Here is my json file:
{
“builders”: [{
“type”: “azure-arm”,

    "client_id": "{{user `client_id`}}",
    "client_secret": "{{user `client_secret`}}",
	"subscription_id": "{{user `subscription_id`}}",
    "tenant_id": "{{user `tenant_id`}}",
    
    "build_resource_group_name": "{{user `build_resource_group_name`}}", 
    "managed_image_resource_group_name": "{{user `managed_image_resource_group_name`}}",
    "managed_image_name": "Packer-BuildAgent-cvad-{{isotime \"200601020304\"}}",
	  
    "os_type": "{{user `os_type`}}",
    "image_publisher": "{{user `image_publisher`}}",
    "image_offer": "{{user `image_offer`}}",
    "image_sku": "{{user `image_sku`}}",
  
    "communicator": "winrm",
    "winrm_insecure": true,
    "winrm_timeout": "30m",
    "winrm_username": "packer",
	
	
	"azure_tags": {
        "dept": "Engineering",
		"org": "SES-Build",
        "task": "SES Build agent"
    },
  
    "os_disk_size_gb": "{{user `os_disk_size_gb`}}",
    "vm_size": "{{user `vm_size`}}",
	"virtual_network_name": "{{user `virtual_network_name`}}",
	"virtual_network_subnet_name": "{{user `virtual_network_subnet_name`}}",
	"virtual_network_resource_group_name": "{{user `virtual_network_resource_group_name`}}"
	
	
  }],

  "provisioners": [
	   {
		  "type": "powershell",
		  "inline": [
			"Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))",
			"refreshenv"
		  ]
	   },
	   {
		  "type": "powershell",
		  "inline": [
		    "Set-ExecutionPolicy -ExecutionPolicy Unrestricted  -Force",
		    "New-Item -Path $env:userprofile\\AppData\\Local\\ChocoCache -ItemType directory -Force",
			"New-Item -Path $env:userprofile\\AppData\\Local\\ChocoCache\\Logs -ItemType directory -Force",
			"choco config set cacheLocation $env:userprofile\\AppData\\Local\\ChocoCache",
			"choco feature enable -n=allowGlobalConfirmation"
		   
		]
	   },
	   {
		  "type": "powershell",
		  "inline": [
		    "Add-WindowsFeature Web-Server",
		    "& $env:SystemRoot\\System32\\Sysprep\\Sysprep.exe /oobe /generalize /quiet /quit",
		    "while($true) { $imageState = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State | Select ImageState; if($imageState.ImageState -ne 'IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE') { Write-Output $imageState.ImageState; Start-Sleep -s 10  } else { break } }"
		]
	   }
  ]
}