Packer WinRM timeout

Packer
1

Hi everyone,

Been trying to run Packer to configure some Windows images (Server 2022 and Windows 11 Enterprise) for testing purposes but I’m hitting some issues with WinRM timing out.

This is my first time using this solution, but as far as I can see the setup is ok on the base image I’m using for both systems.

WinRM has been setup with basic authentication to eliminate possible issues regarding certificates and TLS.

Packer is 1.7.10.

WinRM setup

winrm qc
Enable-PSRemoting -SkipNetworkProfileCheck -Force
Set-NetConnectionProfile -NetworkCategory Private
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/client '@{AllowUnencrypted="true"}'
Set-Item WSMan:localhost\client\trustedhosts -value *

Packer builder block

  "sensitive-variables": ["winrm_password"],
  "builders": [
    {
      "output_directory": "output",
      "output_filename": "{{user `vm_name`}}",

      "type": "virtualbox-ovf",
      "format": "ova",
      "source_path": "/local/repository/templates/{{user `vm_template`}}",

      "communicator": "winrm",
      "winrm_host": "{{user `winrm_host`}}",
      "winrm_username": "{{user `winrm_username`}}",
      "winrm_password": "{{user `winrm_password`}}",
      "ssh_skip_nat_mapping": false,
      "winrm_insecure": true,
      "winrm_port": 5985,

      "headless": true,
      "guest_additions_mode": "disable",

      "shutdown_command": "C:/shutdown.bat",
      "shutdown_timeout": "30m"
    }
  ],

Pipeline log

2022/04/26 19:10:01 packer-builder-virtualbox-ovf plugin: [DEBUG] connecting to remote shell using WinRM
2022/04/26 19:10:01 packer-builder-virtualbox-ovf plugin: [ERROR] connection error: unknown error Post "http://HOSTNAME:2345/wsman": dial tcp: lookup HOSTNAME on 10.0.10.81:53: server misbehaving
2022/04/26 19:10:01 packer-builder-virtualbox-ovf plugin: [ERROR] WinRM connection err: unknown error Post "http://HOSTNAME:2345/wsman": dial tcp: lookup HOSTNAME on 10.0.10.81:53: server misbehaving
==> virtualbox-ovf: Timeout waiting for WinRM.

Any pointers are appreciated.

2

Is the system’s name HOSTNAME? It’s almost like it has no idea what the name of the system is, and is checking DNS for the information, and can’t find a computer with the name “HOSTNAME”.

3

Thanks for the reply @SweetestSufferance

Exactly. It’s just a placeholder but that’s supposed to be the hostname defined in the .ova.
What you’re saying makes perfect sense to me, but I can’t seem to find anything pointing to what may be influencing the hostname not being recognized.

Is it possible to use an IP instead, like 127.0.0.1?

4

So 127.0.0.1 is just the loopback adapter. Not sure if that would work or not. It almost seems like the winrm_host variable isn’t sending the

"winrm_host": "{{user `winrm_host`}}",

This is what I have for Azure:

"communicator": "winrm",
"winrm_use_ssl": "true",
"winrm_insecure": "true",
"winrm_timeout": "15m",
"winrm_username": "{{user `winrm_user`}}"

Unfortunately, I haven’t set up our vSphere environment yet, just AWS and Azure. And I haven’t looked into virtualbox as of yet, as it’s not really in our environment.

Here is what I have for our WinRM setup for a different environment:

write-output "Running User Data Script"
write-output "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "whateveryouwant"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

#Write-Host "Disable UAC"
New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -PropertyType DWord -Value 0 -Force
New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -PropertyType DWord -Value 0 -Force

# WinRM
write-output "Setting up WinRM"
write-output "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"whateveryouwant`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

Maybe if I can find some spare time, I can try to build something up. Not sure how long that will take me. :slight_smile:

I’ll see if I can find what I’m using for WinRM for the AWS builders. I believe it’s similar, if not exactly the same, but maybe using batch instead of Powershell.

Hopefully something in here will help.

5

Using 127.0.0.1 instead of the hostname in winrm_host seemed to do the trick, at least so far. Still have some more cases do test.
Not really sure why it can resolve the hostname that was set in the .ova but that seems to be the problem.

1 Like
6

I suppose you could probably use write-verbose verbose and write out the HOSTNAME and maybe Env:ComputerName to see what both are showing up as.