Remote-Exec Unable to Connect via WinRM

dfoley84 · July 10, 2019, 9:54pm

While create an EC2 Windows Instance, while trying to connect via WinRM Terraform doesn’t seem to be able to Connect:

aws_instance.Windows_Server (remote-exec): Host:
aws_instance.Windows_Server (remote-exec): Port: 5985
aws_instance.Windows_Server (remote-exec): User: administrator
aws_instance.Windows_Server (remote-exec): Password: true
aws_instance.Windows_Server (remote-exec): HTTPS: false
aws_instance.Windows_Server (remote-exec): Insecure: true
aws_instance.Windows_Server (remote-exec): NTLM: false
aws_instance.Windows_Server (remote-exec): CACert: false
aws_instance.Windows_Server: Still creating… (2m10s elapsed)
aws_instance.Windows_Server: Still creating… (2m20s elapsed)
aws_instance.Windows_Server (remote-exec): Connecting to remote host via WinRM…
aws_instance.Windows_Server (remote-exec): Host:
aws_instance.Windows_Server (remote-exec): Port: 5985
aws_instance.Windows_Server (remote-exec): User: administrator
aws_instance.Windows_Server (remote-exec): Password: true
aws_instance.Windows_Server (remote-exec): HTTPS: false
aws_instance.Windows_Server (remote-exec): Insecure: true
aws_instance.Windows_Server (remote-exec): NTLM: false
aws_instance.Windows_Server (remote-exec): CACert: false
aws_instance.Windows_Server: Still creating… (2m30s elapsed)
aws_instance.Windows_Server: Still creating… (2m40s elapsed)
aws_instance.Windows_Server (remote-exec): Connecting to remote host via WinRM…
aws_instance.Windows_Server (remote-exec): Host:
aws_instance.Windows_Server (remote-exec): Port: 5985
aws_instance.Windows_Server (remote-exec): User: administrator
aws_instance.Windows_Server (remote-exec): Password: true
aws_instance.Windows_Server (remote-exec): HTTPS: false
aws_instance.Windows_Server (remote-exec): Insecure: true
aws_instance.Windows_Server (remote-exec): NTLM: false
aws_instance.Windows_Server (remote-exec): CACert: false
aws_instance.Windows_Server: Still creating… (2m50s elapsed)
aws_instance.Windows_Server: Still creating… (3m0s elapsed)
aws_instance.Windows_Server (remote-exec): Connecting to remote host via WinRM…
aws_instance.Windows_Server (remote-exec): Host:
aws_instance.Windows_Server (remote-exec): Port: 5985
aws_instance.Windows_Server (remote-exec): User: administrator
aws_instance.Windows_Server (remote-exec): Password: true
aws_instance.Windows_Server (remote-exec): HTTPS: false
aws_instance.Windows_Server (remote-exec): Insecure: true
aws_instance.Windows_Server (remote-exec): NTLM: false
aws_instance.Windows_Server (remote-exec): CACert: false
aws_instance.Windows_Server: Still creating… (3m10s elapsed)
aws_instance.Windows_Server: Still creating… (3m20s elapsed)
aws_instance.Windows_Server (remote-exec): Connecting to remote host via WinRM…
aws_instance.Windows_Server (remote-exec): Host:
aws_instance.Windows_Server (remote-exec): Port: 5985
aws_instance.Windows_Server (remote-exec): User: administrator
aws_instance.Windows_Server (remote-exec): Password: true
aws_instance.Windows_Server (remote-exec): HTTPS: false
aws_instance.Windows_Server (remote-exec): Insecure: true
aws_instance.Windows_Server (remote-exec): NTLM: false
aws_instance.Windows_Server (remote-exec): CACert: false
aws_instance.Windows_Server: Still creating… (3m30s elapsed)
aws_instance.Windows_Server: Still creating… (3m40s elapsed)
aws_instance.Windows_Server (remote-exec): Connecting to remote host via WinRM…
aws_instance.Windows_Server (remote-exec): Host:
aws_instance.Windows_Server (remote-exec): Port: 5985
aws_instance.Windows_Server (remote-exec): User: administrator
aws_instance.Windows_Server (remote-exec): Password: true
aws_instance.Windows_Server (remote-exec): HTTPS: false
aws_instance.Windows_Server (remote-exec): Insecure: true
aws_instance.Windows_Server (remote-exec): NTLM: false
aws_instance.Windows_Server (remote-exec): CACert: false
aws_instance.Windows_Server: Still creating… (3m50s elapsed)
Interrupt received.
Please wait for Terraform to exit or data loss may occur.
Gracefully shutting down…
stopping operation…

Trying to run the following Command:

provisioner "remote-exec"{
    connection {
    type = "winrm"
    timeout = "10m"
    insecure = "true"
    agent    = "false"
    user = "${var.Administrator}"
    password = "${var.admin_password}"
  }

  inline = [
          "choco install -y git.install",
          "choco install -y install firefox",
          "choco install -y googlechrome",
          "choco install -y winscp",
          "choco install -y notepadplusplus.install",
          "choco install -y visionapp --version 9.0.5222"
     ]
}

nic · July 11, 2019, 8:15am

I think WinRM is not enabled by default and before you can use the remote provisioner you need to configure it. On Azure this is typically done through VM extensions which are post provisioning steps to execute a powershell script.

I have not tried this in AWS but the process should be similar but by setting UserData. You will also need to ensure that the routing and firewall rules are set after WinRM has been enabled.

This link seems to have some good info on how you do this with Packer, maybe the powershell script to enable WinRM can also be used in the UserData.

Also this example looks pretty good, it has a good example of using UserData and also the network configuration.

github.com

dhoer/terraform_examples/blob/master/aws-winrm-instance/main.tf

# Specify the provider and access details
provider "aws" {
  region = "${var.aws_region}"
}

# Default security group to access the instances via WinRM over HTTP and HTTPS
resource "aws_security_group" "default" {
  name        = "terraform_example"
  description = "Used in the terraform"

  # WinRM access from anywhere
  ingress {
    from_port   = 5985
    to_port     = 5986
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # outbound internet access
  egress {

This file has been truncated. show original

shantanugadgil · July 11, 2019, 8:48am

Good blog, but the “quickconfig” setting sometimes fails. The following documentation explains why:

rnaveenr · July 12, 2019, 8:02pm

This looks like a typical issue with WinRM. Are you sure WinRM is configured properly on 5985?
Also, in the Connection section, could you please try specifying few more things:

Remove double quotes from boolean values. It works either ways. Just want to make sure
Add Port = “5985”
Add https = false
Add ntlm = false
Add host =

Also, please run winrm enumerate winrm/config/listener on your image to ensure it’s pre-configured or add it in the first time run to ensure the listener is configured.

Topic		Replies	Views
Can we connect aws ec2 windows instance using terraform AWS	1	171	July 29, 2024
EC2 Windows Server: can't make winrm remote-exec provisioner to work with the auto-generated Administrator password Terraform connect	2	1853	November 17, 2021
Terraform provisioner "file" and "remote-exec" not working Terraform	0	793	April 15, 2020
Remote-exec not letting me ssh? Terraform	0	406	July 9, 2020
TCP SSH timeout while running remote_exec on AWS instance Terraform	2	3033	February 23, 2021

Remote-Exec Unable to Connect via WinRM

Related topics