Waiting for auto-generated password for instance

Hello,

I am trying to build a Windows 2016 AWS AMI from a source AMI with amazon-ebs builder but the build is stuck in : Waiting for auto-generated password for instance…

I have tried to change the timeout with windows_password_timeout from 20m to 1h but even after 1h, the build is still stuck at the same step.

My packer version is 1.7.5.

I have already checked multiple times the security group rules of my gitlab runner and my packer instance and everything is OK.

Any idea ?

==> amazon-ebs: Waiting for instance (i-05a74f1689d8d4c97) to become ready…
==> amazon-ebs: Waiting for auto-generated password for instance…
amazon-ebs: It is normal for this process to take up to 15 minutes,
amazon-ebs: but it usually takes around 5. Please wait.
==> amazon-ebs: Timeout waiting for password.
==> amazon-ebs: Terminating the source AWS instance…
==> amazon-ebs: Cleaning up any extra volumes…
==> amazon-ebs: Destroying volume (vol-0e56e9047144eed62)…
==> amazon-ebs: Destroying volume (vol-05294e605ebaf5ceb)…
==> amazon-ebs: Destroying volume (vol-07208b5ddc5f65c9a)…
Buil

d 'amazon-ebs' errored after 20 minutes 49 seconds: Timeout waiting for password.

Here is my user data script :

<powershell>
# Block WinRM connection
Disable-NetFirewallRule -DisplayName 'Windows Remote Management (HTTP-In)'
Disable-NetFirewallRule -DisplayName 'Windows Remote Management (HTTPS-In)' -ErrorAction 'SilentlyContinue'

# Install PowerShell 7
Invoke-Command -ScriptBlock { Invoke-Expression -Command "& { $(Invoke-RestMethod -Uri "https://aka.ms/install-powershell.ps1") } -UseMSI -Quiet -AddExplorerContextMenu -EnablePSRemoting"}

# Remove all listeners
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

# Create HTTPS listener
$computerFqdn = [System.Net.Dns]::GetHostByName($env:computerName).HostName.ToLower()
$certificate = (New-SelfSignedCertificate -DnsName $computerFqdn -CertStoreLocation 'Cert:\LocalMachine\My' -ErrorAction 'Stop')
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -HostName $computerFqdn -CertificateThumbPrint $certificate.Thumbprint -Force

# Configure WinRM
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config '@{MaxEnvelopeSizekb="16384"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{CredSSP="true"}'
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}'

# Configure UAC to allow privilege elevation in remote shells
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'LocalAccountTokenFilterPolicy' -Value 1 -Force

# Restart WinRM and allow connection
Stop-Service -Name 'WinRM'
Set-Service -Name 'WinRM' -StartupType 'Automatic'
try {
  Get-NetFirewallRule -DisplayName 'Windows Remote Management (HTTPS-In)' -ErrorAction 'Stop' | Out-Null
} catch {
  New-NetFirewallRule -DisplayName 'Windows Remote Management (HTTPS-In)' -Direction 'Inbound' -Profile 'Any' -Action Allow -LocalPort @('5986') -Protocol 'TCP' | Out-Null
}
Enable-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)"
Start-Service -Name 'WinRM'
</powershell>
<persist>true</persist>