i just turned off the windows firewall and still packer is waiting for winrm
Can you please provide some debug information using:
packer build -debug <your-template>.json
could you please provide you current json file?
{
“variables”: {
“vsphere-server”: “xxxxxx”,
“vsphere-user”: “administrator@vsphere.local”,
“vsphere-password”: “xxxxxxx”,
“vsphere-datacenter”: “RW-VA”,
“vsphere-cluster”: “RW-VA”,
“vsphere-network”: “vlan200”,
“vsphere-datastore”: “RW-VA-NIM-VOL1”,
“vsphere-folder”: “Templates/Packer”,
“vm-name”: “Win2016-Packer”,
“vm-cpu-num”: “2”,
“vm-mem-size”: “4096”,
“vm-disk-size”: “60000”,
“winadmin-password”: “xxxxxx”,
“os_iso_path”: “[RW-VA-NIM-ISO] MS/SW_DVD9_Win_Svr_STD_Core_and_DataCtr_Core_2016_64Bit_English_-3_MLF_X21-30350.ISO”,
“vmtools_iso_path”:"[RW-VA-NIM-ISO] VMware/windows.iso"
},
“sensitive-variables”: [“vsphere_password”, “winadmin_password”],
“builders”: [
{
“type”: “vsphere-iso”,
“vcenter_server”: “{{user vsphere-server}}”,
“username”: “{{user vsphere-user}}”,
“password”: “{{user vsphere-password}}”,
“insecure_connection”: “true”,
“datacenter”: “{{user vsphere-datacenter}}”,
“cluster”: “{{user vsphere-cluster}}”,
“network”: “{{user vsphere-network}}”,
“datastore”: “{{user vsphere-datastore}}”,
“folder”: “{{user vsphere-folder}}”,
“convert_to_template”: “true”,
“communicator”: “winrm”,
“winrm_username”: “Administrator”,
“winrm_password”: “{{user winadmin-password}}”,
“vm_name”: “{{user vm-name}}”,
“notes”: “Build via Packer”,
“guest_os_type”: “windows9Server64Guest”,
“CPUs”: “{{user vm-cpu-num}}”,
“RAM”: “{{user vm-mem-size}}”,
“RAM_reserve_all”: true,
“firmware”: “bios”,
“disk_controller_type”: “lsilogic-sas”,
“disk_size”: “{{user vm-disk-size}}”,
“disk_thin_provisioned”: true,
“network_card”: “vmxnet3”,
“iso_paths”: [
“{{user os_iso_path}}”,
“{{user vmtools_iso_path}}”
],
“floppy_files”: [
“autounattend.xml”,
“…/scripts/setup.ps1”,
“…/scripts/disable-network-discovery.cmd”,
“…/scripts/enable-rdp.cmd”,
“…/scripts/install-vm-tools.cmd”
]
}
],
"provisioners": [
{
"type": "windows-shell",
"inline": ["ipconfig"]
}
]
}
What about the debug log?
Content of enable-winrm.ps1:
# First, make sure WinRM can't be connected to
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block
# Delete any existing WinRM listeners
winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null
winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
# Disable group policies which block basic authentication and unencrypted login
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowUnencryptedTraffic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic -Value 1
# Create a new WinRM listener and configure
winrm create winrm/config/listener?Address=*+Transport=HTTP
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
winrm set winrm/config '@{MaxTimeoutms="7200000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'
# Configure UAC to allow privilege elevation in remote shells
$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
$Setting = 'LocalAccountTokenFilterPolicy'
Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force
# Configure and restart the WinRM Service; Enable the required firewall exception
Stop-Service -Name WinRM
Set-Service -Name WinRM -StartupType Automatic
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
Start-Service -Name WinRM
I’m using this code to enable WinRM, running from autounattend.xml
Source:
PACKER_LOG=1 PACKER_LOG_PATH="debug.log" packer build -debug template.json and provide the debug.log, please.
debug1.txt (16.7 KB)
I have found a good troubleshooting article about possible winrm issues (what I think is the case here): http://www.hurryupandwait.io/blog/understanding-and-troubleshooting-winrm-connection-and-authentication-a-thrill-seekers-guide-to-adventure
not sure why but I am using same script on aws 2016 template and I can connect via winrm. but not my vcenter vm
I have found that an extra reboot is sometimes required after the install of the vmTools, before Packer see’s the IP being available.
1 Like
If you install VMWare tools in the Specialize stage, you will get the extra reboot for free.
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/specialize
I just cant communicate via 5985 on winrm. Even though nothing is blocking it. I did telnet test, netstat and nothing is blocking winrm over http