Windows 2016 vsphere packer template getting stuck

i just turned off the windows firewall and still packer is waiting for winrm

Can you please provide some debug information using:
packer build -debug <your-template>.json

could you please provide you current json file?

“variables”: {
“vsphere-server”: “xxxxxx”,
“vsphere-user”: “administrator@vsphere.local”,
“vsphere-password”: “xxxxxxx”,
“vsphere-datacenter”: “RW-VA”,
“vsphere-cluster”: “RW-VA”,
“vsphere-network”: “vlan200”,
“vsphere-datastore”: “RW-VA-NIM-VOL1”,
“vsphere-folder”: “Templates/Packer”,
“vm-name”: “Win2016-Packer”,
“vm-cpu-num”: “2”,
“vm-mem-size”: “4096”,
“vm-disk-size”: “60000”,
“winadmin-password”: “xxxxxx”,
“os_iso_path”: “[RW-VA-NIM-ISO] MS/SW_DVD9_Win_Svr_STD_Core_and_DataCtr_Core_2016_64Bit_English_-3_MLF_X21-30350.ISO”,
“vmtools_iso_path”:"[RW-VA-NIM-ISO] VMware/windows.iso"

“sensitive-variables”: [“vsphere_password”, “winadmin_password”],

“builders”: [
“type”: “vsphere-iso”,
“vcenter_server”: “{{user vsphere-server}}”,
“username”: “{{user vsphere-user}}”,
“password”: “{{user vsphere-password}}”,
“insecure_connection”: “true”,
“datacenter”: “{{user vsphere-datacenter}}”,
“cluster”: “{{user vsphere-cluster}}”,
“network”: “{{user vsphere-network}}”,
“datastore”: “{{user vsphere-datastore}}”,
“folder”: “{{user vsphere-folder}}”,
“convert_to_template”: “true”,
“communicator”: “winrm”,
“winrm_username”: “Administrator”,
“winrm_password”: “{{user winadmin-password}}”,
“vm_name”: “{{user vm-name}}”,
“notes”: “Build via Packer”,
“guest_os_type”: “windows9Server64Guest”,
“CPUs”: “{{user vm-cpu-num}}”,
“RAM”: “{{user vm-mem-size}}”,
“RAM_reserve_all”: true,
“firmware”: “bios”,
“disk_controller_type”: “lsilogic-sas”,
“disk_size”: “{{user vm-disk-size}}”,
“disk_thin_provisioned”: true,
“network_card”: “vmxnet3”,
“iso_paths”: [
“{{user os_iso_path}}”,
“{{user vmtools_iso_path}}”
“floppy_files”: [

"provisioners": [
    "type": "windows-shell",
     "inline": ["ipconfig"]


What about the debug log?

Content of enable-winrm.ps1:

# First, make sure WinRM can't be connected to
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block

# Delete any existing WinRM listeners
winrm delete winrm/config/listener?Address=*+Transport=HTTP  2>$Null
winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null

# Disable group policies which block basic authentication and unencrypted login

Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowUnencryptedTraffic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic -Value 1

# Create a new WinRM listener and configure
winrm create winrm/config/listener?Address=*+Transport=HTTP
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
winrm set winrm/config '@{MaxTimeoutms="7200000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'

# Configure UAC to allow privilege elevation in remote shells
$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
$Setting = 'LocalAccountTokenFilterPolicy'
Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force

# Configure and restart the WinRM Service; Enable the required firewall exception
Stop-Service -Name WinRM
Set-Service -Name WinRM -StartupType Automatic
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
Start-Service -Name WinRM

I’m using this code to enable WinRM, running from autounattend.xml

PACKER_LOG=1 PACKER_LOG_PATH="debug.log" packer build -debug template.json and provide the debug.log, please.

debug1.txt (16.7 KB)

I have found a good troubleshooting article about possible winrm issues (what I think is the case here):

not sure why but I am using same script on aws 2016 template and I can connect via winrm. but not my vcenter vm

I have found that an extra reboot is sometimes required after the install of the vmTools, before Packer see’s the IP being available.

1 Like

If you install VMWare tools in the Specialize stage, you will get the extra reboot for free.

I just cant communicate via 5985 on winrm. Even though nothing is blocking it. I did telnet test, netstat and nothing is blocking winrm over http