Winrm Authorization Error (Vagrant + Openstack)

[Mateusz Janiszewski]

I successfully created an Openstack instance (Windows Server 2012) via Vagrant with vagrant-openstack-provider plugin. The problem is I would like it to be provisioned via Winrm to run some powershell scripts.

I'm using vagrant ver. 1.7.4.

I configured TrustedHosts on both the Instance and my Workstation. The Error I get when running: vagrant provision --debug look like this

DEBUG winrmshell: powershell executing: hostname if ($?) { exit 0 } else { if($LASTEXITCODE) { exit $LASTEXITCODE } else { exit 1 } } INFO winrmshell: Attempting to connect to WinRM... INFO winrmshell: - Host: <ip address of the instance> INFO winrmshell: - Port: 5985 INFO winrmshell: - Username: <DOMAIN\USER> INFO winrmshell: - Transport: plaintext INFO retryable: Retryable exception raised: #<WinRM::WinRMAuthorizationError: WinRM::WinRMAuthorizationError> DEBUG winrmshell: powershell executing: hostname if ($?) { exit 0 } else { if($LASTEXITCODE) { exit $LASTEXITCODE } else { exit 1 } } INFO retryable: Retryable exception raised: #<WinRM::WinRMAuthorizationError: WinRM::WinRMAuthorizationError> DEBUG winrmshell: powershell executing: hostname

The Weird thing is that entering remote session works just fine:

Enter-PSSession -ComputerName <ip address of the instance> -Credential <DOMAIN\USER>

In my Vagrantfile I have:

config.vm.define :client do |clt|
    clt.vm.provider :openstack do |os|
        os.openstack_auth_url       = 'https://<ip address for my openstack>:5000/v2.0/'
        os.username                 = '<DOMAIN\USER>'
        os.password                 = '<PASS>'

        os.tenant_name              = 'Tenant'
        os.flavor                   = 'm1.large'
        os.image                    = 'Windows2012'

        os.server_create_timeout    = 600
        #os.ssh_disabled                = 'true'
    end

    clt.vm.hostname = "client"      
    clt.vm.boot_timeout = 600
    clt.vm.guest = :windows
    clt.vm.communicator = "winrm"
    clt.winrm.username = "<DOMAIN\USER>"
    clt.winrm.password = "<PASS>"
    clt.winrm.guest_port = "5985"

    clt.vm.network :forwarded_port, guest: 5985, host: 5985, id: "winrm", auto_correct:true
    clt.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct:true 
    clt.vm.network "forwarded_port", host: 4444, guest: 44311
    clt.vm.network "forwarded_port", host: 8080, guest: 80
    clt.vm.network "forwarded_port", host: 4443, guest: 443

    clt.vm.provision :shell do |s|
        s.path = "script.ps1"
    end
    end

Any ideas why this happens?

[Asia Jędrychowska]

Mateusz,

you are trying to use basic authentication on Windows (" INFO winrmshell: - Transport: plaintext") while authenticating with a domain user. It's not going to work.

To workaround you need to have a local admin user (eg. Administrator) which allows for basic auth.