WinRM connection err: http response error: 503 - invalid content type

[Khalid Hosein]

Hello,

I'm building Windows AMIs in AWS, and am having trouble connecting via WinRM to Win 2012 and 2016 versions. However, the same configs work for Win 2008 R2.

When I enabled Packer debugging, I see the following errors (repeated until it hits the winrm_timeout):

2017/09/01 18:18:19 packer: 2017/09/01 18:18:19 [ERROR] connection error: http response error: 503 - invalid content type
2017/09/01 18:18:19 packer: 2017/09/01 18:18:19 [ERROR] WinRM connection err: http response error: 503 - invalid content type

(BTW, searching for these errors either associated with 'winrm' and/or 'packer' does not return much. I also have a sense that the 'invalid content type' message is returned from Go.)

Running packer build using Linux' strace didn't produce anything valuable.

When the temporary instance boots, I can connect successfully to the WinRM port including using the _pywinrm_ library to create a session using the credentials in my JSON config, so I know that my user data script is successfully enabling WinRM and setting the credentials.

Is there something in particular that changed since Windows 2008? 

Is there a neat way to capture the WinRM commands/traffic that Packer is sending/receiving?

Thanks!

-- Khalid

[Matthew Hooker]

Can you post your script for enabling winrm? It should look something like

<powershell>

winrm quickconfig -q

winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'

winrm set winrm/config '@{MaxTimeoutms="1800000"}'

winrm set winrm/config/service '@{AllowUnencrypted="true"}'

winrm set winrm/config/service/auth '@{Basic="true"}'

netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow

netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow

net stop winrm

sc config winrm start=auto

net start winrm

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine

</powershell>

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/dc92c327-457f-43f3-bcd1-c56a0d215c39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Khalid Hosein]

<powershell>

# turn off PowerShell execution policy restrictions

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine

write-output "Running AWS User Data Script"
write-host "(host) Running AWS User Data Script"

# Configure WinRM
# First, remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

cmd.exe /c winrm quickconfig -q
write-output "Setting http transport..."
cmd.exe /c winrm quickconfig '-transport:http'
write-output "setting remainder of winrm configs..."
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="7200000"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTP" '@{Port="5985"}'
write-output "Done with WinRM settings"

cmd.exe /c netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow

cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

# Set temporary Administrator password only for Packer building
net user Administrator 'terriblepw'
wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

</powershell>

I should mention that I can connect successfully via WinRM to the instance when using this script. But for whatever reason Packer can't.

Thanks!

[Khalid Hosein]

Anyone out there successfully using WinRM to provision Windows 2012 or Win 2016 Server?

[Rickard von Essen]

What builder are you using? 

On Sep 12, 2017 19:35, "Khalid Hosein" <kjho...@gmail.com> wrote:

Anyone out there successfully using WinRM to provision Windows 2012 or Win 2016 Server?

--

This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/87b7333a-f9df-46db-a37e-0c43bb68ec45%40googlegroups.com.

[Khalid Hosein]

amazon-ebs

On Tuesday, September 12, 2017 at 3:16:08 PM UTC-4, Rickard von Essen wrote:

What builder are you using? 

On Sep 12, 2017 19:35, "Khalid Hosein" <kjho...@gmail.com> wrote:

Anyone out there successfully using WinRM to provision Windows 2012 or Win 2016 Server?

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

[Rickard von Essen]

This works 

https://github.com/Diabol/packer-demo/blob/master/windows-cloud.json

using Windows Server 2016 

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/8331bed2-68a6-40b1-90ef-49d638dd5f91%40googlegroups.com.

[Khalid Hosein]

TLDR; I finally figured out why this was failing for me: a !@#$%ing web proxy! 

The 503 error was being returned by the web proxy, not by the Windows servers.

Once my temp Packer-launched instance was booted and the WinRM connectivity was configured via a userdata PowerShell script, Packer was then trying to connect via WinRM to run my various PS scripts, but failing because it was trying to go through the web proxy to get to a private IP address.

My solution was to add the entire subnet's worth of IP address to the no_proxy and NO_PROXY environment variable (luckily only a /24 for me). E.g.:

printf -v no_proxy '%s,' 192.168.42.{1..255};
export no_proxy="169.254.169.254,$no_proxy"
export NO_PROXY=$no_proxy

What's weird is that this worked for a Win2008 image from what I'm 99% sure is the same unaltered server. But I could be dead wrong. 

Anyway, your best friend is Packer debugging. E.g.:

PACKER_LOG=1 PACKER_LOG_PATH=/tmp/packer.log packer build.json

HTH!

[Alvaro Miranda Aguilera]

Hi

Thanks very much to came back and share what you found.

for sure this will help other people now or in the future.

Thanks again,

Alvaro.

--

This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/14a99653-07f7-465d-9416-486e4bba2b7e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alvaro

[ARINDAM HAZRA]

Hello All,

Do we have any solution for this issue yet. I am still getting the same error and not able to move ahead with AMI creation for Windows 2016 in AWS.

My Builder and Provisioner are working fine when we don't use Proxy. But, in my company all our traffic pass  through Proxy and not able to get AMI  created.

Getting error :

 [INFO] Attempting WinRM connection...

 [DEBUG] connecting to remote shell using WinRM

 [ERROR] connection error: http response error: 503 - invalid content type

 [ERROR] WinRM connection err: http response error: 503 - invalid content type

I have tried setting Proxy in Userdata , also, I am using WinRM over HTTP.

Please help!

Thanks,

Arindam

[Khalid Hosein]

Hello Arindam,

Did you read my post with my solution in this thread? I think you should be able to develop a solution based on that. Of course, YMMV.

-- Khalid