WinRM connection err: http response error: 401 - invalid content type

[Sagar Jadhav]

Hi,

I am trying to build a packer using CIS Benchmark 2016 hardened windows image from AWS market place using docker container running ansible integrated with CircleCi tool. I had referred the code https://gist.github.com/SwampDragons/a0044e88c614a507a533ee9323cf8e0c provided here https://github.com/hashicorp/packer/issues/9003

I tested this code locally on Macbook and found it is working where WinRM is able to established a connection with packer however, when I run the same code using my github account which is integrated with CircleCi running on docker container, WinRM is just simply failed to connect to packer instance with an error "WinRM connection err: http response error: 401 - invalid content type" . 

Also I wondered when i had built packer using below packer userdata locally on my macbook and ran "winrm get winrm/config" it doesn't even make any changes to "AllowUnencrypted" and "basic" auth for client and service config. The winrm output shows those parameters are blocked by [Source="GPO"]. I am not sure how it works locally but it works?

Well, my problem is WinRM failed to connect on docker container using ansible which is integrated with CirccleCi.

Eg:- WinRM Output of packer instance ran locally on machine:-

  Client

        NetworkDelayms = 5000

        URLPrefix = wsman

        AllowUnencrypted = false [Source="GPO"]

        Auth

            Basic = false [Source="GPO"]

Note:- The above output can been seen on packer instance built by CircleCi docker container.

packer userdata is :-

<powershell>

# MAKE SURE IN YOUR PACKER CONFIG TO SET:

#    "winrm_username": "Administrator",

#    "winrm_insecure": true,

#    "winrm_use_ssl": true,

#

write-output "Running User Data Script"

write-host "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error

$ErrorActionPreference = "stop"

# Remove HTTP listener

Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

# Create a self-signed certificate to let ssl work

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"

New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM

write-output "Setting up WinRM"

write-host "(host) setting up WinRM"

winrm quickconfig -q

winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'

winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'

winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'

winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'

winrm set "winrm/config/service/auth" '@{Basic="true"}'

winrm set "winrm/config/client/auth" '@{Basic="true"}'

winrm set "winrm/config/service/auth" '@{CredSSP="true"}'

winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"

netsh advfirewall firewall set rule group="remote administration" new enable=yes

netsh firewall add portopening TCP 5986 "Port 5986"

stop-service winrm

set-service -name winrm -startuptype Automatic

start-service winrm

</powershell>

I have also attached packer.json and packer inventory file which is being referred by an ansible. Can someone review the attached files and let me know if I am missing something here?

Appreciate your inputs. Thanks.

Regards,

Sagar

[Sylvia Moss]

Hi! Which Packer version are you using? 

[Sagar Jadhav]

Hi,

I am using packer version 1.2.4

Sagar

[Sagar Jadhav]

Also in addition CircleCI docker image details below;

90e6981e9781:/usr/local/bin# uname -a

Linux 90e6981e9781 4.15.0-1052-aws #54-Ubuntu SMP Tue Oct 1 15:43:26 UTC 2019 x86_64 Linux

90e6981e9781:/usr/local/bin# cat /etc/os-release

NAME="Alpine Linux"

ID=alpine

VERSION_ID=3.7.0

PRETTY_NAME="Alpine Linux v3.7"

HOME_URL="http://alpinelinux.org"

BUG_REPORT_URL="http://bugs.alpinelinux.org"

90e6981e9781:/usr/local/bin#

90e6981e9781:/usr/local/bin# packer --version

1.2.4

90e6981e9781:/usr/local/bin#

Sagar