Hello all! I'm having the same problem with the hardened Windows Server 2016 AMI that has Basic authentication explicitly disabled by the Group Policy. The use of NTLM authentication is the solution and it works fine from PowerShell and Ansible.
The Packer's *winrm_use_ntlm* option just doesn't seem to work. The issue is reproducible over both HTTPS and HTTP. Wireshark log shows that NTLM packet is malformed. There is a similar issue on GitHub: winrm hyperv 401 error #6205 <https://github.com/hashicorp/packer/issues/6205> On Thursday, May 10, 2018 at 1:34:33 AM UTC-5, Rickard von Essen wrote: > > Just to clearify Packer does speak WinRM over HTTPS. See > https://www.packer.io/docs/templates/communicator.html#winrm_use_ssl > > On Thu, May 10, 2018, 05:22 Jordan Borean <[email protected] <javascript:>> > wrote: > >> I believe the other issue is that Packer (or whatever libraries Packer >> uses for WinRM) does not encrypt the WinRM data so anything over http is in >> plaintext. You can disable the encryption check by running >> >> Set-Item -Path WSMan:\localhost\Server\AllowUnencrypted -Value $true >> >> This means that Windows will allow connections that do not encrypt the >> data but I doubt a hardened AMI would allow this change as it is quite >> insecure. What you really want to do is use a https listener which uses TLS >> to encrypt the data. This requires further steps as part of your >> bootstrapping process ot create the self-signed cert and https listener but >> it can be done. In Ansible land we use >> https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 >> >> but you will probably need to modify it to work on your AMI. >> >> Thanks >> >> Jordan >> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/b72debbe-86b4-4cad-b6e3-ea82883b4b70%40googlegroups.com >> >> <https://groups.google.com/d/msgid/packer-tool/b72debbe-86b4-4cad-b6e3-ea82883b4b70%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/4ac62fa0-7972-44b0-a513-1fa0fc5af086%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
