Thank you. I was actually able to get this to work on the base windows 2016
AMI, but I am attempting to run this on the CIS level 1 hardened AMI from
the AWS Marketplace (found here
<https://aws.amazon.com/marketplace/pp/B078SC1S3Z?qid=1559764776361&sr=0-1&ref_=srh_res_product_title>).
The source AMI ID is ami-024c544bd4659d547 and the source AMI name is CIS
Microsoft Windows Server 2016 Benchmark 1.0.0.24 Level
1-b1776421-c8ab-411d-8a73-34f06d3ceadf-ami-05c3f6c249aec43d9.4.
I can't narrow down which setting is cause this to fail.
On Wednesday, June 5, 2019 at 3:57:34 PM UTC-4, Louis Mayorga wrote:
>
> <powershell>
> wmic UserAccount set PasswordExpires=False
> net user Administrator <ADMIN_PASSWORD_HERE>
> write-output "Running User Data Script"
> write-host "(host) Running User Data Script"
>
> Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction
> Ignore
>
> # Don't set this before Set-ExecutionPolicy as it throws an error
> $ErrorActionPreference = "stop"
>
> # Remove HTTP listener
> Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
>
> $Cert = New-SelfSignedCertificate -CertstoreLocation
> Cert:\LocalMachine\My -DnsName "packer"
> New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address *
> -CertificateThumbPrint
> $Cert.Thumbprint -Force
>
> # WinRM
> write-output "Setting up WinRM"
> write-host "(host) setting up WinRM"
>
> cmd.exe /c winrm quickconfig -q
> cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
> cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
> cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
> cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
> cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
> cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
> cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
> cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS"
> "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$(
> $Cert.Thumbprint)`"}"
> cmd.exe /c netsh advfirewall firewall set rule group="remote
> administration" new enable=yes
> cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
> cmd.exe /c net stop winrm
> cmd.exe /c sc config winrm start= auto
> cmd.exe /c net start winrm
>
> </powershell>
>
> On Wednesday, June 5, 2019 at 3:53:19 PM UTC-4, [email protected] wrote:
>>
>> do you have examples of your bootstrap script and enable rdp script?
>>
>> On Wednesday, June 5, 2019 at 3:50:42 PM UTC-4, Louis Mayorga wrote:
>>>
>>> Check my post
>>>
>>> https://groups.google.com/forum/#!topic/packer-tool/hGcrPLFZW4Q
>>>
>>> On Wednesday, June 5, 2019 at 3:49:28 PM UTC-4, [email protected]
>>> wrote:
>>>>
>>>> Hi all -
>>>>
>>>> Has anyone had any luck configuring winrm for HTTPS? I've tried
>>>> multiple tweaks on the user-data script and still cannot get it to work.
>>>>
>>>> I'm still in the process of confirming whether it's a packer issue or a
>>>> configuration issue.
>>>>
>>>> Any help would be appreciated.
>>>>
>>>> Best,
>>>> Andrew
>>>>
>>>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/cff810a6-7d91-4a17-b8c9-9bc092182960%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
