Usually winrm settings. On Wed, Jun 5, 2019 at 16:04 <[email protected]> wrote:
> Thank you. I was actually able to get this to work on the base windows > 2016 AMI, but I am attempting to run this on the CIS level 1 hardened AMI > from the AWS Marketplace (found here > <https://aws.amazon.com/marketplace/pp/B078SC1S3Z?qid=1559764776361&sr=0-1&ref_=srh_res_product_title>). > The source AMI ID is ami-024c544bd4659d547 and the source AMI name is CIS > Microsoft Windows Server 2016 Benchmark 1.0.0.24 Level > 1-b1776421-c8ab-411d-8a73-34f06d3ceadf-ami-05c3f6c249aec43d9.4. > > I can't narrow down which setting is cause this to fail. > > On Wednesday, June 5, 2019 at 3:57:34 PM UTC-4, Louis Mayorga wrote: >> >> <powershell> >> wmic UserAccount set PasswordExpires=False >> net user Administrator <ADMIN_PASSWORD_HERE> >> write-output "Running User Data Script" >> write-host "(host) Running User Data Script" >> >> Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction >> Ignore >> >> # Don't set this before Set-ExecutionPolicy as it throws an error >> $ErrorActionPreference = "stop" >> >> # Remove HTTP listener >> Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse >> >> $Cert = New-SelfSignedCertificate -CertstoreLocation >> Cert:\LocalMachine\My -DnsName "packer" >> New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * >> -CertificateThumbPrint >> $Cert.Thumbprint -Force >> >> # WinRM >> write-output "Setting up WinRM" >> write-host "(host) setting up WinRM" >> >> cmd.exe /c winrm quickconfig -q >> cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}' >> cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}' >> cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}' >> cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}' >> cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}' >> cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}' >> cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}' >> cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" >> "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$( >> $Cert.Thumbprint)`"}" >> cmd.exe /c netsh advfirewall firewall set rule group="remote >> administration" new enable=yes >> cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986" >> cmd.exe /c net stop winrm >> cmd.exe /c sc config winrm start= auto >> cmd.exe /c net start winrm >> >> </powershell> >> >> On Wednesday, June 5, 2019 at 3:53:19 PM UTC-4, [email protected] >> wrote: >>> >>> do you have examples of your bootstrap script and enable rdp script? >>> >>> On Wednesday, June 5, 2019 at 3:50:42 PM UTC-4, Louis Mayorga wrote: >>>> >>>> Check my post >>>> >>>> https://groups.google.com/forum/#!topic/packer-tool/hGcrPLFZW4Q >>>> >>>> On Wednesday, June 5, 2019 at 3:49:28 PM UTC-4, [email protected] >>>> wrote: >>>>> >>>>> Hi all - >>>>> >>>>> Has anyone had any luck configuring winrm for HTTPS? I've tried >>>>> multiple tweaks on the user-data script and still cannot get it to work. >>>>> >>>>> I'm still in the process of confirming whether it's a packer issue or >>>>> a configuration issue. >>>>> >>>>> Any help would be appreciated. >>>>> >>>>> Best, >>>>> Andrew >>>>> >>>> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/cff810a6-7d91-4a17-b8c9-9bc092182960%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/cff810a6-7d91-4a17-b8c9-9bc092182960%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Luis Mayorga Software & Devops Engineer C. +1-703-407-4074 E. lmayorga@lm3 <http://lm-3.com/>corp.com T. @louismayorga -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CAMG1_%2BxS7n_DTxQWP006f43DwqmeFUbo92H5r5ssT_BLaCzxvQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
