Terraform - Microsoft ATA Gateway DC to WEF unable to connect via FQDN

[ProtoDroidBot]

• Operating System Version: Windows 10 Pro
• Provider (VirtualBox/VMWare): (AWS Terraform US-WEST-1)
• Vagrant Version: N/A
• Packer Version: N/A
• Are you using stock boxes (downloaded) or were they built from scratch using Packer? Terraform AWS boxes
• Is the issue reproducible or intermittent? Reproducible on Latest Master Branch via Latest Terraform

Please verify that you are building from an updated Master branch before filing an issue. - Done (cloned on Jan 6th 2020)

Issue Description:

While I made a post on issue #316 , I wanted to file a separate issue in case for some reason that cannot be reopened; Apologies!

Anyways, I tried to use the AMI's in US-WEST-1 and Terraform to stand up DetectionLab, but twice it gets stuck on bringing up WEF to DC. Upon further inspection and attempted ATA gateway reinstall on the DC, I couldn't resolve the WEF FQDN address, but I could ping the local IP address that WEF was on.

Other than that, ATA Gateway service on the DC for some reason is exiting unexpectedly according to the event logs on DC.

Wish I had more information / screenshots, so will try to get them on a 3rd attempt (previous issue I've referenced has some screenshots, but I will get better ones).

Thanks!

[ProtoDroidBot]

Oh my... The adapters which were used for building the VMs locally don't exist on AWS.

[clong]

Thanks for the report! I'll try to repro ASAP.

[clong]

Yeah this is all sorts of weird. I think it's DNS (because it's always DNS)

ATA gateway error logs show:

System.Net.WebException: The remote name could not be resolved: 'wef.windomain.local'

However, the DC DNS is set to 192.168.0.2 for some reason:

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : us-west-1.compute.internal
   Description . . . . . . . . . . . : AWS PV Network Device #0
   Physical Address. . . . . . . . . : 06-2A-F7-C1-CD-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::99a9:3b9f:f319:755e%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.38.102(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 7, 2020 4:38:14 AM
   Lease Expires . . . . . . . . . . : Tuesday, January 7, 2020 5:38:13 AM
   Default Gateway . . . . . . . . . : 192.168.38.1
   DHCP Server . . . . . . . . . . . : 192.168.38.1
   DHCPv6 IAID . . . . . . . . . . . : 134640539
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-60-FA-B7-00-0C-29-CE-12-68
   DNS Servers . . . . . . . . . . . : 192.168.0.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

It looks like for whatever reason, the DNS settings defined here aren't applying to DC correctly and it's using an invalid DNS server. I might have to push out new AMIs, but I'll try to find a workaround in the meantime.

[ProtoDroidBot]

No worries @clong , I noticed an odd timing issue with Terraform where wef would sometimes get built "successfully" BEFORE the dc.windomain.local box and it messes the order up :S

[clong]

Working on a bandaid fix for this to be automatically applied using terraform remote-exec right now.

[clong]

Should be fixed here: https://github.com/clong/DetectionLab/commit/4d13f53866267982cd87f383ba79d5db048896ed

[ProtoDroidBot]

Speaking of, there is also an issue with the DC and potentially the win10 box where the Microsoft ATA service will enter a restart loop:

[clong]

Can you confirm if this is still an issue after the DNS fix is applied? I noticed it constantly attempting to restart on DC due to the DNS issue, but it stopped restarting for me after DNS was set correctly.

[ProtoDroidBot]

I will attempt to build via Terraform on a better machine, but the one time I did it on a Surface Go the DNS issue seemed fixed, but the ATA service still was hanging / entered a restart loop.

[ProtoDroidBot]

DNS issue seems to be fixed, but Terraform is still hanging on win10 / wef boxes. Will do some further investigation on my end though I suspect ATA is the culprit.

Edit 1: ATA has successfully connected to the DC, but Terraform is still creating the wef and win10 boxes. Guess I am wrong. :(

[clong]

@ProtoDroidBot - sorry for getting back to this so late. Sorry, to confirm, is everything here working as desired now or are there still issues with ATA or the hosts?

[ProtoDroidBot]

ATA is working fine, and I did confirm other tools to be working. The only thing which doesn't work is Terraform, and IDK what's going on with that. :(

Sorry and thanks! :)

[clong]

@ProtoDroidBot well if you continue to run into issues, feel free to open a new one and let's figure out what's broken! :)

I'm going to go ahead and close this issue out because I think the core problem it addressed has been solved. Thanks for reporting it, that was not a good thing to have happening!