Solved: DetectionLab not working on Mac OS Ventura

[LasseKrache]

• Operating System Version: Mac OS 13
• Deploying via: VirtualBox
• Vagrant Version: 2.3.2

Unable to start DetectionLab network on Mac OS Ventura

If I see this correctly, there are problems with the configuration of the network in VirtualBox or Vagrant with the new Mac OS version. Are there any plans yet to make the necessary modifications? I usually use Parallels for virtualization and unfortunately don't know anything about VirtualBox and Vagrant ...

Thank you very much! Lasse

[brootware]

Are there any logs you can provide? From my knowledge, new Apple Silicone cannot run Virtualbox. @LasseKrache

[LasseKrache]

Which logs can I support? And no: it is a MacBook with Intel processor and VirtualBox itself is running without problems.

[brootware]

The terminal output when you run vagrant up would help. @LasseKrache

[LasseKrache]

I'm pretty sure that last time the error occurred much earlier than today - but I hadn't copied that one. Today I see the following:

==> dc: Running provisioner: shell...
    dc: Running: scripts/install-velociraptor.ps1 as C:\tmp\vagrant-shell.ps1
    dc: [07:29] Adding logger to the hosts file
    dc: [07:29] Determining latest release of Velociraptor...
    dc: [07:29] Downloading Velociraptor...
    dc: [07:29] Installing Velociraptor...
    dc: powershell.exe : Restart-Service : Cannot find any service with service name 'Velociraptor'.
    dc:     + CategoryInfo          : NotSpecified: (Restart-Service...'Velociraptor'.:String) [], RemoteException
    dc:     + FullyQualifiedErrorId : NativeCommandError
    dc: At C:\tmp\vagrant-shell.ps1:33 char:3
    dc: +   Restart-Service Velociraptor
    dc: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    dc:     + CategoryInfo          : ObjectNotFound: (Velociraptor:String) [Restart-Service], ServiceCom
    dc:    mandException
    dc:     + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.RestartSer
    dc:    viceCommand
    dc:
    dc: [07:29] Velociraptor successfully installed!
    dc: Get-Service : Cannot find any service with service name 'Velociraptor'.
    dc: At C:\tmp\vagrant-shell.ps1:38 char:6
    dc: + If ((Get-Service -name Velociraptor).Status -ne "Running")
    dc: +      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    dc:     + CategoryInfo          : ObjectNotFound: (Velociraptor:String) [Get-Service], ServiceCommand
    dc:    Exception
    dc:     + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetService
    dc:    Command
    dc:
    dc: Velociraptor service is not running
    dc: At C:\tmp\vagrant-shell.ps1:40 char:3
    dc: +   Throw "Velociraptor service is not running"
    dc: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    dc:     + CategoryInfo          : OperationStopped: (Velociraptor service is not running:String) [],
    dc:    RuntimeException
    dc:     + FullyQualifiedErrorId : Velociraptor service is not running
    dc:
The following WinRM command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

powershell -ExecutionPolicy Bypass -OutputFormat Text -file "C:\tmp\vagrant-shell.ps1"

Stdout from the command:

[07:29] Adding logger to the hosts file
[07:29] Determining latest release of Velociraptor...
[07:29] Downloading Velociraptor...
[07:29] Installing Velociraptor...
[07:29] Velociraptor successfully installed!

Stderr from the command:

powershell.exe : Restart-Service : Cannot find any service with service name 'Velociraptor'.
    + CategoryInfo          : NotSpecified: (Restart-Service...'Velociraptor'.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
At C:\tmp\vagrant-shell.ps1:33 char:3
+   Restart-Service Velociraptor
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Velociraptor:String) [Restart-Service], ServiceCom
   mandException
    + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.RestartSer
   viceCommand

Get-Service : Cannot find any service with service name 'Velociraptor'.
At C:\tmp\vagrant-shell.ps1:38 char:6
+ If ((Get-Service -name Velociraptor).Status -ne "Running")
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Velociraptor:String) [Get-Service], ServiceCommand
   Exception
    + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetService
   Command

Velociraptor service is not running
At C:\tmp\vagrant-shell.ps1:40 char:3
+   Throw "Velociraptor service is not running"
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Velociraptor service is not running:String) [],
   RuntimeException
    + FullyQualifiedErrorId : Velociraptor service is not running

To me it looks like at least the vagrant environment itself is not causing any problems (last time the error came much earlier!) and now there is an error inside the virtual machine.

If I look inside DC, I can't see velociraptor installed - only a file "c:\Program Files\velociraptor", so I guess this causes the error?!

[LasseKrache]

Looks like the same problem as mentioned here: https://github.com/clong/DetectionLab/issues/869

[LasseKrache]

I tried to "manually" install velociraptor via msiexec /i velociraptor.msi and receive the error:

This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows installation package.

So I guess this could be the reason for the problem?!

After downloading the MSI again from the internet and installing it manually, all seems to work now ...