Open ghost opened 3 years ago
I am trying to do the exact same thing and I believe that it is because the WinRM communicator doesn't specify "HOSTNAME\packer" as the user during the authentication of each provider, only packer. Once the machine is joined to a domain, the authentication fails because WinRM requires to specify a domain before the user.
Running a test from my machine while packer was running, I was able to see the same behavior happening, I lose WinRM (tested using New-PSSession before and after the join domain process) access if I only specify the username. I believe that having the winrm_username to translate as "local\packer" once the machine is created would most likely fix this issue. I tried setting it directly in the winrm_username configuration, but then Azure fails to create the machine because the Administrator user cannot have a "\" in it.
@u362jsim Did you ever find a solution for this? In my case, I need to work with a domain join as well. Several application during the image creation rely on AD DS connectivity.
Unfortunately no, not for now. The only workaround I got was to end my image with the Active Directory join and while packer does the same behavior, it succeeds in completing the image. My applications do not rely per se on AD so I am lucky that it doesn't impact us much.
Also posted here, I haven't had any comment on it yet. Wish I could be more help!
@u362jsim Thanks for the fast reply. I saw your other posts including the thread on discuss.hashicorp.com. Since this issue is already open for a long time, I do not expect to get it fixed anytime soon. What a bummer.
I found the following on serverfault. To be honest. I dont think the parameter "-SkipNetworkProfileCheck" will change something, but will give it a try tomorrow. Microsoft docs are telling this is only applicable for public networks (Windows Firewall)
@u362jsim Spend half of the day finding a workaround. You will find the details under my published blog post https://citrixguyblog.com/2024/04/10/hashicorp-packer-azure-arm-and-domain-join-issue-with-winrm/ Happy to hear your feedback!
This issue was originally opened by @ngeegoh as hashicorp/packer#6291. It was migrated here as a result of the Packer plugin split. The original body of the issue is below.
Packer failed to continue running the template with http response error: 401 - invalid content type after the PowerShell domain join command was executed.
As I need to add the temporary VM which is generated by Packer during the build into the domain, I have added a Domain join PowerShell script into the template which looks like this (I have tested this script several times in a fresh VM and it got no errors with it - it will add the VM to the domain):
$domain = "xxxxx" $password = "xxxxx" | ConvertTo-SecureString -asPlainText -Force
$username = "$domain\aaa.bbb"
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
Add-Computer -DomainName $domain -Credential $credential
This is the Azure Packer template that I ran: https://gist.github.com/ngeegoh/369b3dac2d8e4f5661a5e7d2754c7bd3 (The reason why I put 2 window-restart before running PS domain join script was just to make sure the windows-restart is working in Packer.)
Additionally, if I replace the "Domain join" with other normal PS scripts, they just work normally and Packer will generate the build artifact at the end. Not sure what happened with the Packer after the Domain join script was executed, nothing after could run and kept throwing error 401: Invalid content. I tried to debug it but still did not see anything and did not have enough information as well.
I have talked to several Packer contributors and even posted it in the mailing list but no one could really resolve this issue which I am not sure if it is the Packer bug or not as if it is good, Packer is supposed to run the Domain join script and then continue running the template without throwing errors right. Hope you guys could help or maybe just try to run the above template and PS script to see if you got the same error as mine! Thanks
I have attached the log for the packer build of the above template below.
Info: Azure packer Packer version from 1.2.3 Host platform: Windows10 Debug log output from PACKER_LOG=1 packer build template.json. https://gist.github.com/ngeegoh/4fc8ceecd68335d872aead39c859db20