Vagrant (Virtualbox) WinRM error Digest initialization failed

jo3rg commented 12 months ago

Debug output

DetectionLab-master\Vagrant> vagrant up wef --provision
Bringing machine 'wef' up with 'virtualbox' provider...
==> wef: Checking if box 'detectionlab/win2016' version '1.9' is up to date...
==> wef: Clearing any previously set forwarded ports...
==> wef: Fixed port collision for 5985 => 55985. Now on port 2201.
==> wef: Fixed port collision for 5986 => 55986. Now on port 2202.
==> wef: Fixed port collision for 22 => 2222. Now on port 2203.
==> wef: Clearing any previously set network interfaces...
==> wef: Preparing network interfaces based on configuration...
    wef: Adapter 1: nat
    wef: Adapter 2: hostonly
==> wef: Forwarding ports...
    wef: 5985 (guest) => 2201 (host) (adapter 1)
    wef: 5986 (guest) => 2202 (host) (adapter 1)
    wef: 22 (guest) => 2203 (host) (adapter 1)
==> wef: Running 'pre-boot' VM customizations...
==> wef: Booting VM...
==> wef: Waiting for machine to boot. This may take a few minutes...
    wef: WinRM address: 127.0.0.1:2201
    wef: WinRM username: vagrant
    wef: WinRM execution_time_limit: PT2H
    wef: WinRM transport: negotiate
An error occurred executing a remote WinRM command.

Shell: Cmd
Command: hostname
Message: Digest initialization failed: initialization error

Expected behavior

Vagrant should communicate with the guest through winrm. Or should show more detail info to recover.

Actual behavior

Fails to Initialize and Information is useless. May be related to winrm port forwarding as the first Windows 2016 Server instance was deployed without any problems (dc).

Reproduction information

vagrant up --debug

Vagrant version

Installed Version: 2.3.7

Host operating system

Windows 10 x64

Guest operating system

Windows Server 2016

Steps to reproduce

git clone https://github.com/clong/DetectionLab.git .
cd DetectionLab\Vagrant
./prepare.ps1
vagrant up

Vagrantfile

Full: https://github.com/clong/DetectionLab/blob/master/Vagrant/Vagrantfile WEF Part:

  config.vm.define "wef" do |cfg|
    cfg.vm.box = "detectionlab/win2016"
    cfg.vm.hostname = "wef"
    cfg.vm.boot_timeout = 600
    cfg.vm.communicator = "winrm"
    cfg.winrm.basic_auth_only = true
    cfg.winrm.timeout = 300
    cfg.winrm.retry_limit = 20
    cfg.vm.network :private_network, ip: "192.168.56.103", gateway: "192.168.56.1", dns: "192.168.56.102"

    cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.56.103 -dns 8.8.8.8 -gateway 192.168.56.1" 
    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
    cfg.vm.provision "reload"
    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
    cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
    cfg.vm.provision "shell", path: "scripts/install-wefsubscriptions.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-windows_ta.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-evtx-attack-samples.ps1", privileged: false
    cfg.vm.provision "file", source: "files/choco-winpcap", destination: "choco-winpcap"
    cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/configure-pslogstranscriptsshare.ps1", privileged: false
    cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false
    cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
    cfg.vm.provision "shell", inline: "Write-Host 'WEF Provisioning Complete!'", privileged: false

EDIT1: I think the bug may be related to this bug: https://discuss.hashicorp.com/t/winrm-port-does-not-work-in-vagrantfile/54601

EDIT2: Further analyses has shown that the right port & interface has been choosen but seems to have issues to authenticate:

mpriha commented 11 months ago

I have the same issue with Windows 11 - is there a work around like using an older version of Vagrant? I suppose there is no installation package for Windows yet here: https://github.com/hashicorp/vagrant/releases/tag/2.3.8.dev%2B000032-f72cda8b

Vagrant version

Installed Version: 2.3.7

Host operating system

Windows 11 x64

Guest operating system

Windows Server 2019

Vagrant box

gusztavvargadr/windows-server-2019-standard

Thank you for your support Marketta

mpriha commented 11 months ago

I have the same issue with Windows 11 - is there a work around like using an older version of Vagrant? I suppose there is no installation package for Windows yet here: https://github.com/hashicorp/vagrant/releases/tag/2.3.8.dev%2B000032-f72cda8b

Vagrant version

Installed Version: 2.3.7

Host operating system

Windows 11 x64

Guest operating system

Windows Server 2019

Vagrant box

gusztavvargadr/windows-server-2019-standard

Thank you for your support Marketta

Issue was fixed at least for me in https://github.com/hashicorp/vagrant/releases/download/2.3.8.dev%2B000086-5fc64cde/vagrant_2.3.8.dev_windows_i686.msi

jo3rg commented 10 months ago

I have the same issue with Windows 11 - is there a work around like using an older version of Vagrant? I suppose there is no installation package for Windows yet here: https://github.com/hashicorp/vagrant/releases/tag/2.3.8.dev%2B000032-f72cda8b

Vagrant version

Installed Version: 2.3.7

Host operating system

Windows 11 x64

Guest operating system

Windows Server 2019

Vagrant box

gusztavvargadr/windows-server-2019-standard

Thank you for your support Marketta

Issue was fixed at least for me in https://github.com/hashicorp/vagrant/releases/download/2.3.8.dev%2B000086-5fc64cde/vagrant_2.3.8.dev_windows_i686.msi

Seems to also have fixed the issue for me, thanks and issue can be closed from my pov.

peak-load commented 8 months ago

I still have same issue with 2.4.0 on Mac.

dstoliker commented 8 months ago

Same here - also on Mac. I've had to roll back to version 2.3.6 to get Windows guests to work.

JY0850 commented 8 months ago

Had the same issue, roll back to 2.3.6 fixed it for me as well. Thanks for the suggestion @dstoliker 🙏🏻.

gianluca-bruno commented 8 months ago

I have the same issue on arch linux, vagrant 2.4.0

ret2src commented 8 months ago

Issue still persists on Arch Linux, Vagrant 2.4.0. Reproducible for example with Orange-Cyberdefense/GOAD. Downgrade to 2.3.6 and enabling OpenSSL legacy provider did not fix the issue.

UPDATE: Seems to be fixed with current git version, at least on Arch Linux, see https://github.com/Orange-Cyberdefense/GOAD/issues/141#issuecomment-1814321465

zlshi commented 8 months ago

I have the same issue on manjaro (Linux5.15), vagrant 2.4.0

dstoliker commented 6 months ago

I have upgraded to version 2.4.1 on Mac. This issue appears to have been resolved in that version. 🎉

chrisroberts commented 6 months ago

This has been resolved in the latest release, so closing this up.

Cheers!

gianluca-bruno commented 5 months ago

I still have the same issue with Arch 20240101 amd64/ vagrant 2.4.1

gianluca-bruno commented 5 months ago

Looks like the following is needed to get this to work: config.winrm.transport = :plaintext config.winrm.basic_auth_only = true

hashicorp / vagrant