search

packer-community / winrmcp

Copy files to a remote host using WinRM
MIT License
59 stars 31 forks source link

Cannot read WinRM info on Windows 2008 R2 #3

Closed dylanmei closed 9 years ago

dylanmei commented 9 years ago

As noted here and here, an administrator cannot access WinRM info on Windows 2008 R2.

⇒ bin/winrmcp -addr=localhost:5536 -info
<f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="5" Machine="win-2008-r2"><f:Message>Access is denied. </f:Message></f:WSManFault>
Error number:  -2147024891 0x80070005
Access is denied.

Client
    Addr: localhost:5536
    Auth: Basic
    User: packer
WinRM Config
    MaxEnvelopeSizeKB: 0
    MaxTimeoutMS: 0
    Service/MaxConcurrentOperations: 0
    Service/MaxConcurrentOperationsPerUser: 0
    Service/MaxConnections: 0
    Winrs/MaxConcurrentUsers: 0
    Winrs/MaxProcessesPerShell: 0
    Winrs/MaxMemoryPerShellMB: 0
    Winrs/MaxShellsPerUser: 0
dylanmei commented 9 years ago

The info query is also used prior to copying a file in order to determine how many chunks it can send to the remote before needing to discard the current shell and initiate a new one.

ramarnat commented 9 years ago

confirmed independently using winrm commandline tool

winrm -hostname 172.16.111.135 -username "vagrant" -password "vagrant" "winrm get winrm/config -format:xml"
<f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="5" Machine="VAGRANT-51A0FAR"><f:Message>Access is denied. </f:Message></f:WSManFault>
Error number:  -2147024891 0x80070005
Access is denied.
ramarnat commented 9 years ago

How about allowing for the value for MaxEnvelopeSizeKB as a config parameter?

dylanmei commented 9 years ago

I'm not ready to take in arguments like that. The machine itself is the source of truth, and if we can't read it out the I'd like it degrade gracefully.

Commit c29edbd044eea8a33a103bca707f7fe7528bc0fd is a small step in that direction, and will work around the winrmcp copy problem for a standard 2008 R2 installation.

ramarnat commented 9 years ago

I played around with wsman, and TrustedHosts settings to get powershell to return the values, but none worked.

dylanmei commented 9 years ago

I have it working in branch winrmcp/elevated_info_query but it's hardcoded to vagrant/vagrant and it's not ready for prime-time without tests and a refactor or three. :see_no_evil:

dylanmei commented 9 years ago

I've worked around this by 1. allowing max-ops-per-shell to be provided to the cli/lib and 2. setting the default to 15 to make Windows 2008 R2 happy.