Questions tagged with Windows Provisioning
Content language: English
Sort by most recent
Hello,
I use packer to build windows private AMIs.
My code works perfectly for Windows Server 2019 and 2022.
Today, I must build a Windows Server 2012 AMI.
When I start packer, everything is going fine until WinRM is supposed to be activated. But it never becomes available.
Here is the output of my script:
```
30/03/2023 15:03:01
We are building a Windows template
lets build AWS12
packer build -on-error=cleanup -force -color=false -var-file ./production.pkrvars.hcl -only=amazon-ebs.windows -var AWS_Region=eu-west-1 -var AWS_Subnet=subnet-09dea1005b9e039ce -var AWS_VPC=vpc-07a597dbe1bc6d0a0 -var aws_os_filter=Windows_Server-2012-R2-English-STIG-Full-202* -var InstanceType=t3.medium -var VMNAME=Windows-W2K12-230330 -var-file=W2K12.pkrvars.hcl ./Windows
==> amazon-ebs.windows: Force Deregister flag found, skipping prevalidating AMI Name
amazon-ebs.windows: Found Image ID: ami-05ea5147aa6a82322
==> amazon-ebs.windows: Creating temporary keypair: packer_6425a4a6-c2b5-fb0b-1e41-2a23d9f6d4fd
amazon-ebs.windows: Found Security Group(s): sg-0416234d02eef67b3, sg-075f33d2f0f72757c
==> amazon-ebs.windows: Launching a source AWS instance...
amazon-ebs.windows: Instance ID: i-0a954ed5f7ff8d54c
==> amazon-ebs.windows: Waiting for instance (i-0a954ed5f7ff8d54c) to become ready...
==> amazon-ebs.windows: Waiting for auto-generated password for instance...
amazon-ebs.windows: It is normal for this process to take up to 15 minutes,
amazon-ebs.windows: but it usually takes around 5. Please wait.
amazon-ebs.windows:
amazon-ebs.windows: Password retrieved!
==> amazon-ebs.windows: Using WinRM communicator to connect: 10.6.25.165
==> amazon-ebs.windows: Waiting for WinRM to become available...
real 8m21.604s
user 0m0.450s
sys 0m0.319s
```
I use the very same powershell script to enable WinRM. For other Windows Operating Systems, it works.
```
<powershell>
# MAKE SURE IN YOUR PACKER CONFIG TO SET:
#
#
# "winrm_username": "Administrator",
# "winrm_insecure": true,
# "winrm_use_ssl": true,
#
#
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"
# $ThePwd=ConvertTo-SecureString -String 'Azerty0IsGood!' -AsPlainText -Force
# New-LocalUser "PackerUser" -AccountNeverExpires -PasswordNeverExpires -FullName "User for packer" -Description "User for packer" -Password $ThePwd
# Add-LocalGroupMember -Group 'Administrators' -Member "PackerUser"
# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
</powershell>
```
I quickly created an T3.medium EC2 running Windows Server 2012 R2, and executed the script above, without any error.
My security groups open ports TCP/3389 and TCP/5986
* How can I enable WinRM on Windows Server 2012 R2 ?
My bill says I have a windows t2 instance I am paying for. But I cannot locate that service in order to cancel it. Also says I have a light sail service paying for. I assume these are the same. But when I goto lightsail it says I have nothing
I have a .net windows application (exe) which I would like to run on my windows ec2 instance.
I can run it on my computer at home but it doesnt even load (no error or any message) when I try to run it.
The application connects to a remote api and database. (it has no publisher credentials)
I am new to this. What are the general /most common settings I am missing here to get it to work? Both aws and windows firewall settings for example.
We currently are using Amazon Elastic Compute Cloud t2.large with Windows Server 2012 R2. Microsoft support for Windows Server 2012 R2 ends October 10, 2023. Does that mean we’ll need to upgrade our current AWS setup? If so, what is the cutoff date for when this needs to get done.
We have setup remote apps to be used via RDP on a Windows Server. Users have reported that they will get disconnected mid-session. They are usually logged in all day. We haven't been able to find a cause.
We have done the following:
1. Increased the server hardware based on AWS provisioning suggestion
2. Set up Domain and Local GPO to keep instances active, auto reconnect sessions, and only allow one session per user
3. Checked the Remote Desktop App settings to ensure we don't have a timeout issue there
4. Checked Event Logs both on the server and at the AD controller (No errors)
5. Checked security settings for anything potential connected to remote desktop
6. Made sure we have remote desktop licenses installed
We are running the Apps over a VPN and each server is setup to serve as a RD broker as well as host the RD App.
Any ideas?
Hello,
Today I attempted an instance type change on a Windows machine from m5.4xlarge to c6a.4xlarge resulting in Instance reachability check failed. I've tried rebooting, stopping, and starting the instance, but the outcome was the same: no connectivity.
Are there any networking differences between the 2 instance types that would require driver installation? I'm asking about the network, as the instance screenshot displayed no connectivity on the network adapter and the remote desktop connection was not working either.
Hello,
We are attempting to set up a dev instance of a client's ERP which runs on Windows Server 2019. To complete our integrations, we need to enable SSL on the server so that we can make HTTPS API requests. The target domain is a subdomain of a domain registered and maintained at name.com; transferring the domain to be managed by Amazon is not possible. Documentation and knowledgebase requests I've seen do not clarify whether the SSL certification should be done in the Lightsail console or in the Windows server that is running, nor is it terribly useful for cases where the domain is managed elsewhere.
The ERP has already been set up and can be accessed via HTTP, everything necessary has been installed on the server, this is the last step.
Thank you for your time. Let me know if there would be additional helpful information.
One of our EC2 windows (Windows 2022 Data Center Edition) instance randomly stops without any manual interference.
It's a **c6a.8xlarge** instance type running at **Mumbai location**. The server is used for RDP purpose. Whenever users complain they are kicked out of their sessions, we mostly see that it is in "Stopped" mode in the dashboard.
This is really impacting our production.
How do we resolve this issue?
I have 2 ec 2 instances running and am able to login to both from pc desktop but not from Android mobile
It is my understanding that we can have 2 connections through rdp, is these connections to the server or the instances, so my question is my having 2 instances is that my connections used up and I need to pay for rdp licence then?
Or should I be able to connect through my mobile as well?
If it is possible to connect through mobile, can someone detail the process for doing so?
If I need to buy licences, where do I find details to do that and also associated costs, I would need a connection to each instance through mobile, so is that 2 rdp licenses required?
any pointers appreciated
Many Thanks
Gordon
I'm working to validate my device with Greengrass v2 on a Windows 2019 OS.
When executing the devicetester_win_x86-64.exe it launches a pretest validation check to make sure the correct components are installed on Windows. Below is the messages I'm seeing when this happens.
info msg="GGV2 Suite Info" hostArch=amd64 hostName=WIN-JTAA71LE6U1 hostOs=windows testCaseId=pretestvalidation deviceId=ztC-200i groupId=pretestvalidation
info msg="Running test case"
info msg="Setting up device for testing"
info msg="Running preTest validation test"
error msg="Encountered failure running pretest validation - \n your device doesn't have Visual C++ 2017 or later versions installed"
The last message tells me that it can not validate that Visual C++ 2017 Redistributable has been installed.
I have installed this on my machine and validated that it exists in add remove programs. Microsoft Visual C++ 2015-2022 Redistributable.
How is the pretestvalidation tool verifying that it's installed on the machine?
I checked the Registry and it looks correct.
Is it possible that the latest version of the Redistributable does not work with this pretestvalidation tool?
Anyone have any suggestions?
Thanks
-Peter
New to AWS.
I have created an EC2 Windows 2016 Server with the below Security Inbound Rules:
Installed the IIS Server after logging using RDP.
Copied the Public DNS URL and pasted it in normal browser window and also in incognito tab.
Able to get the IIS Home page in Incognito Browser Tab but not in normal browser Window.
**Update**:
* Able to browse with the Elastic IP in normal browser window but not with the Public IPv4 DNS.
Could anyone suggest to me where I'm doing wrong?
Hi:
I had a snapshot of an old server. I needed to spin it back up. So I created an image from the snapshot, then created an EC2 instance from the image. Now Windows won't activate. The activation page in Windows does show the last 5-digits of Product Key 8XDDG, but says it cannot activate, providing Error code: 0xC004F074. It previously ran Windows Server 2016 Datacenter and still does, i.e. I just re-created the EC2 instance from image, I did not change Windows version.
More info. that might be helpful: I've followed the guide at https://aws.amazon.com/premiumsupport/knowledge-center/windows-activation-fails/ to activate manually. But in step 6, telnet to 169.254.169.250 fails and PowerShell command: Test-netconnection 169.254.169.250 -Port 1688 also fails. I've verified in step seven that the registry keys are correct for KeyManagementServiceName (169.254.169.250) and KeyManagementServicePort (1688). Telnet and Test-netconnection to .251 also fails. The Security Group assigned to the instance has the default Outbound rule that allows everything.
Thank you!