Bootstraping Windows 2012 servers gives Connection attempt failed error

Hello All,

I’m trying to bootstrap one Windows 2012 server using “knife bootstrap windows
winrm” command and gives me connection attempt failure error.

I clearly remember this was working earlier and suddenly it starts giving this
error.

Is there any other configuration step that I’ve missed?

On Windows 2012 server machine I’ve configured winrm as stated in tutorial :
http://docs.opscode.com/plugin_knife_windows.html

Here is the output that I’m getting:

C:\ChefWorkstation\chef-repo>knife bootstrap windows winrm
ec2-XXX-XXX-XXX-XX.compute-1.amazonaws.com -x Administrator -P xxxx -VV
Bootstrapping Chef on ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
DEBUG: Looking for bootstrap template in
C:/opscode/chef/embedded/lib/ruby/gems/1.9.1/gems/knife-windows-0.5.14/lib/chef/knife/bootstrap
DEBUG: Found bootstrap template in
C:/opscode/chef/embedded/lib/ruby/gems/1.9.1/gems/knife-windows-0.5.14/lib/chef/knife/bootstrap

DEBUG: Adding ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
DEBUG: :session => :init
DEBUG: :relay_to_servers => cmd.exe /C echo “Rendering
”%TEMP%\bootstrap-3004-1387347932.bat" chunk 1" && >> “%TEMP%\bootstrap-300
4-1387347932.bat” (echo.@rem) && >> “%TEMP%\bootstrap-3004-1387347932.bat”
(echo.@rem Author:: Seth Chisamore ^(^<schisamo@opscode
.com^>^)) && >> “%TEMP%\bootstrap-3004-1387347932.bat” (echo.@rem Copyright::
Copyright ^(c^) 2011 Opscode, Inc.) && >> “%TEMP%\bo
otstrap-3004-1387347932.bat” (echo.@rem License:: Apache License, Version 2.0)
&& >> “%TEMP%\bootstrap-3004-1387347932.bat” (echo.
@rem) && >> “%TEMP%\bootstrap-3004-1387347932.bat” (echo.@rem Licensed under
the Apache License, Version 2.0 ^(the “License”^):wink: &
& >> “%TEMP%\bootstrap-3004-1387347932.bat” (echo.@rem you may not use this
file except in compliance with the License.) && >> “%T
EMP%\bootstrap-3004-1387347932.bat” (echo.@rem You may obtain a copy of the
License at) && >> “%TEMP%\bootstrap-3004-1387347932.ba
t” (echo.@rem) && >> “%TEMP%\bootstrap-3004-1387347932.bat” (echo.@rem
http://www.apache.org/licenses/LICENSE-2.0) && >> “%TEM
P%\bootstrap-3004-1387347932.bat” (echo.@rem) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem Unless required by applicabl
e law or agreed to in writing, software) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem distributed under the License
is
distributed on an “AS IS” BASIS,) && >> “%TEMP%\bootstrap-3004-1387347932.bat”
(echo.@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.) && >> “%TEMP%\bootstrap-3004-1387347932.bat”
(echo.@rem See the License for the specific language governing permissions and)
&& >> “%TEMP%\bootstrap-3004-1387347932.bat” (echo.@rem limitations under the
License.) && >> “%TEMP%\bootstrap-3004-1387347932.bat” (echo.@rem) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem Use delayed environment
expansion so that ERRORLEVEL can be evaluated with the) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem !ERRORLEVEL! syntax which
evaluates at execution of the line of script, not when) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem the line is read. See help
for the /E switch from cmd.exe /? .)
DEBUG: :relayed => ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
DEBUG: ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com => :run_command
ERROR: Network Error: A connection attempt failed because the connected party
did not properly respond after a period of time, or established connection
failed because connected host has failed to respond. - connect(2)
(http://ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com:5985)
Check your knife configuration and network settings

Thanks,
Ravi

I tried bootstraping Windows 2008 server and it worked. I did
configure only winrm on Windows 2008 server.

This indicates that there is something else that needs to be
configured on Windows 2012 machine.

Has anyone else faced similar issue?

Regards,
Ravi

On 12/18/13, Ravindra ravindra.chandrakar@gmail.com wrote:

Hello All,

I'm trying to bootstrap one Windows 2012 server using "knife bootstrap
windows
winrm" command and gives me connection attempt failure error.

I clearly remember this was working earlier and suddenly it starts giving
this
error.

Is there any other configuration step that I've missed?

On Windows 2012 server machine I've configured winrm as stated in tutorial
:
knife windows

Here is the output that I'm getting:

C:\ChefWorkstation\chef-repo>knife bootstrap windows winrm
ec2-XXX-XXX-XXX-XX.compute-1.amazonaws.com -x Administrator -P xxxx -VV
Bootstrapping Chef on ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
DEBUG: Looking for bootstrap template in
C:/opscode/chef/embedded/lib/ruby/gems/1.9.1/gems/knife-windows-0.5.14/lib/chef/knife/bootstrap
DEBUG: Found bootstrap template in
C:/opscode/chef/embedded/lib/ruby/gems/1.9.1/gems/knife-windows-0.5.14/lib/chef/knife/bootstrap

DEBUG: Adding ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
DEBUG: :session => :init
DEBUG: :relay_to_servers => cmd.exe /C echo "Rendering
"%TEMP%\bootstrap-3004-1387347932.bat" chunk 1" && >> "%TEMP%\bootstrap-300
4-1387347932.bat" (echo.@rem) && >> "%TEMP%\bootstrap-3004-1387347932.bat"
(echo.@rem Author:: Seth Chisamore ^(^<schisamo@opscode
.com^>^)) && >> "%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem
Copyright::
Copyright ^(c^) 2011 Opscode, Inc.) && >> "%TEMP%\bo
otstrap-3004-1387347932.bat" (echo.@rem License:: Apache License, Version
2.0)
&& >> "%TEMP%\bootstrap-3004-1387347932.bat" (echo.
@rem) && >> "%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem Licensed
under
the Apache License, Version 2.0 ^(the "License"^):wink: &
& >> "%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem you may not use this
file except in compliance with the License.) && >> "%T
EMP%\bootstrap-3004-1387347932.bat" (echo.@rem You may obtain a copy of the
License at) && >> "%TEMP%\bootstrap-3004-1387347932.ba
t" (echo.@rem) && >> "%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem
http://www.apache.org/licenses/LICENSE-2.0) && >> "%TEM
P%\bootstrap-3004-1387347932.bat" (echo.@rem) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem Unless required by
applicabl
e law or agreed to in writing, software) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem distributed under the
License
is
distributed on an "AS IS" BASIS,) && >>
"%TEMP%\bootstrap-3004-1387347932.bat"
(echo.@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.) && >>
"%TEMP%\bootstrap-3004-1387347932.bat"
(echo.@rem See the License for the specific language governing permissions
and)
&& >> "%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem limitations under
the
License.) && >> "%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem Use delayed environment
expansion so that ERRORLEVEL can be evaluated with the) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem !ERRORLEVEL! syntax which
evaluates at execution of the line of script, not when) && >>
"%TEMP%\bootstrap-3004-1387347932.bat" (echo.@rem the line is read. See
help
for the /E switch from cmd.exe /? .)
DEBUG: :relayed => ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
DEBUG: ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com => :run_command
ERROR: Network Error: A connection attempt failed because the connected
party
did not properly respond after a period of time, or established connection
failed because connected host has failed to respond. - connect(2)
(http://ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com:5985)
Check your knife configuration and network settings

Thanks,
Ravi

On Wed, Dec 18, 2013 at 1:48 AM, Ravindra Chandrakar
ravindra.chandrakar@gmail.com wrote:

I tried bootstraping Windows 2008 server and it worked. I did
configure only winrm on Windows 2008 server.

This indicates that there is something else that needs to be
configured on Windows 2012 machine.

Has anyone else faced similar issue?

Windows 2012 restricts port 5985 to the local subnet. To change this,
configure the Windows Firewall to allow connections from outside:

netsh advfirewall firewall set rule name="Windows Remote Management
(HTTP-In)" profile=public protocol=tcp localport=5985
remoteip=localsubnet new remoteip=any

Tune as needed.

  • Julian

--
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: Julian Dunn's Blog - Commentary on media, technology, and everything in between. * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

Thanks Julian.

After modifying firewall rule it works.

-Ravi

On 12/18/13, Julian C. Dunn jdunn@aquezada.com wrote:

On Wed, Dec 18, 2013 at 1:48 AM, Ravindra Chandrakar
ravindra.chandrakar@gmail.com wrote:

I tried bootstraping Windows 2008 server and it worked. I did
configure only winrm on Windows 2008 server.

This indicates that there is something else that needs to be
configured on Windows 2012 machine.

Has anyone else faced similar issue?

Windows 2012 restricts port 5985 to the local subnet. To change this,
configure the Windows Firewall to allow connections from outside:

netsh advfirewall firewall set rule name="Windows Remote Management
(HTTP-In)" profile=public protocol=tcp localport=5985
remoteip=localsubnet new remoteip=any

Tune as needed.

  • Julian

--
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: Julian Dunn's Blog - Commentary on media, technology, and everything in between. * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]