Knife bootstrap windows winrm - timeout

Chef Infra (archive)
1

Hi,

I’m trying to install a new client using

knife bootstrap windows winrm ‘server.nightly.bla’ -r ‘app::base’ -x
’administrator’ -P ‘xyz’

but the command comes back after a couple of mins with :-

ERROR: No response received from remote node after 1.84 minutes, giving up.
ERROR: RuntimeError: Command execution failed.

I have tried with -VVV and I get

DEBUG: :session => :init
DEBUG: :relay_to_servers => echo . & echo Response received.
DEBUG: :relayed => server.nightly.bla
DEBUG: server.nightly.bla => :run_command

​Not very helpful.

I can telnet from my workstation to port 5985.

Searching google for this, there a a couple of pages of people with similar
issues, but no solution.

Is this even the up-to-date way to install chef-client?

Thanks,

Steve​

2

WinRM seems flaky, and sometimes you need to bounce the service on the
windows box for it to respond, I've found.
On Apr 13, 2015 8:24 AM, "Button, Steve" steve.button@pearson.com wrote:

Hi,

I'm trying to install a new client using

knife bootstrap windows winrm 'server.nightly.bla' -r 'app::base' -x
'administrator’ -P 'xyz'

but the command comes back after a couple of mins with :-

ERROR: No response received from remote node after 1.84 minutes, giving up.
ERROR: RuntimeError: Command execution failed.

I have tried with -VVV and I get

DEBUG: :session => :init
DEBUG: :relay_to_servers => echo . & echo Response received.
DEBUG: :relayed => server.nightly.bla
DEBUG: server.nightly.bla => :run_command

​Not very helpful.

I can telnet from my workstation to port 5985.

Searching google for this, there a a couple of pages of people with
similar issues, but no solution.

Is this even the up-to-date way to install chef-client?

Thanks,

Steve​

3

I tried restarting the service, but I'm still getting the same

Waiting for remote response before bootstrap..........

On 13 April 2015 at 16:31, Morgan Blackthorne stormerider@gmail.com wrote:

WinRM seems flaky, and sometimes you need to bounce the service on the
windows box for it to respond, I've found.
On Apr 13, 2015 8:24 AM, "Button, Steve" steve.button@pearson.com wrote:

Hi,

I'm trying to install a new client using

knife bootstrap windows winrm 'server.nightly.bla' -r 'app::base' -x
'administrator’ -P 'xyz'

but the command comes back after a couple of mins with :-

ERROR: No response received from remote node after 1.84 minutes, giving
up.
ERROR: RuntimeError: Command execution failed.

I have tried with -VVV and I get

DEBUG: :session => :init
DEBUG: :relay_to_servers => echo . & echo Response received.
DEBUG: :relayed => server.nightly.bla
DEBUG: server.nightly.bla => :run_command

​Not very helpful.

I can telnet from my workstation to port 5985.

Searching google for this, there a a couple of pages of people with
similar issues, but no solution.

Is this even the up-to-date way to install chef-client?

Thanks,

Steve​

--
Steve Button

DevOps Engineer

Application Engineering, EMEA
Cloud Services

E: steve.button@pearson.com

D: 020 7010 2684
M: 07793 815832

Planned Time Off : Monday 8th June to Friday 19th June 2015

80 Strand
London
WC2R 0RL
UK

*Pearson *Always Learning
Learn more at http://www.pearson.com/ http://www.pearson.com/

4

Did your run the commands in the Requirements section from this page?
https://docs.chef.io/plugin_knife_windows.html

Chris

From: Button, Steve [mailto:steve.button@pearson.com]
Sent: Monday, April 13, 2015 12:46 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Re: knife bootstrap windows winrm - timeout.

I tried restarting the service, but I’m still getting the same

Waiting for remote response before bootstrap…

On 13 April 2015 at 16:31, Morgan Blackthorne <stormerider@gmail.commailto:stormerider@gmail.com> wrote:

WinRM seems flaky, and sometimes you need to bounce the service on the windows box for it to respond, I’ve found.
On Apr 13, 2015 8:24 AM, “Button, Steve” <steve.button@pearson.commailto:steve.button@pearson.com> wrote:
Hi,

I’m trying to install a new client using

knife bootstrap windows winrm ‘server.nightly.bla’ -r ‘app::base’ -x 'administrator’ -P ‘xyz’

but the command comes back after a couple of mins with :-

ERROR: No response received from remote node after 1.84 minutes, giving up.
ERROR: RuntimeError: Command execution failed.

I have tried with -VVV and I get

DEBUG: :session => :init
DEBUG: :relay_to_servers => echo . & echo Response received.
DEBUG: :relayed => server.nightly.bla
DEBUG: server.nightly.bla => :run_command

​Not very helpful.

I can telnet from my workstation to port 5985.

Searching google for this, there a a couple of pages of people with similar issues, but no solution.

Is this even the up-to-date way to install chef-client?

Thanks,

Steve​


Steve Button

DevOps Engineer

Application Engineering, EMEA
Cloud Services

E: steve.button@pearson.commailto:steve.button@pearson.com

D: 020 7010 2684
M: 07793 815832

Planned Time Off : Monday 8th June to Friday 19th June 2015
80 Strand
London
WC2R 0RL
UK

Pearson
Always Learning
Learn more at http://www.pearson.com/

5

Hi, Did all those apart from @{MaxMemoryPerShellMB=“300”}
as that’s already higher for Windows Server 2012.

6

Hi Steve,
Its a minimum winrm configuration,for 2012 windows server we use 1024.Regards,Indra

  From: "Button, Steve" <steve.button@pearson.com>

To: chef@lists.opscode.com
Sent: Tuesday, 14 April 2015 12:30 PM
Subject: [chef] Re: RE: Re: Re: knife bootstrap windows winrm - timeout.

Hi, Did all those apart from @{MaxMemoryPerShellMB=“300”} as that’s already higher for Windows Server 2012.

7

Hi, Seems we’re stuck on this one then? I’ve tried all the obvious things,
but I’m not getting through to the server using knife. Could just install
the client using the MSI? I’ve only got about 8 servers to bootstrap, so
would not be a big deal.

8

Steve,
Check Whether you have configured winrm in your windows server then also find whether you can able to access 5985 port through telnet.Regards,Indra.
From: “Button, Steve” steve.button@pearson.com
To: Indra k indra.k@cloudenablers.com
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Sent: Wednesday, 15 April 2015 4:43 PM
Subject: Re: [chef] Re: Re: RE: Re: Re: knife bootstrap windows winrm - timeout.

Hi, Seems we’re stuck on this one then? I’ve tried all the obvious things, but I’m not getting through to the server using knife. Could just install the client using the MSI? I’ve only got about 8 servers to bootstrap, so would not be a big deal.

9

On Wed, Apr 15, 2015 at 7:13 AM, Button, Steve steve.button@pearson.com wrote:

Hi, Seems we're stuck on this one then? I've tried all the obvious things,
but I'm not getting through to the server using knife. Could just install
the client using the MSI? I've only got about 8 servers to bootstrap, so
would not be a big deal.

Yes, if you just need to get things going quickly, you could just
install the client on the servers manually -- it's an MSI package that
will take /QN for a silent install.

  • Julian

--
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: Julian Dunn's Blog - Commentary on media, technology, and everything in between. * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]

10

On Mon, Apr 13, 2015 at 11:23 AM, Button, Steve steve.button@pearson.com
wrote:

knife bootstrap windows winrm 'server.nightly.bla' -r 'app::base' -x
'administrator’ -P 'xyz'

but the command comes back after a couple of mins with :-

ERROR: No response received from remote node after 1.84 minutes, giving up.
ERROR: RuntimeError: Command execution failed.

  1. Some questions and a guess:

What version of knife-windows are you using?

Are you really logging in as plain administrator, or are you using a domain
account?

Are you running this on a Windows workstation?

If your answers are "0.8.4", "yes plain local Administrator", and "yes,
windows workstation", then try this instead:

knife bootstrap windows winrm 'server.nightly.bla' -r 'app::base' -x
.\administrator -P 'xyz'

That is, specify .\Administrator instead of Administrator. In 0.8.4 this
triggers the use of the negotiate protocol for authentication.

  1. You can also use these commands to test your remote winrm configuration:

This should give you a few lines of text that doesn't look like an error
(change the IP):
test-wsman 192.158.5.105

Run this in powershell, enter Administrator and the password on the remote
machine
$Credential = Get-Credential

You'll need to trust the remote machine probably for the following tests.
The output for test-wsman should be similar to the last time you ran it.
winrm set winrm/config/client '@{TrustedHosts="192.168.5.105"}'
test-wsman 192.168.5.105 -Authentication Basic -Credential $Credential
test-wsman 192.168.5.105 -Authentication Negotiate -Credential $Credential

  1. Finally if you're still having problems, run and share the output of
    "winrm get winrm/config/service"

Bryan

11
  1. Some questions and a guess:

What version of knife-windows are you using?

​I'm using knife on a Mac, and it's Chef: 11.16.2​

Are you really logging in as plain administrator, or are you using a
domain account?

​Yes, plain administrator​

Are you running this on a Windows workstation?

​On a Mac​

If your answers are "0.8.4", "yes plain local Administrator", and "yes,
windows workstation", then try this instead:

knife bootstrap windows winrm 'server.nightly.bla' -r 'app::base' -x
.\administrator -P 'xyz'

That is, specify .\Administrator instead of Administrator. In 0.8.4 this
triggers the use of the negotiate protocol for authentication.

​Tried that, same thing. But I'm not using knife-windows.​

  1. You can also use these commands to test your remote winrm configuration:

This should give you a few lines of text that doesn't look like an error
(change the IP):
test-wsman 192.158.5.105

Run this in powershell, enter Administrator and the password on the remote
machine
$Credential = Get-Credential

You'll need to trust the remote machine probably for the following tests.
The output for test-wsman should be similar to the last time you ran it.
winrm set winrm/config/client '@{TrustedHosts="192.168.5.105"}'
test-wsman 192.168.5.105 -Authentication Basic -Credential $Credential
test-wsman 192.168.5.105 -Authentication Negotiate -Credential $Credential

  1. Finally if you're still having problems, run and share the output of
    "winrm get winrm/config/service"

​.... Ahhh! (slaps forehead)

When running that command I notice that
AllowUnencrypted
was​

​set to false.

I'm now getting an error about my .pem file missing, but I can solve that
one hopefully.

Many thanks! ... and there are some useful commands you've shown me for a
Linux admin, using a Mac to build Windows machines! :slight_smile:

12

Hey Steve,

Just FYI, if you are using knife bootstrap windows …, you are using knife-windows (that capability isn’t in core Chef yet).

Anyway, as you noticed with the AllowUnencrypted setting, that is due to the fact that we are missing libraries for Linux and Mac that can do Windows negotiate authentication. We’ve got work in progress (mostly from Bryan’s team) to make that configuration and security story much better/easier, but for the time being we are stuck with that.

Steve

Steven Murawski
Community Software Development Engineer @ Chef
Microsoft MVP - PowerShell
http://stevenmurawski.com [http://stevenmurawski.com/]
On 4/16/2015 1:17:24 AM, Button, Steve steve.button@pearson.com wrote:

  1. Some questions and a guess:

What version of knife-windows are you using?

​I’m using knife on a Mac, and it’s Chef: 11.16.2​

Are you really logging in as plain administrator, or are you using a domain account?

​Yes, plain administrator​

Are you running this on a Windows workstation?
​On a Mac​

If your answers are “0.8.4”, “yes plain local Administrator”, and “yes, windows workstation”, then try this instead:

knife bootstrap windows winrm ‘server.nightly.bla’ -r ‘app::base’ -x .\administrator -P ‘xyz’

That is, specify .\Administrator instead of Administrator. In 0.8.4 this triggers the use of the negotiate protocol for authentication.

​Tried that, same thing. But I’m not using knife-windows.​

  1. You can also use these commands to test your remote winrm configuration:

This should give you a few lines of text that doesn’t look like an error (change the IP):
test-wsman 192.158.5.105

Run this in powershell, enter Administrator and the password on the remote machine
$Credential = Get-Credential

You’ll need to trust the remote machine probably for the following tests. The output for test-wsman should be similar to the last time you ran it.
winrm set winrm/config/client ‘@{TrustedHosts=“192.168.5.105”}’

test-wsman 192.168.5.105 -Authentication Basic -Credential $Credential

test-wsman 192.168.5.105 -Authentication Negotiate -Credential $Credential

  1. Finally if you’re still having problems, run and share the output of “winrm get winrm/config/service”

​… Ahhh! (slaps forehead)

When running that command I notice that
AllowUnencrypted
was​
​set to false.

I’m now getting an error about my .pem file missing, but I can solve that one hopefully.

Many thanks! … and there are some useful commands you’ve shown me for a Linux admin, using a Mac to build Windows machines! :slight_smile: