'$ knife wsman test' fails

Victor · March 16, 2016, 2:34pm

I’m following this tutorial https://learn.chef.io/manage-a-node/windows/get-a-node-to-bootstrap/ to bootstrtap a Windows 2012 r2 node.

But when I ran the following test from my Chef DK on Ubuntu (step 5 in the tutorial),

$ knife wsman test IP_ADDRESS_OF_MY_WINDOWS_NODE --manual-list --winrm-transport ssl --winrm-ssl-verify-mode verify_none

I got the following error:

$ knife wsman test IP_ADDRESS_OF_MY_WINDOWS_NODE --manual-list --winrm-transport ssl --winrm-ssl-verify-mode verify_none
WARNING: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests for the WinRM transport is disabled. HTTPS WinRM
connections are still encrypted, but knife is not able to detect forged replies
or spoofing attacks.

To fix this issue add an entry like this to your knife configuration file:

  # Verify all WinRM HTTPS connections (default, recommended)
  knife[:winrm_ssl_verify_mode] = :verify_peer

Connected successfully to IP_ADDRESS_OF_MY_WINDOWS_NODE at https://IP_ADDRESS_OF_MY_WINDOWS_NODE:5986/wsman.
WARNING: Failed to connect to IP_ADDRESS_OF_MY_WINDOWS_NODE at https://IP_ADDRESS_OF_MY_WINDOWS_NODE:5986/wsman.
ERROR: Failed to connect to 1 nodes.

Why is it connected successfully first but then disconnected?

Versions I’m using:

$ chef gem list | grep windows
knife-windows (1.2.1)

$ chef -v
Chef Development Kit Version: 0.11.0
chef-client version: 12.7.2
berks version: 4.1.1
kitchen version: 1.5.0

Thanks in advance for any tips to fix this.

Victor · March 16, 2016, 2:56pm

I did the above in an environment that connects to the Internet via proxy.

I also did the above tutorial in an environment without proxy. The ‘knife wsman test’ was successful without errors.

tpetchel · March 21, 2016, 12:32pm

Hi Victor,

You likely need to configure knife to work with your proxy. We’re planning a Learn Chef tutorial that helps guide you through your use of Chef from behind the firewall or proxy.

For now, does anything in the documentation help?

Victor · March 21, 2016, 1:35pm

Hello tpetchel.

I had already configured proxy settings per the doc link you mentioned above before I tried my unsuccessful Windows bootstrapping. However, I can bootstrap Ubuntu and RHEL nodes in the same environment without issues. I have also used WinRM in Chef Compliance to successfully connect to and scan the same Windows node.

It’ll be very helpful if you guys can provide the following documentation:
How to configure knife-windows to work with Windows nodes in an environment that goes through a proxy to reach the Internet.
How to configure bootstrapping (both Windows and Linux nodes) with no Internet connection.(E.g., pre-download chef client .deb, gems, etc. Prod environment may not have any Internet access.)

Victor · March 22, 2016, 7:41pm

‘knife wsman test’ and Windows bootstrapping are working now after I commented out http_proxy in knfe.rb (I had no_proxy but that didn’t have effects).

Topic		Replies	Views
[RESOLVED] Knife bootstrap Windows 2012 Chef Infra (archive)	1	634	August 10, 2018
Cannot verify network traffic by "knife wsman test" command Chef Infra (archive)	8	2262	April 27, 2016
How do I instruct during bootstrap to ignore SSL errors on Windows? Chef Infra (archive)	5	5222	May 17, 2016
Knife bootstrap issue Chef Infra (archive)	7	938	May 7, 2019
Knife ssl check error? Chef Infra (archive)	1	1263	December 31, 2016

'$ knife wsman test' fails

Related topics