'$ knife wsman test' fails

I’m following this tutorial https://learn.chef.io/manage-a-node/windows/get-a-node-to-bootstrap/ to bootstrtap a Windows 2012 r2 node.

But when I ran the following test from my Chef DK on Ubuntu (step 5 in the tutorial),

$ knife wsman test IP_ADDRESS_OF_MY_WINDOWS_NODE --manual-list --winrm-transport ssl --winrm-ssl-verify-mode verify_none

I got the following error:

$ knife wsman test IP_ADDRESS_OF_MY_WINDOWS_NODE --manual-list --winrm-transport ssl --winrm-ssl-verify-mode verify_none
WARNING: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests for the WinRM transport is disabled. HTTPS WinRM
connections are still encrypted, but knife is not able to detect forged replies
or spoofing attacks.

To fix this issue add an entry like this to your knife configuration file:

  # Verify all WinRM HTTPS connections (default, recommended)
  knife[:winrm_ssl_verify_mode] = :verify_peer

Connected successfully to IP_ADDRESS_OF_MY_WINDOWS_NODE at https://IP_ADDRESS_OF_MY_WINDOWS_NODE:5986/wsman.
WARNING: Failed to connect to IP_ADDRESS_OF_MY_WINDOWS_NODE at https://IP_ADDRESS_OF_MY_WINDOWS_NODE:5986/wsman.
ERROR: Failed to connect to 1 nodes.

Why is it connected successfully first but then disconnected?

Versions I’m using:

$ chef gem list | grep windows
knife-windows (1.2.1)

$ chef -v
Chef Development Kit Version: 0.11.0
chef-client version: 12.7.2
berks version: 4.1.1
kitchen version: 1.5.0

Thanks in advance for any tips to fix this.

I did the above in an environment that connects to the Internet via proxy.

I also did the above tutorial in an environment without proxy. The ‘knife wsman test’ was successful without errors.

Hi Victor,

You likely need to configure knife to work with your proxy. We’re planning a Learn Chef tutorial that helps guide you through your use of Chef from behind the firewall or proxy.

For now, does anything in the documentation help?

Hello tpetchel.

I had already configured proxy settings per the doc link you mentioned above before I tried my unsuccessful Windows bootstrapping. However, I can bootstrap Ubuntu and RHEL nodes in the same environment without issues. I have also used WinRM in Chef Compliance to successfully connect to and scan the same Windows node.

It’ll be very helpful if you guys can provide the following documentation:
How to configure knife-windows to work with Windows nodes in an environment that goes through a proxy to reach the Internet.
How to configure bootstrapping (both Windows and Linux nodes) with no Internet connection.(E.g., pre-download chef client .deb, gems, etc. Prod environment may not have any Internet access.)

‘knife wsman test’ and Windows bootstrapping are working now after I commented out http_proxy in knfe.rb (I had no_proxy but that didn’t have effects).