RE: Re: Can bootstrap but other remote command fails

Hi all,

I have resolved issues in at least one case by using the domain admin account. I now have to check and see what are the differences between the Hyper-V instances and the regular installs that means only the domain admin can do this.

Cheers,
Florian

From: Florian Hehlen
Sent: 12 July 2013 15:18
To: 'chef@lists.opscode.com’
Subject: RE: [chef] Re: Can bootstrap but other remote command fails

Hi,

I have been debugging this for over a day now. Here are some further observations:

  •     We have 2 domains(in the middle of a migration) which might be causing some issues
    

o winrm set winrm/config/client @{TrustedHosts="*"} has helped get some basic winrm functionality working but done nothing to improve the bootstrapping situation

  •     The 2 machines where I have issues are on Hyper-V. That said there is plenty else that is different between the hyper-v and non-hyper-v instances.
    

Questions:

  1.   Does anyone know how to increase the logging on winrm or on knife windows to see the actual calls being made
    

a. -VV does not show much more. I have been adding some extra logging statements around the code but without much success

b. Winrm documentation has not been much help

  1.   Does anybody know some good winrm or winrs commands that reproduce what the bootstrap procedure calls
    

a. winrm id -r:host -u:user -p:password works on both faulty machines

b. winrs -r:host -u:user -p:password “cmd.exe” works on both problem machines

cheers,
florian

From: Florian Hehlen
Sent: 11 July 2013 10:14
To: 'chef@lists.opscode.com’
Subject: RE: [chef] Re: Can bootstrap but other remote command fails

Answers:

  1.   Workstation: Windows 7; client Windows 7 running on hyper-v.
    
  2.   I stripped out that part. I am passing explicit -x user -P password arguments.
    
  3.   Yes
    

I have been trying other machines to see if I can get more clues. I currently have 2 clients working correctly. They are both Windows 7 and proper PC boxes. I have been testing with a Windows 2012 server running on Hyper-V and having different problems there. Bootstrapping is not even working. This is probably completely unrelated though.

I am at the point where I am going to give openssh a try although I would prefer not to add that extra dependency in the long-run. But WinRM is barely documented and no one out there(aside from MS tools) seems to use it or document how they set it up.

Cheers
Florian

From: Adam Edwards [mailto:adamed@opscode.com]
Sent: 10 July 2013 18:07
To: chef@lists.opscode.com
Subject: [chef] Re: Can bootstrap but other remote command fails

It’s strange that bootstrap via winrm worked but knife winrm doesn’t work. Questions:

  1. What OS is your workstation running?
  2. Are the commands below literally what you used, or are you also passing explicit credentials via cli switches?
  3. If you repeat the bootstrap of that same machine, does it still succeed?
    I really hope this doesn’t lead us down the path of problems / limitations with ruby-ntlm and friends…

-Adam

From: Florian Hehlen <Florian.Hehlen@mri-group.commailto:Florian.Hehlen@mri-group.com>
Reply-To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Date: Tuesday, July 9, 2013 11:42 PM
To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Subject: [chef] Can bootstrap but other remote command fails

Hi,

I am running Chef(11.4.4) in windows environment. I have a private Chef Server running on Ubuntu(12.4) which is registered in the domain. I am using winrm to communicate from workstation to nodes.

I having trouble with one machine where strangely I can bootstrap with

knife bootstrap windows winrm

But when I try to run a simple remote command like

knife winrm “pwd”

I get the following error:

ERROR: Failed to authenticate to [“myhost”] as domain\user
Response: Bad HTTP response returned from server (401).

To make things worse, This is only happening on one machine.

thanks.

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential and/or legally privileged and they may not be used or disclosed by someone who is not a named recipient. If you have received this electronic communication in error please notify the sender by replying to this electronic communication inserting the word “misdirected” as the subject and delete this communication from your system.

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential and/or legally privileged and they may not be used or disclosed by someone who is not a named recipient. If you have received this electronic communication in error please notify the sender by replying to this electronic communication inserting the word “misdirected” as the subject and delete this communication from your system.