Windows mount provide problems

Hi all,

Has anyone used the mount provider on a windows machine successfully? I am having permissions related issues which only occur when mounting remotely.

When I run chef I get the following output:

Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Cloning resource attributes for mount[Z:] from prior resource (CHEF-3694)
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Previous mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:25:in from_file' Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Current mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:infrom_file’
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Cloning resource attributes for mount[Z:] from prior resource (CHEF-3694)
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Previous mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:in from_file' Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Current mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:39:infrom_file’
Client.foo.com [2013-07-25T13:34:40+02:00] INFO: Processing mount[Z:] action umount (myCookbook::default line 25)
Client.foo.com [2013-07-25T13:34:40+02:00] INFO: Processing mount[Z:] action mount (myCookbook::default line 30)
Client.foo.com
Client.foo.com ================================================================================
Client.foo.com Error executing action mount on resource 'mount[Z:]'
Client.foo.com ================================================================================
Client.foo.com
Client.foo.com ArgumentError
Client.foo.com -------------
Client.foo.com Access is denied.
Client.foo.com
Client.foo.com Resource Declaration:
Client.foo.com ---------------------
Client.foo.com # In c:/chef/cache/cookbooks/myCookbook/recipes/default.rb
Client.foo.com
Client.foo.com 30: mount mountDrive do
Client.foo.com 31: action :mount
Client.foo.com 32: device node[‘app’][‘app’][‘mount’]
Client.foo.com 33: end
Client.foo.com 34:
Client.foo.com
Client.foo.com Compiled Resource:
Client.foo.com ------------------
Client.foo.com # Declared in c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:in `from_file’
Client.foo.com
Client.foo.com mount(“Z:”) do
Client.foo.com action [:mount]
Client.foo.com supports {:remount=>false}
Client.foo.com retries 0
Client.foo.com retry_delay 2
Client.foo.com mount_point "Z:"
Client.foo.com device "\\myhost\share"
Client.foo.com device_type :device
Client.foo.com fstype "auto"
Client.foo.com options [“defaults”]
Client.foo.com dump 0
Client.foo.com pass 2
Client.foo.com cookbook_name "myCookbook"
Client.foo.com recipe_name "default"
Client.foo.com end

I have debugged the issue by checking that I can do the mounts locally from the command line as well as doing a winrs remote sessions. It seems that user impersonation gets in the way in remote sessions, and that some security restrictions require that a user and password be provided again when calling net use:

C:\Windows\system32>winrs -r: cmd.exe -u: -p:
Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\bir>net use Z: \somehost\share
The password is invalid for \somehost\share.

Enter the user name for ‘somehost’: foo
Enter the password for somehost: bar

I am assuming that this is due to some miss-configuration of winrs and not a permanent restriction. All the obvious checks have been done on share permissions, folder permissions, using an account with enough permissions, etc. Does anyone have any ideas?

Cheers,
Flo

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential and/or legally privileged and they may not be used or disclosed by someone who is not a named recipient. If you have received this electronic communication in error please notify the sender by replying to this electronic communication inserting the word “misdirected” as the subject and delete this communication from your system.

Florian, does it work when you supply the user name and password attributes for the mount resource (requires Chef 11.6 for that)?

Have you set the credssp option ( WSMan:\localhost\Service\Auth\Credssp from powershell) for winrm on the server?

-Adam

From: Florian Hehlen <Florian.Hehlen@mri-group.commailto:Florian.Hehlen@mri-group.com>
Reply-To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Date: Thursday, July 25, 2013 4:46 AM
To: “‘chef@lists.opscode.commailto:'chef@lists.opscode.com’” <chef@lists.opscode.commailto:chef@lists.opscode.com>
Subject: [chef] windows mount provide problems

Hi all,

Has anyone used the mount provider on a windows machine successfully? I am having permissions related issues which only occur when mounting remotely.

When I run chef I get the following output:

Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Cloning resource attributes for mount[Z:] from prior resource (CHEF-3694)
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Previous mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:25:in from_file' Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Current mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:infrom_file’
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Cloning resource attributes for mount[Z:] from prior resource (CHEF-3694)
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Previous mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:in from_file' Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Current mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:39:infrom_file’
Client.foo.com [2013-07-25T13:34:40+02:00] INFO: Processing mount[Z:] action umount (myCookbook::default line 25)
Client.foo.com [2013-07-25T13:34:40+02:00] INFO: Processing mount[Z:] action mount (myCookbook::default line 30)
Client.foo.com
Client.foo.com ================================================================================
Client.foo.com Error executing action mount on resource 'mount[Z:]'
Client.foo.com ================================================================================
Client.foo.com
Client.foo.com ArgumentError
Client.foo.com -------------
Client.foo.com Access is denied.
Client.foo.com
Client.foo.com Resource Declaration:
Client.foo.com ---------------------
Client.foo.com # In c:/chef/cache/cookbooks/myCookbook/recipes/default.rb
Client.foo.com
Client.foo.com 30: mount mountDrive do
Client.foo.com 31: action :mount
Client.foo.com 32: device node[‘app’][‘app’][‘mount’]
Client.foo.com 33: end
Client.foo.com 34:
Client.foo.com
Client.foo.com Compiled Resource:
Client.foo.com ------------------
Client.foo.com # Declared in c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:in `from_file’
Client.foo.com
Client.foo.com mount(“Z:”) do
Client.foo.com action [:mount]
Client.foo.com supports {:remount=>false}
Client.foo.com retries 0
Client.foo.com retry_delay 2
Client.foo.com mount_point "Z:"
Client.foo.com device "\\myhost\share"
Client.foo.com device_type :device
Client.foo.com fstype "auto"
Client.foo.com options [“defaults”]
Client.foo.com dump 0
Client.foo.com pass 2
Client.foo.com cookbook_name "myCookbook"
Client.foo.com recipe_name "default"
Client.foo.com end

I have debugged the issue by checking that I can do the mounts locally from the command line as well as doing a winrs remote sessions. It seems that user impersonation gets in the way in remote sessions, and that some security restrictions require that a user and password be provided again when calling net use:

C:\Windows\system32>winrs -r: cmd.exe -u: -p:
Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\bir>net use Z: \somehost\share
The password is invalid for \somehost\share.

Enter the user name for ‘somehost’: foo
Enter the password for somehost: bar

I am assuming that this is due to some miss-configuration of winrs and not a permanent restriction. All the obvious checks have been done on share permissions, folder permissions, using an account with enough permissions, etc. Does anyone have any ideas?

Cheers,
Flo

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential and/or legally privileged and they may not be used or disclosed by someone who is not a named recipient. If you have received this electronic communication in error please notify the sender by replying to this electronic communication inserting the word “misdirected” as the subject and delete this communication from your system.

Adam,

Thanks for the response.

I have not tried with 11.6. I am using 11.4.4 and would rather not change as I am in the final stages of getting my first cookbooks ready for prod.

I am not sure what you mean with the other suggestions. I have tried to apply what I found on the following page but that does not seem to have helped: http://technet.microsoft.com/en-us/library/hh849872.aspx

Cheers,
Florian

From: Adam Edwards [mailto:adamed@opscode.com]
Sent: 25 July 2013 17:49
To: chef@lists.opscode.com
Subject: [chef] Re: windows mount provide problems

Florian, does it work when you supply the user name and password attributes for the mount resource (requires Chef 11.6 for that)?

Have you set the credssp option ( WSMan:\localhost\Service\Auth\Credssp from powershell) for winrm on the server?

-Adam

From: Florian Hehlen <Florian.Hehlen@mri-group.commailto:Florian.Hehlen@mri-group.com>
Reply-To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>
Date: Thursday, July 25, 2013 4:46 AM
To: “‘chef@lists.opscode.commailto:'chef@lists.opscode.com’” <chef@lists.opscode.commailto:chef@lists.opscode.com>
Subject: [chef] windows mount provide problems

Hi all,

Has anyone used the mount provider on a windows machine successfully? I am having permissions related issues which only occur when mounting remotely.

When I run chef I get the following output:

Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Cloning resource attributes for mount[Z:] from prior resource (CHEF-3694)
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Previous mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:25:in from_file' Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Current mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:infrom_file’
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Cloning resource attributes for mount[Z:] from prior resource (CHEF-3694)
Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Previous mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:in from_file' Client.foo.com [2013-07-25T13:34:40+02:00] WARN: Current mount[Z:]: c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:39:infrom_file’
Client.foo.com [2013-07-25T13:34:40+02:00] INFO: Processing mount[Z:] action umount (myCookbook::default line 25)
Client.foo.com [2013-07-25T13:34:40+02:00] INFO: Processing mount[Z:] action mount (myCookbook::default line 30)
Client.foo.com
Client.foo.com ================================================================================
Client.foo.com Error executing action mount on resource 'mount[Z:]'
Client.foo.com ================================================================================
Client.foo.com
Client.foo.com ArgumentError
Client.foo.com -------------
Client.foo.com Access is denied.
Client.foo.com
Client.foo.com Resource Declaration:
Client.foo.com ---------------------
Client.foo.com # In c:/chef/cache/cookbooks/myCookbook/recipes/default.rb
Client.foo.com
Client.foo.com 30: mount mountDrive do
Client.foo.com 31: action :mount
Client.foo.com 32: device node[‘app’][‘app’][‘mount’]
Client.foo.com 33: end
Client.foo.com 34:
Client.foo.com
Client.foo.com Compiled Resource:
Client.foo.com ------------------
Client.foo.com # Declared in c:/chef/cache/cookbooks/myCookbook/recipes/default.rb:30:in `from_file’
Client.foo.com
Client.foo.com mount(“Z:”) do
Client.foo.com action [:mount]
Client.foo.com supports {:remount=>false}
Client.foo.com retries 0
Client.foo.com retry_delay 2
Client.foo.com mount_point "Z:"
Client.foo.com device "\\myhost\share<file:///\\myhost\share>"
Client.foo.com device_type :device
Client.foo.com fstype "auto"
Client.foo.com options [“defaults”]
Client.foo.com dump 0
Client.foo.com pass 2
Client.foo.com cookbook_name "myCookbook"
Client.foo.com recipe_name "default"
Client.foo.com end

I have debugged the issue by checking that I can do the mounts locally from the command line as well as doing a winrs remote sessions. It seems that user impersonation gets in the way in remote sessions, and that some security restrictions require that a user and password be provided again when calling net use:

C:\Windows\system32>winrs -r: cmd.exe -u: -p:
Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\bir>net use Z: \somehost\share<file:///\somehost\share>
The password is invalid for \somehost\share<file:///\somehost\share>.

Enter the user name for ‘somehost’: foo
Enter the password for somehost: bar

I am assuming that this is due to some miss-configuration of winrs and not a permanent restriction. All the obvious checks have been done on share permissions, folder permissions, using an account with enough permissions, etc. Does anyone have any ideas?

Cheers,
Flo

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential and/or legally privileged and they may not be used or disclosed by someone who is not a named recipient. If you have received this electronic communication in error please notify the sender by replying to this electronic communication inserting the word “misdirected” as the subject and delete this communication from your system.

LEGAL DISCLAIMER
This communication and any attached documents are strictly confidential and/or legally privileged and they may not be used or disclosed by someone who is not a named recipient. If you have received this electronic communication in error please notify the sender by replying to this electronic communication inserting the word “misdirected” as the subject and delete this communication from your system.