[chef] Re: Re: Server 2012/WinRM3 uses different security?

[David Petzel < >]

WinRM does impose limitations on what you can do over that interface. I fought with this for a quite a bit a while back when trying to get nodes to automatically install windows updates.

I ended up on http://msdn.microsoft.com/en-us/library/aa387288%28VS.85%29.aspx

On that page in the section "The following list contains interfaces and properties that are not available to remote users and applications" it lists a number of interfaces which are disallowed. I know in my case, with Windows updates I was restricted on "IUpdateSession::CreateUpdateDownloader". 

If I ran my windows update code over SSH (WinSSHD), it would work just fine, however when chef-client was invoked over WinRM, it would fail with "OLE error code:80070005"

Luckily for me we have WinSSHD across the board, so I was able to just punt and use SSH. 

Sorry thats not really a solution, but I did want to pass along the info I had learned (the hard way)

On Thu, May 23, 2013 at 4:10 PM, Peter Donald < " target="_blank"> > wrote:

Hi,

On Fri, May 24, 2013 at 4:39 AM, Nate Fox < "> > wrote:
> My question is this: is there a permissions issue of some kind when running
> chef through WinRM3 that doesnt allow programs to go out to the internet?

I was fighting with the exact same problem yesterday. Yet to find an
answer. It seems it is anything requiring network credentials is
disabled. We can't even access the local DFS. It has been suggested
that we need to set up Multi-hop support [1] for winrm but I have't
yet to figure out how to do that via knife. All of the instructions
seem to be for when using windows as the client where we run chef off
non-windows hosts.