- From: "
" <
>
- To: "
" <
>
- Subject: [chef] RE: Winrm issues in chef-recipe
- Date: Thu, 22 May 2014 09:47:37 +0000
- Accept-language: en-GB, en-US
Hi Ganesan
I've been using knife WinRM to bootstrap windows servers and I have found
that Directory auth would not work with it.
My Chef server is not a member of the Windows AD domain and I have no AD
auth provisioned to use with it which will be why it was not working.
I found there were several steps/settings that needed to be taken before
WinRM would respond to using a basic local admin account on each of the
servers (Microsoft have some good notes about how to configure WinRM which
was what I used).
The steps I have had to use on our test machines were:
Winrm quickconfig (this will enable WinRM to be contacted via http/https,
it is not enabled by default)
Set-ExecutionPolicy RemoteSigned (allow scripts to be run on each windows
server remotely via powershell)
(These settings cover the config of WinRM, the massive timeout is due to
items that we are running which can take a lot of time to complete, we were
seeing timeouts during chef-client runs which were down to this timeout
setting)
winrm set winrm/config '@{MaxTimeoutms="2700000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="3096"}' (upped to 3gb)
(the last three items refer to how much resource WinRM is having to use and
authentication methods. I had to allow un-encrypted auth, basic local account
access for our chef server so the bootstrapping would run. I suspect that
with the Chef Server tied into AD and these Auth settings tweaked then AD
auth should be usable but it is not something that I have looked at yet.
No doubt someone with more experience can clear-up these auth settings if we
wish to use AD accounts.
Thanks
Chris
-----Original Message-----
From:
[mailto:
Sent: 22 May 2014 07:52
To:
Subject: [chef] Winrm issues in chef-recipe
Hi,
I need to run chef-client in windows machine from one windows machine using
winrm/winrs. I had a code chef cookbook like
windows_batch "backup" do
cwd node['winrm_path']
code <<-EOH
winrs -r:ip_address chef-client
EOH
end
the above code(cookbook) will execute in windows machine from there it will
run chef-client in another windows machine using winrs but errors occured. I
enabled the winrm in both windows machines
errors like :
STDERR: Winrs error:The WinRM client cannot process the request. If the
authentication scheme is different from Kerberos, or if the client computer
is not joined to a domain, then HTTPS transport must be used or the
destination machine must be added to the TrustedHosts configuration setting.
Use winrm.cmd to configure TrustedHosts. Note that computers in the
TrustedHosts list might not be authenticated. You can get more information
about that by running the following command: winrm help config.
or else
Connecting to remote server failed with the following error message : WinRM
cannot process the request. The following error occured while using Kerberos
authentication: The network path was not found.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are
specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port
does not exist.
-The client and remote computers are in different domains and there is no
trust between the two domains.
any one help me how to resolve this??
Thanks,
Ganesan.A
Archive powered by MHonArc 2.6.16.