chef - [chef] Re: RE: Still hitting same problem of COOK-1172 after applying hotfix from Microsoft

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: RE: Still hitting same problem of COOK-1172 after applying hotfix from Microsoft

From: Steven Murawski < >
To:
Subject: [chef] Re: RE: Still hitting same problem of COOK-1172 after applying hotfix from Microsoft
Date: Tue, 11 Nov 2014 11:15:09 -0600

Carl,

When you run chef-client from an interactive logon session (either via RDP or a console session), you are operating in a different security context then WinRM and PowerShell Remoting does. WinRM and PowerShell Remoting are hosted in the winrm service. When you connect to a remote WinRM or PowerShell Remoting session, you are authenticating to the service and it is a non-interactive logon to the system (which has certain security implications).

Unfortunately, KB2918614 "fixes" some security issues with the Windows installer service. That fix breaks several scenarios in trying to install software over WinRM. Since PowerShell Remoting is layered on top of WinRM, it suffers the same security context issue with the Installer service. If you run chef (chef-solo, chef-client using a chef server, or chef-client with local mode) via WinRM or PowerShell Remoting you'll hit the broken behavior of the Installer service.

The main workaround is to use a scheduled task (which is what we do in knife-windows now if the bootstrap fails to install chef-client). Until you can apply the later hotfix, this is the only workaround when connecting via WinRM (or PowerShell Remoting).

Steve

Steven Murawski

Community Manager @ Chef

Microsoft MVP - PowerShell
http://stevenmurawski.com

On November 11, 2014 at 9:35:00 AM, ( "> ) wrote:

Hi Zenkai,

I’m not sure if you got an answer to this or found it yourself, but was this question referring to the Microsoft patch KB2918614?

If so, there was an update released for knife-windows, so you need to update the GEM, using ‘gem update knife-windows’ to get the latest version.

I could get recipes or bootstraps to run with the patch removed but as soon as it was replaced WinRM broke.

Updating the GEM has fixed the issues I had with bootstrapping and remote file copies initiated from WinRM.

Hope this helps

Chris

From: Zhenkai Jiang [mailto:
Sent: 24 October 2014 04:27
To:
Subject: [chef] Still hitting same problem of COOK-1172 after applying hotfix from Microsoft

Hi

I've been trying to install SQL Server Express on HPCS using chef client local mode through Powershell Remoting (trying to avoid using Chef Server) but so far
with no success.

I have had exact same (at least looks identical to me) as ticket COOK-1172 described.

I am able to run the cookbook from local Powershell window and install SQL Server without any error. Once I switched to execute from remote machine. It fails just like that ticket.

I am able to work around with similar trick setting up schedule task in windows.

But I am not able to get this over by applying Microsoft hotfix which closed that ticket.

Anybody had experience can help me? Thanks Not sure what I missed.

/Carl

[chef] RE: Still hitting same problem of COOK-1172 after applying hotfix from Microsoft, , 11/11/2014
- [chef] Re: RE: Still hitting same problem of COOK-1172 after applying hotfix from Microsoft, Steven Murawski, 11/11/2014