mwrock/packer-templates

Why would installing updates invalidate a password in autounattend?

Closed this issue · 1 comments

spuder commented

The windows 2012r2 template work great except for one weird corner case. Matt, do you have any idea whats going on here?

If I change the username to something other than vagrant, AND I install windows updates, then on the first boxstarter reboot, I get "invalid password".

Note that If I do one or the other (change username OR install windows updates), packer builds correctly.

Autounattend has called boxstarter.ps1 and boxstarter has called package.ps1
inside package.ps1, boxstarter is running Install-WindowsUpdate -AcceptEula

screenshot 2016-06-01 13 01 35

package.ps1 has completed and boxstarter is about to reboot
Note the line "Securely Storing installer credentials for automatic login"

screenshot 2016-06-01 13 02 36

Yet on the first boot

screenshot 2016-06-01 13 05 12

I take the exact same configs and replace my username & password with 'vagrant', and autologon works.

screenshot 2016-06-01 13 58 26

  • Vagrant username & windows updates = Success
  • Custom username without windows updates = Success
  • Custom username & windows updates = Failure

I know the user is setup correctly, because I can click ok and type in the password manually. Boxstarter then resumes.

To make sure It isn't a problem with the autounattend.xml, I've tried both plain text and base64 encoded passwords. Both work fine.

  <AutoLogon>
       <Enabled>true</Enabled>
       <Username>installer</Username>
       <Password>
            <Value>xxxxxxxxxxxxxxxxxxxxx</Value>
            <PlainText>false</PlainText>
        </Password>
    </AutoLogon>
  <AutoLogon>
        <Enabled>true</Enabled>
        <Username>installer
</Username>
        <Password>
            <Value>correct-horse-battery-staple</Value>
            <PlainText>true</PlainText>
        </Password>
   </AutoLogon>

I've searched every script for any hard coded references to 'vagrant', I can find none.
I've also checked the external scripts boxstarter calls for any hard coded 'vagrant' references.
It can't be a windows update breaking this since it works with the 'vagrant' user.

I've also tried the following in package.ps1

Install-WindowsUpdate -AcceptEula -SuppressReboots

I can reproduce this 100% of the time. Going on 10 times with the exact same results. Any ideas?

spuder commented

Looks like I might have missed the hard coded vagrant user in boxstarter.ps1

$secpasswd = ConvertTo-SecureString "vagrant" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("vagrant", $secpasswd)

These 2 variables are only used when boxstarter triggers a reboot. A reboot is only triggered when windows updates run.

I'll see myself out 🚶