Skip to content

Instantly share code, notes, and snippets.

@hsiboy

hsiboy/publicorprivate.md

Created October 2, 2014 11:21
Show Gist options
  • Save hsiboy/c2cff2de2c92cb1c5ac8 to your computer and use it in GitHub Desktop.
Save hsiboy/c2cff2de2c92cb1c5ac8 to your computer and use it in GitHub Desktop.
Download ZIP
Chef knife windows - winrm quickconfig - Error number: -2144108183 0x80338169
Raw
publicorprivate.md

##knife windows fails

If you want to use the Chef knife windows, you must be able to run WinRM. WinRM needs to be installed, and then configured correctly. it is easy to configure winrm quickconfig -q but that may fail, and on Winodws 8 the fix is non obvious:

PS C:\Windows\system32> winrm quickconfig -q
WinRM service is already running on this machine.
WSManFault
    Message
        ProviderFault
            WSManFault
                Message = WinRM firewall exception will not work since one of the network connection types on this machi
ne is set to Public. Change the network connection type to either Domain or Private and try again.

Error number:  -2144108183 0x80338169
WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Chang
e the network connection type to either Domain or Private and try again.
PS C:\Windows\system32>

Check which network interface is set to "public"

PS C:\Windows\system32> Get-netConnectionProfile


Name             : Connection #1
InterfaceAlias   : Ethernet 4
InterfaceIndex   : 8
NetworkCategory  : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : LocalNetwork

Name             : Unidentified network
InterfaceAlias   : VirtualBox Host-Only Network #3
InterfaceIndex   : 33
NetworkCategory  : Public
IPv4Connectivity : NoTraffic
IPv6Connectivity : LocalNetwork

Ok, so we need to set the virtualBox connection to be private:

PS C:\Windows\system32> Set-NetConnectionProfile -InterfaceAlias "VirtualBox Host-Only Network #3" -NetworkCategory priv
ate

and validate the change:

PS C:\Windows\system32> Get-netConnectionProfile


Name             : Connection #1
InterfaceAlias   : Ethernet 4
InterfaceIndex   : 8
NetworkCategory  : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : LocalNetwork

Name             : Unidentified network
InterfaceAlias   : VirtualBox Host-Only Network #3
InterfaceIndex   : 33
NetworkCategory  : Private
IPv4Connectivity : NoTraffic
IPv6Connectivity : LocalNetwork

Now lets try winrm again

PS C:\Windows\system32> winrm quickconfig -q
WinRM service is already running on this machine.
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:

Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
Enable the WinRM firewall exception.

WinRM has been updated for remote management.

Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
WinRM firewall exception enabled.

Great! So now WinRM is listening and acceptin requests, we can move on to using knife windows.

@mrswadge
Copy link

The Get-netConnectionProfile isn't available in Windows 7 unfortunately, but there is a script that can be used to do this available here: https://blogs.msdn.microsoft.com/dimeby8/2009/06/10/change-unidentified-network-from-public-to-work-in-windows-7/

I changed it to be a bit more talkative:

$NLMType = [Type]::GetTypeFromCLSID('DCB00C01-570F-4A9B-8D69-199FDBA5723B')
$INetworkListManager = [Activator]::CreateInstance($NLMType)
$NLM_ENUM_NETWORK_CONNECTED  = 1
$NLM_NETWORK_CATEGORY_PUBLIC = 0x00
$NLM_NETWORK_CATEGORY_PRIVATE = 0x01
$NLM_NETWORK_CATEGORY_DOMAIN = 0x02
$UNIDENTIFIED = "Unidentified network"
$INetworks = $INetworkListManager.GetNetworks($NLM_ENUM_NETWORK_CONNECTED)
foreach ($INetwork in $INetworks)
{
	$Name = $INetwork.GetName()
	$Category = $INetwork.GetCategory()
	$CategoryName = switch ($Category){
		$NLM_NETWORK_CATEGORY_PUBLIC {'Public'}
		$NLM_NETWORK_CATEGORY_PRIVATE {'Private'}
		$NLM_NETWORK_CATEGORY_DOMAIN {'Domain'} 
		Default {$Category}
	}
	Write-Host "Network named: $Name is of type: $CategoryName"
	if ($INetwork.IsConnected -and ($Category -eq $NLM_NETWORK_CATEGORY_PUBLIC) -and ($Name -eq $UNIDENTIFIED))
	{
		Write-Host "Changing network $Name to Private"
		$INetwork.SetCategory($NLM_NETWORK_CATEGORY_PRIVATE)
	}
}

[Environment]::Exit(0)

The alternative via the UI is to go into Admin Tools, Local Security Policy, Network List Manager Polices, Unidentified Networks and then set the Location type to Private there.

Hope this is helpful to someone.

Cheers,
Stuart

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment