Develop Reference

MSIX in Docker container

Does anyone know how to install an MSIX package into a Docker container?
Currently my Dockerfile does the following:
Install PFX certificate to "Trusted Root Certification Authorities", which is specified by "Cert:\LocalMachine\Root" in the PowerShell command.
Copy MSIX package from network drive.
Install MSIX as an app. (Fails)
Remove local copy of MSIX package.
Dockerfile:
RUN powershell $pwd = ConvertTo-SecureString -String 'CeRtPaSsWoRd' -AsPlainText -Force; Import-PfxCertificate -Password $pwd -FilePath "R:/app-stream-cert.pfx" -CertStoreLocation Cert:\LocalMachine\Root \
&& copy "R:/mcre-22-r2-x64.msix" "C:/" \
&& powershell Add-AppPackage -path "C:/mcre-22-r2-x64.msix" \
&& del "C:/mcre-22-r2-x64.msix"
I have this error:
Add-AppPackage : Deployment failed with HRESULT: 0x80073D19, An error occurred
because a user was logged off.
error 0x80073D0A: Failed to install package
AnsysInc.mcre-22-r2_22.2.0.0_x64__13gfg92hgbc9g because the firewall service
is not running. Ensure that the firewall service is enabled and started.
NOTE: For additional information, look for [ActivityId]
b9bbd738-fed5-0000-fec9-bdb9d5fed801 in the Event Log or use the command line
Get-AppPackageLog -ActivityID b9bbd738-fed5-0000-fec9-bdb9d5fed801
At line:1 char:1
+ Add-AppPackage -path C:/mcre-22-r2-x64.msix
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (C:\mcre-22-r2-x64.msix:String) [A
dd-AppxPackage], Exception
+ FullyQualifiedErrorId : DeploymentError,Microsoft.Windows.Appx.PackageMa
nager.Commands.AddAppxPackageCommand
I've tried enabling firewall service in the container and on the host machine using powershell Start-Service -Name mpssvc. I'm able to enable firewall service on the host, but not in the container. Some posts indicate that Windows Docker containers share firewall service with their host. However my 0x80073D0A error still persists.
Environment info:
Docker engine version 20.10.21
Base image mcr.microsoft.com/windows:20H2
Host OS Win 10 Pro 10.0.19044.2251

Problem with Docker on Windows Server 2019: not running Linux containers

I was trying to install Docker on a fresh Windows Server 2019 using this guide (other guides seem to use the same procedure).
NB: I was given a Windows Server 2019 with Hyper-V installed, but with no virtual machine.
My installation commands were:
Enable-WindowsOptionalFeature –Online -FeatureName Microsoft-Hyper-V –All -NoRestart
Install-WindowsFeature RSAT-Hyper-V-Tools -IncludeAllSubFeature
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider
Restart-Computer –Force
And then:
Get-VM WinContainerHost | Set-VMProcessor -ExposeVirtualizationExtensions $true
Which returns an error:
Get-VM : Hyper-V was unable to find a virtual machine with name "WinContainerHost".
At line:1 char:1
+ Get-VM WinContainerHost | Set-VMProcessor -ExposeVirtualizationExtens ...
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (WinContainerHost:String) [Get-VM], VirtualizationException
+ FullyQualifiedErrorId : InvalidParameter,Microsoft.HyperV.PowerShell.Commands.GetVM
Now, my first question is: what is WinContainerHost? Who did create it? I cannot see it in my Hyper-V Management Console.
Nevertheless, I try to go on with the Docker installation process:
Install-Module DockerProvider
Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview
[Environment]::SetEnvironmentVariable(“LCOW_SUPPORTED”, “1”, “Machine”)
Restart-Service docker
After the process, typing docker --version, I get:
Docker version 17.10.0-ee-preview-3, build 1649af8
It seems that Docker is installed. I then try to launch a container with:
docker pull nginx:latest
which results in:
latest: Pulling from library/nginx
33847f680f63: Extracting [==================================================>] 27.15MB/27.15MB
dbb907d5159d: Download complete
8a268f30c42a: Download complete
b10cf527a02d: Download complete
c90b090c213b: Download complete
1f41b2f2bf94: Download complete
failed to register layer: failed to start service utility VM (applydiff 8f46920b86bdcdab20b89a73c657f59c52f0271fd2fa27bf87bb875c55c11f7a):
container 8f46920b86bdcdab20b89a73c657f59c52f0271fd2fa27bf87bb875c55c11f7a_svm encountered an error during CreateContainer: failure in a
Windows system call: The virtual machine could not be started because a required feature is not installed. (0xc0370102) extra info: {"SystemType"
:"container","Name":"8f46920b86bdcdab20b89a73c657f59c52f0271fd2fa27bf87bb875c55c11f7a_svm","Layers":null,"HvPartition":true,"HvRuntime":{"ImagePath"
:"C:\\Program Files\\Linux Containers","LinuxInitrdFile":"initrd.img","LinuxKernelFile":"bootx64.efi"},"ContainerType":"linux",
"TerminateOnLastHandleClosed":true}
My intuition tells me that the problem is with the Get-VM WinContainerHost | Set-VMProcessor -ExposeVirtualizationExtensions $true, but I cannot find a way to solve it.
Could someone please give me more insight on this? Thanks in advance.

Powershell script for bulk updating Windows Updates on many pc's

I have this script:
Invoke-WUJob -ComputerName comp-1,comp-2,comp-3 -Script {ipmo PSWindowsUpdate; Get-WUInstall -Install -AcceptAll | Out-File C:\PSWindowsUpdate.log } -Confirm:$false -Verbose –RunNow
and after execution I get this:
Invoke-WUJob : PSWindowsUpdate module missing on destination machine
At line:1 char:1
+ Invoke-WUJob -ComputerName 1002-hk-ws-001,1002-hk-ws-002,1002-hk-ws-0 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [Invoke-WUJob], Exception
+ FullyQualifiedErrorId : ModuleMissing,PSWindowsUpdate.InvokeWUJob
I used these commands below on every PC to install to PSWindowsUpdate and setup winrm and it still does not work:
winrm quickconfig -q
winrm set winrm/config/client ‘#{TrustedHosts="comp1,comp2,comp3"}’
Set-ExecutionPolicy RemoteSigned
Install-Module PSWindowsUpdate -Scope CurrentUser -Force
Any ideas?

the windows update cannot use remotely, maybe the hardening, you could work with a schedule task Register-ScheduledJob -scriptblock { get-windowsupdate -acceptall}

I am going to assume that you are in a workgroup mode, vs Domain joined machines by virtue of what you said you did on each host.
You have to be an admin on the target to run this.
about_Remote_Requirements
Unless you make additional configs.
You Don’t Have to Be An Administrator to Run Remote PowerShell Commands
Thus, you need to pass credentials in your code, if you are not already running your PowerShell session with admin creds for the remote targets. This is really PowerShell remoting 101 and a well-documented use case.
Your error is saying the module is not on the remote host or can't be found.
Windows updates are a machine-level thing. So, the import should be to the AllUsers PowerShell profile not some individual user of the machines. There is extra work to get PSRemoting working on workgroup systems. For domain-joined, hosts, you can enable it using GPO. No need for extra steps.
See the steps here:
Enable PowerShell Remoting on a standalone (workgroup) computer
Running code on remote systems will always run in the user context that you started, regardless of who is on the remote target.

Ok so now I'am getting a different error :
Invoke-WUJob : You can not find requested file . (Error HRESULT: 0x80070002)
At line:1 char:1
+ Invoke-WUJob -ComputerName 1002-ski-ws-003,1002-ski-nb-002 -Script {i ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-WUJob], FileNotFoundException
+ FullyQualifiedErrorId : System.IO.FileNotFoundException,PSWindowsUpdate.InvokeWUJob
I've installed everything on remote machines to : Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate but it looks like it still does not see the module ?

EC2 Windows User Data: Powershell does not run as expected

I am trying to bootstrap EC2 Windows instances via Powershell commands inside user data. The steps I am trying to execute via user data are:
Install chocolatey
Use chocolatey to install Python
Use chocolatey to install AWS CLI
Use AWS CLI to download a Powershell script from S3
Run that Powershell script
The user data is pretty straightforward:
<powershell>
Set-ExecutionPolicy Bypass -Force;
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'));
choco install python3 -y;
choco install awscli -y
refreshenv
$BootstrapScript = (Join-Path $env:TEMP "NewBootstrap.ps1")
& aws s3api get-object --bucket my-bucket-name --key bootstrap/WindowsBootstrap.ps1 "$BootstrapScript"
iex "$BootstrapScript"
</powershell>
The bootstrap script is never downloaded or executed. If I logon to the instance and view the logs, the output suggests something strange is happening:
At the top of the logs there are errors complaining that 'aws' is not recognized as the name of a cmdlet. Why should this error before it's even tried to install the aws cli?
After that the term
'C:\Users\Administrator\AppData\Local\Temp\NewBootstrap.ps1' is not recognized as the name of a cmdlet, function,
script file. Again - why is this erroring before we've tried to get that file?
Then the logs show that choco, python and awscli actually were installed correctly.
I don't understand what is happening with the order of execution. If I login to the box and execute the exact same user data script that is contained in C:\Windows\Temp it runs completely as expected.
Any help on understanding or debugging this would be most appreciated.
Output from C:\ProgramData\Amazon\EC2-Windows\Launch\Log\UserdataExecution.log with some choco output elided for brevity
2017/11/06 12:11:49Z: Userdata execution begins
2017/11/06 12:11:49Z: Zero or more than one <persist> tag was not provided
2017/11/06 12:11:49Z: Unregistering the persist scheduled task
2017/11/06 12:11:54Z: Zero or more than one <runAsLocalSystem> tag was not provided
2017/11/06 12:11:54Z: Zero or more than one <script> tag was not provided
2017/11/06 12:11:54Z: Zero or more than one <powershellArguments> tag was not provided
2017/11/06 12:11:54Z: <powershell> tag was provided.. running powershell content
2017/11/06 15:13:42Z: Userdata execution begins
2017/11/06 15:13:42Z: Zero or more than one <persist> tag was not provided
2017/11/06 15:13:42Z: Unregistering the persist scheduled task
2017/11/06 15:13:54Z: Zero or more than one <runAsLocalSystem> tag was not provided
2017/11/06 15:13:54Z: Zero or more than one <script> tag was not provided
2017/11/06 15:13:54Z: Zero or more than one <powershellArguments> tag was not provided
2017/11/06 15:13:55Z: <powershell> tag was provided.. running powershell content
2017/11/06 15:16:11Z: Userdata: is currently executing. To end it kill the process with id: 2828
2017/11/06 15:17:40Z: Message: The errors from user scripts: & : The term 'aws' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Windows\TEMP\UserScript.ps1:15 char:3
+ & aws s3api get-object --bucket my-bucket-name --key bootstra ...
+ ~~~
+ CategoryInfo : ObjectNotFound: (aws:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
C:\Users\Administrator\AppData\Local\Temp\NewBootstrap.ps1 : The term
'C:\Users\Administrator\AppData\Local\Temp\NewBootstrap.ps1' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At line:1 char:1
+ C:\Users\Administrator\AppData\Local\Temp\NewBootstrap.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Users\Admini...ewBootstrap.ps1:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
2017/11/06 15:17:40Z: Message: The output from user scripts: This is the new bootstrap
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 11/6/2017 3:14 PM chocInstall
Getting latest version of the Chocolatey package for download.
Getting Chocolatey from https://chocolatey.org/api/v2/package/chocolatey/0.10.8.
... Chocolatey Install output ...
Chocolatey (choco.exe) is now ready.
You can call choco from anywhere, command line or powershell by typing choco.
Run choco /? for a list of functions.
You may need to shut down and restart powershell and/or consoles
first prior to using choco.
Ensuring chocolatey commands are on the path
Ensuring chocolatey.nupkg is in the lib folder
Installing awscli
Chocolatey v0.10.8
Installing the following packages:
python3
.. Python Download / Install output ...
Download of python-3.6.3-amd64.exe (30.16 MB) completed.
Hashes match.
Installing python3...
python3 has been installed.
Installed to 'C:\Python36'
python3 can be automatically uninstalled.
Environment Vars (like PATH) have changed. Close/reopen your shell to
see the changes (or in powershell/cmd.exe just type `refreshenv`).
The install of python3 was successful.
Software installed as 'EXE', install location is likely default.
Chocolatey installed 1/1 packages.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
Chocolatey v0.10.8
Installing the following packages:
awscli
.. AWS CLI Download / Install output ...
The install of awscli was successful.
Software installed as 'msi', install location is likely default.
Chocolatey installed 1/1 packages.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
Refreshing environment variables from registry for cmd.exe. Please wait...Finished..
2017/11/06 15:17:40Z: Userdata execution done

The issue was that when installed as part of the cloud init process, the Powershell profile fails to import Chocolatey. This means that packages will install fine via choco install, but are not made available in the environment, even if you call refreshenv (hence my call to aws failed even though it installed successfully.)
To fix this problem you can manually force Powershell to import the Chocolatey module by editing your Powershell profile.
# Updated profile content to explicitly import Choco
$ChocoProfileValue = #'
$ChocolateyProfile = "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1"
if (Test-Path($ChocolateyProfile)) {
Import-Module "$ChocolateyProfile"
}
'#
# Write it to the $profile location
Set-Content -Path "$profile" -Value $ChocoProfileValue -Force
# Source it
. $profile
You can read more on this in the chocolatey troubleshooting guide

Can not see my service under services after installing with Topshelf

I am pretty sure the answer is so simple but here it is;
I'm using TopShelf to install my service and I can succesfully install and run it from command line as
MyExecutable.Daemon install
MyExecutable.Daemon start
This is fine but it has to be amongst the Services and it wasn't so I tried;
sc create "MyExecutable.Daemon" binPath= "C:\'Program Files (x86)'\MyExecutable.Daemon.exe" DisplayName= "MyExecutable.Daemon" start= auto
but got
Set-Content : A positional parameter cannot be found that accepts argument 'binpath='.
At line:1 char:1
+ sc create MyExecutable.Daemon binpath= "C:\'Program Files (x86)'\...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-Content], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SetContentCommand
So I'm stuck here. What am I missing here?

sc in powershell is the alias for set-Content cmdlet use sc.exe instead.
Try this (not tested)
sc.exe create "MyExecutable.Daemon" binPath="C:\'Program Files (x86)'\MyExecutable.Daemon.exe" DisplayName="MyExecutable.Daemon" start=auto

You should do MyExecutable.Daemon install start. I think I've done that successfully from a PowerShell prompt before but I guess I would have to verify. If that doesn't work, you need to enable logging with one of the logging plugins and provide the log file. You shouldn't use sc to install a Topshelf service. That will fail.