Docker for Windows - Install certificates using sn.exe / Strong Name utility - windows

We have a Docker image that we use to build our Visual Studio solutions. This works great. Now we have some solutions that require a key. To install the key you use sn.exe, but Microsoft has gone through great lengths to make sure human input is needed, namely the password..
The image is based off FROM microsoft/dotnet-framework:3.5
I tried several tricks, especially from this Stack Overflow thread: Auto-entering Password In Sn.exe
The last answer is mine (Thomas Rijsewijk). At least I have a working way to install the key automatically, but somehow SendWait doesn't work in Docker, or Docker for Windows, or microsoft/dotnet-framework:3.5 docker image.
# ---------
# Import all certificates in C:\keys
# ---------
[void][System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
[System.Windows.Forms.SendKeys]::SendWait("hello")
When I run this I get "Access Denied":
Exception calling "SendWait" with "1" argument(s): "Access is denied"
At K:\install-certificates.ps1:51 char:1
+ [System.Windows.Forms.SendKeys]::SendWait("hello")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : Win32Exception
As an alternative I tried SendKeys() from WScript.Shell:
$wshell = New-Object -com wscript.shell;
Sleep 5;
$wshell.sendkeys("test");
Again, this works perfectly on my machine (Windows 10 up to date) and an up to date Windows 2016 server. But NOT inside the docker image: nothing happens, no error but it's not entering "test" either.
Lot of talks about automating powershell, but basically I don't really care HOW I install the certificate when building my docker image, I just want it installed. I install the certificate locally using
Start-Process "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\sn.exe" -ArgumentList "-i `"D:\key.pfx`" VS_KEY_XXXXXXXX" -NoNewWindow;
At this point, it asks for a password which makes it impossible to use with docker build.
I did a whole lot of searching on Google and SO, I'm surprised to see that nobody else tried to install a key using sn.exe.
PS: Yes, I know VS_KEY_XXXXXXXX is not a valid VS_KEY. I already have a working mechanism for extracting the right VS_KEY, but that's out of scope of this question.
PPS: Yes, I know I could manually running the docker, install the certificate and manually commit and push the changes. But naturally, I want it to originate from my Dockerfile

Related

docker.exe - This application could not be started

Installing Docker Desktop version 3.1.0 on Windows 10 with WSL 2.
On first time running command docker --version it returns
docker.exe - This application could not be started
and a pop-up
which leads me to
https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=docker.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
I checked my .Net Version its fine and up to date.
And Next time I try to run docker command it returns
Program 'docker.exe' failed to run: Access is deniedAt line:1 char:1
+ docker ps
+ ~~~~~~~~~.
At line:1 char:1
+ docker ps
+ ~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ApplicationFailedException
+ FullyQualifiedErrorId : NativeCommandFailed
So this might be the issue of Permission, I couldn't agree more.
So I added my current Authenticated User in docker-users In-fact I added almost all the possible users in docker-users.
Still no luck
Then I gave Read Write permissions also, to all possible users.
But still no luck.
One very clear Solution, Re Install the Windows which I want to use as Last resource.
Jump in the dark will be appreciable
Thanks in advance 🙏

"Install-Module -name AzureAD" fails with error on PS6 with MacOSX

I was able to install Powershell Core on MacOSX and now I'm trying to administer an Azure AD instance from the same.
When I install the AzureAD module, I get the following error
PS /Users/c> Install-Module -name AzureAD
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this
repository, change its InstallationPolicy value by running the Set-PSRepository
cmdlet. Are you sure you want to install the modules from 'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "N"):y
PackageManagement\Install-Package : Unable to load DLL 'api-ms-win-core-sysinfo-l1-1-0.dll': The specified module or one of its dependencies could not be found. (Exception from HRESULT: 0x8007007E) At /usr/local/microsoft/powershell/6.0.2/Modules/PowerShellGet/1.6.0/PSModule.psm1:2057 char:21 + ... $null = PackageManagement\Install-Package #PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Exception
+ FullyQualifiedErrorId : System.DllNotFoundException,Microsoft.PowerShell.Commands.TestModuleManifestCommand,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage
I looked around for ways to get api-ms-win-core-sysinfo installed on Mac, but being it's a different OS, I didn't see any straightforward resolutions.
This module is not yet ported to dotnet core, so you cant use it on Linux\Mac.
You can take a look here:
https://www.powershellgallery.com/packages/AzureAD/2.0.1.6
also, you can use this search to confirm my statement:
https://www.powershellgallery.com/items?q=Tags%3A%22PSEdition_Core%22++azuread&x=0&y=0
As #4c74356b41 rightly says, the Azure AD module is not ported to PowerShell core yet.
Besides installing a VM with windows, and depending exactly what you wish to do, you could try the Azure CLI for OS X
If a browser experience is okay for you, the Azure Cloud Shell also offers CLI and even some Powershell commands (though this also runs on Core in the background):
If you look at the error message it is clear, that the error is not about the AzureAD module not being available on your platform, but more about the "PackageManagement"-Package not being supported. So you can try downloading the module directly from powershellgallery and unzipping it into your module path.
I've hit the same problem - it's frustrating that the AzureAD module isn't open-sourced on GitHub. While the Az module is, it lacks most of the functionality of the AzureAd module.
One option is to "copy" the version of AzureAD from cloud shell, as outlined here:
https://www.michev.info/Blog/Post/2339/azure-ad-powershell-module-with-support-for-powershell-core
Another option is to write your own Powershell core module that calls the Graph REST APIs directly.

Custom generalized VHD is struck in activation key prompt in Azure

I have hyper-v VHD uploaded to azure by following this link.
VHD image is generalized before uploading to azure. after uploading, trying to create a VM using the uploaded VHD image and VM is not completing the provision after timeout. looking at Boot Diagnosis of the VM the VM is stuck in product key entering prompt.
.
The following error is logged:
New-AzureRmVM : Long running operation failed with status 'Failed'. Additional Info:'OS Provisioning for VM 'PSTACBUI'
did not finish in the allotted time. The VM may still finish provisioning successfully. Please check provisioning
state later. Also, make sure the image has been properly prepared (generalized).
* Instructions for Windows: https://azure.microsoft.com/documentation/articles/virtual-machines-windows-upload-image/
* Instructions for Linux: https://azure.microsoft.com/documentation/articles/virtual-machines-linux-capture-image/ '
ErrorCode: OSProvisioningTimedOut
ErrorMessage: OS Provisioning for VM 'PSTACBUI' did not finish in the allotted time. The VM may still finish
provisioning successfully. Please check provisioning state later. Also, make sure the image has been properly prepared
(generalized).
* Instructions for Windows: https://azure.microsoft.com/documentation/articles/virtual-machines-windows-upload-image/
* Instructions for Linux: https://azure.microsoft.com/documentation/articles/virtual-machines-linux-capture-image/
StartTime: 2/2/2018 11:04:08 PM
EndTime: 2/2/2018 11:50:59 PM
OperationID: 0a4f1ac8-9274-4fa8-b396-71c8eb690653
Status: Failed
At line:1 char:1
+ New-AzureRmVM -VM $vm -ResourceGroupName tacoud -Location $location
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureRmVM], ComputeCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.NewAzureVMCommand
How I can skip product activation prompt for multiple VM deployment?
This generally happens when the VHD is either not properly generalized (missing a step) or if it is turned back on prior to being uploaded to Azure.
Make sure you select each of the steps during the generalization process:
Then make sure that the VM is not turned back on again prior to uploading to Azure.
Also check this link to ensure you get all the proper pre-sysprep steps correct:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image

Can't setup up Windows Server Containers on Windows Server 2016 TP4

I'm trying to setup up Windows Server Containers on Windows Server 2016 TP4.
I'm following the guideline from MS, but it does not work. It always fails with the following error:
Getting Container OS image (WindowsServerCore) version 10.0.10586.0 from OneGet (this may take a few minutes)...
C:\Install-ContainerHost.ps1 : Unable to download.
In Zeile:1 Zeichen:1
+ C:\Install-ContainerHost.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-ContainerHost.ps1
I could find out that the Install-ContainerHost.ps1 script tries to download the WindowsServerCore image from here. Calling this URL manually returns "BlobNotFound".
I am not sure if this is some fault from me or they just have a problem with the server. I have tried to run the script already several times today. Yesterday it worked on another VM..
Edit: Seemed to be a problem from Micrsoft with the download server, which was fixed now.
OK this is what we did go to your ISO for TP4, and open the ISO.
Inside there's a folder for "NanoServer" in which you can find the wim File (image).
Copy this image locally, or where you prefer on the internet. Get the URL, you're going to use it to hack the Powershell script.
Run these commands in Powershell
Install-Package ContainerProvider
Verify the Package has been installed by running:
Find-ContainerImage
Notepad Open: C:\Program Files\WindowsPowerShell\Modules\ContainerProvider\0.5.2\ContainerProvider\ContainerProvider.psm1
Go to line: 508 and modify the Variable $downloadURL: (notice how I used my own url)
$downloadURL = "http://10.0.2.2:8000/NanoServer.wim"
After this: Just run
Install-ContainerImage -Name NanoServer
The image will be installed

Jboss Service started and then stopped

I'm attempting to get my Jboss Server running as a windows service using the JbossService.exe, and I had it working until I uninstalled it (with ./JbossService -uninstall JbossService), and now, while it will install and the service will appear in the windows service list, attempting to start it will only yield the error message:
"The JBossService on Local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the Performance Logs and Alerts service."
If it helps, the command I'm using to install it is:
./JBossService.exe -install JBossService "$java_home\jre\bin\server\jvm.dll"
-Xmx128m -Xrs -Djava.class.path="$java_home\lib\tools.jar;$jboss_home\bin\run.jar"
-Duser.timezone="Australia/Sydney"
-start "org.jboss.Main" -stop "org.jboss.Main"
-method systemExit -out "$jboss_home\server\default\log\stdout.log"
-err "$jboss_home\server\default\log\stderr.log"
-current "$jboss_home\bin"
Any ideas would be appreciated. If more information is required just let me know.
Are you using Cygwin? If not, this could be due to the fact that environment variables are referenced using %%, not $, on Windows. You might try the following instead:
JBossService.exe -install JBossService "%java_home%\jre\bin\server\jvm.dll"
-Xmx128m -Xrs -Djava.class.path="%java_home%\lib\tools.jar;%jboss_home%\bin\run.jar"
-Duser.timezone="Australia/Sydney"
-start "org.jboss.Main" -stop "org.jboss.Main"
-method systemExit -out "%jboss_home%\server\default\log\stdout.log"
-err "%jboss_home%\server\default\log\stderr.log"
-current "%jboss_home%\bin"
Even if you are using Cygwin, the $ notation still might not work if, for example, these parameters are being stored in the Registry and then read later from the OS (which does not understand Cygwin notation).
While this does have a valid answer, one reason this happened to me recently is because the user the JBoss Windows Service was running as had certain active directory permissions revoked from the server (in this case, administrative-like permissions); it could no longer access certain directories it required in order to process (the Java bin folder, for example).
Once the user the service ran as was added back to the appropriate Windows User Groups, the JBoss Windows Service started with no issues.
In my case, JAVA_HOME was not set. Once I did that, Automatically windows Services started.
:)

Resources