I'm trying to build an Ubuntu 22.04 gen2 based image.

My first customizer is a simple shell customizer that runs:
sudo apt update && sudo apt install python3-pip -y
But it just hangs after that and won't move on to the next customizer.

In my logs, after all of the output from the apt command finishing, this is all I see:
PACKER OUT azure-arm: Restarting services...
And it just hangs there until the task times out.

Am I doing something wrong?

Pasting from original repository @LadtoHelp

There seems to be an issue with this script whereby multisession images fail to complete the imaging process.
I have worked around by editing this template https://raw.githubusercontent.com/azure/azvmimagebuilder/master/solutions/14_Building_Images_WVD/armTemplateWVD.json by adding
"validExitCodes": [0,267014],
to the installFsLogix json block

I can confirm this, we've run into the same problem when deploying latest AVD multisession image template

Actual packer step that is failing is:
[INFO] command 'powershell -executionpolicy bypass -file "C:/Windows/Temp/packer-elevated-shell-6363c307-fc28-5c5a-e58f-ce705e0ef871.ps1"' exited with code: 267014

When commented out, the process continues, but fails again at Teams installation:
[INFO] command 'powershell -executionpolicy bypass -file "C:/Windows/Temp/packer-elevated-shell-6363f1b4-f148-b687-5f9d-26d01ce19481.ps1"' exited with code: 16001

When Teams installation script is removed from json, the process completes successfully.

Azure Image Builder requires you to create an Azure user-assigned managed identity. The Azure Image Builder uses the user-assigned managed identity to read images, write images, and access Azure storage accounts. You grant the identity permission to do specific actions in your subscription.

It would be nice that the user-assigned managed identity is also enabled on the staging VM. For example for retrieving secrets from an Azure Key Vault instance from within a PowerShell script.

According to the reaction of @danielsollondon on this similar request this feature is on a backlog of the product team. After September 2020 there where no more updates about this item.

Hello

Is there a roadmap for when additional OS's will be in support from the Azure marketplace? Specially for Windows.

Thanks

I'm suddenly getting a very weird error about windowsConfiguration trying to deploy a Linux VM. The VM is in my image gallery and I can deploy a VM using that image no problem using the portal, and this ARM template was working fine up until today, now it suddenly complains about windowsConfiguration? Is something busted in the ARM image builder cloud service?

> az deployment group create --resource-group clovett-rg \
     --template-file trainervm_deployment_template.json \
     --parameters trainervm_deployment_template.parameters.json

Please provide securestring value for 'adminPassword' (? for help):

{
    "status": "Failed",
    "error": {
        "code": "DeploymentFailed",
        "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
        "details": [
            {
                "code": "BadRequest",
                "message": "{
                     "error": {
                            "code":  "InvalidParameter",
                            "message":  "The value of parameter windowsConfiguration is invalid.",
                            "target":  "windowsConfiguration" 
                     }
                }
            }
        ]
    }
}

The arm templates is attached:

trainervm_deployment_template.parameters.zip

Note: I'm running this az command from a windows machine but that has never mattered before, nor should it.

When using "AzureImageBuilderTask@1", creating a windows 2016 image for a vm is failing to copy over the artifact folder. The build succeeds, and the image is created with proper settings, but the artifcat folder is not copied. Any ideas on how to fix this?

When trying to update the customr role az cli the assignable scope is changed to below code as shown
"/subscriptions//resourceGroups/"

aibRoleImageCreation.json

  sed -i -e "s/<subscriptionID>/$subscriptionID/g" aibRoleImageCreation.json
   sed -i -e "s/<rgName>/$aibResourceGroup/g" aibRoleImageCreation.json
   sed -i -e "s/Azure Image Builder Service Image Creation Role/$aibResourceGroup/g" aibRoleImageCreation.json
```   `



 `_```
{
    "Name": "",
    "IsCustom": true,
    "Description": "Image Builder access to create resources for the image build, you should delete or split out as appropriate",
    "Actions": [
        "Microsoft.Compute/galleries/read",
        "Microsoft.Compute/galleries/images/read",
        "Microsoft.Compute/galleries/images/versions/read",
        "Microsoft.Compute/galleries/images/versions/write",

        "Microsoft.Compute/images/write",
        "Microsoft.Compute/images/read",
        "Microsoft.Compute/images/delete"
    ],
    "NotActions": [
  
    ],
    "AssignableScopes": [
      "/subscriptions//resourceGroups/"
    ]
  }
```_ `

Hi,

I'm testing the SIG integration as an output and after running the builder I end up with a seemingly random version number. How can I customize this or at least order it sanely so I can know what versions where historically? Example below where the image version is 0.25088.3355.

<gallery>/<imagedef>/0.25088.3355

Thanks!
Mike

Currently it is not possible to use G2 VMs from the Shared image gallery, as only G1 are supported. For Windows 11 this is a requirement.

Hello !

In most of the cases, companies use azure policies to require tags on resource group during the creation.
In this document https://github.com/Azure/azvmimagebuilder/tree/main/solutions/2_Adding_Tags_to_Staging_Resource_Group you provide only this capability after the creation. It would be nice to add the feature to specify tags.

Another alternative would be to allow peoples to choose an existing resource group as the staging one.

Best regards.

I want to be able to fix a VM image by deploying it, changing it then re-capturing a new version back into my image gallery. But when I create a VM from an image, using + create VM button in the image gallery, the image Capture button is disabled? Also when I Capture an image the Start becomes disabled because the image has been generalized, so I can't update and recapture the original image either. So it seems both "efficient pathways" to editing an image are cut off. Why is that? Having to setup a brand new VM from scratch every time is quite a hassle.

Hey Guys,

Could you please extend "VM Image Builder DevOps Task" by adding os-disk-size size parameter?

Best Regards,
Gintuatas

Running the AIB against the Azure Gov regions provides the output:

Error: Error happened while initializing Image builder: Error: location not from available regions or it is not defined
Error: Action run failed.

Is this service expected to be available at any point?

Hello,

I have been trying for two days to generate an image with Image Builder, I have tried all the possible configurations and checked again and again the permissions of the user identity and all the time I get this error:

PublicAccessNotPermitted Public access is not permitted on this storage account. RequestId:0771516a-c01e-0006-7691-4a727d000000 Time:2022-04-07T15:07:21.3330104Z

This is done by following the tutorial in the official documentation. However, this does not happen using Azure DevOps. I need it to work with the commands.

Thank you very much.

Requires a video to explain:

There is no official documentation at

https://docs.microsoft.com/en-us/azure/templates/

Building ARM Templates via json and/or Bicep is fully supported but the ARM template reference documentation to support it is missing

We are making a small breaking to the VHD Output, where we will not return a SAS URI, but a BLOB URI. We are planning to roll this change out in phases starting on May 25, 2021, and continuing into the first week of June. Some parts of the service will return SAS and others will return SAS-less URI, so your automation/code needs to be able to handle both cases.

Existing behavior:

When you specify a VHD output the VHD is placed in the staging resource group, you then query the runOutput:

az resource show \

    --ids "/subscriptions/$subscriptionID/resourcegroups/$imageResourceGroup/providers/Microsoft.VirtualMachineImages/imageTemplates/$imageTemplateName/runOutputs/$runOutputName"  \

    --api-version=2020-02-14 | grep artifactUri

This then would return a SAS URI, for example:

https://kqqtojmjy3fid5w2u3zukw1j.blob.core.windows.net/vhds/Tmp1_20210312111014.vhd?se=2021-04-11T19%3A10%3A15Z\u0026sig=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\u0026sp=r\u0026spr=https\u0026sr=b\u0026sv=2018-03-28

You could immediately download this.

New behavior:

Instead of returning the SAS URI, we will just return the BLOB URI:

https://kqqtojmjy3fid5w2u3zukw1j.blob.core.windows.net/vhds/Tmp1_20210312111014.vhd

If you wish to download them, you will need to either:

• Generate a SAS URI as a post-build step
• Use an Azure storage client to download the VHD.

Documentation for how to generate a SAS URI as a post-build step: https://github.com/Azure/azvmimagebuilder/blob/main/vhdUpdate2021.md#accomodating-the-change-example-steps-to-generate-a-sas-token-as-a-post-build-step

Please let us know if you have any questions or concerns.

I had put this request danielsollondon/azvmimagebuilder#69 in August 2020 but have not heard anything as of now.

We need to install some agents using inline script and repo files as the last customisation step as we need to make sure the agent service is stopped in the image.

Currently windows update is performed at the end, VM is rebooted and hence our agent service gets started.

Started happening in the last week or so now even though there is no template no ARM deployment work anymore no code has changed.

Internal error occurred. This is a generic error. To identify possible causes, go to https://aka.ms/azvmimagebuilderts.

{
    "status": "Failed",
    "error": {
        "code": "InternalOperationError",
        "message": "Internal error occurred. This is a generic error. To identify possible causes, go to https://aka.ms/azvmimagebuilderts."
    }
}

The Azure Image Builder Service is available in the following regions however they are not listed as available locations in the DevOps task:

• South Central US
• South East Asia
• Australia Southeast
• Australia East
• UK South
• UK West

I'm new to this Azure VM Builder. We have been using Packers for multi-cloud for ages.

Just out of curiosity, how do organisation slipstream all the required Azure agents/third party agents into an image? As an example, AMA agent for Linux which can only be delivered through VM Extension config.

Can we have the config embedded to the image to automatically onboard those essential VM Extensions when Virtual Machine is provisioned for anyone who are running an IT Operations to view logs, management or etc tasks?

If you are seeing issues with AIB, please refer to the troubleshooting documentation, and if you still need assistance, please select right product and support topic, doing this will mean it the Azure VM Image Builder support team seeing it.

Selecting the case product:

Product Family: Azure
Product: Virtual Machine Running Windows
Support Topic: Management
Support Subtopic: Issues with Azure Image Builder

This is important so it gets routed to the right AIB support team.

Thanks!

I'm using the base image Windows 11 + VS 2022 (Dev Box Compatible)

I've found that even if I tell it to execute a powershell command of just ls . it will hang if I select the Elevated without Run as System or uncheck both (User Context)

I end up having to run everything as System which causes problems for some tasks.

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "name": {
            "defaultValue": "gh-53-repro",
            "type": "string"
        },
        "imageName": {
            "defaultValue": "gh-53-repro",
            "type": "string"
        },
        "location": {
            "defaultValue": "[resourceGroup().location]",
            "type": "string"
        },
        "imagePublisher": {
            "defaultValue": "microsoftvisualstudio",
            "type": "string"
        },
        "imageOffer": {
            "defaultValue": "visualstudioplustools",
            "type": "string"
        },
        "imageSku": {
            "defaultValue": "vs-2022-ent-general-win11-m365-gen2",
            "type": "string"
        },
        "version": {
            "defaultValue": "latest",
            "type": "string"
        },
        "vmSize": {
            "defaultValue": "Standard_B4ms",
            "type": "string"
        },
        "osDiskSizeGB": {
            "defaultValue": 128,
            "type": "int"
        },
        "userAssignedIdentities": {
            "defaultValue": [],
            "type": "array"
        },
        "managedImageResourceId": {
            "type": "string"
        },
        "userAssignedIdentityResourceId": {
            "type": "string"
        }
    },
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.VirtualMachineImages/imageTemplates",
            "apiVersion": "2022-07-01",
            "dependsOn": [],
            "name": "[parameters('name')]",
            "location": "[parameters('location')]",
            "properties": {
                "vmProfile": {
                    "vmSize": "[parameters('vmSize')]",
                    "osDiskSizeGB": "[parameters('osDiskSizeGB')]",
                    "userAssignedIdentities": "[parameters('userAssignedIdentities')]"
                },
                "source": {
                    "type": "PlatformImage",
                    "publisher": "[parameters('imagePublisher')]",
                    "offer": "[parameters('imageOffer')]",
                    "sku": "[parameters('imageSku')]",
                    "version": "[parameters('version')]"
                },
                "distribute": [
                    {
                        "type": "ManagedImage",
                        "imageId": "[parameters('managedImageResourceId')]",
                        "location": "westus3",
                        "runOutputName": "runOutputManagedImage"
                    }
                ],
                "customize": [
                    {
                        "type": "PowerShell",
                        "name": "Elevated User Context",
                        "inline": [
                            "ls ."
                        ],
                        "runElevated": true,
                        "runAsSystem": false
                    },
                    {
                        "type": "PowerShell",
                        "name": "User Context",
                        "inline": [
                            "ls ."
                        ],
                        "runElevated": false,
                        "runAsSystem": false
                    }
                ]
            },
            "tags": {},
            "identity": {
                "type": "UserAssigned",
                "userAssignedIdentities": {
                    "[parameters('userAssignedIdentityResourceId')]": {}
                }
            }
        }
    ],
    "outputs": {}
}

Trying to build the this image from Image template with the below details,

Publisher: center-for-internet-security-inc
SKU: cis-ubuntu-linux-2204-l1-gen2
Offer: cis-ubuntu-linux-2204-l1

This is reproducible by other members of my team.
Build fails with packer error logs. Attaching the packer error logs for more details.

Could you provide any guidelines on how to build the latest CIS hardened images from Marketplace?

customization(1).log
customization.log

Is the DevOps cli script updated? having some issues and need to change some things on my end when trying to create the user identity. also does not reconize grep

Hi all,

I am struggling to get this issue resolved. I've put an issue in to Azure support, and done a ton of reading through the documentation, Git issues, and I am at a wall with this issue. I do believe this to potentially be a bug or maybe a configuration issue on my end.

I am using the AIB DevOps task to pull a source image from our Azure Compute Gallery (lets say, version 1.0.0), run some customizers (installs the new build of the software my company develops) and then pushes that new image back to our Azure Compute Gallery (as say, version 1.0.1). My expectation would be after the AIB task runs successfully, our LATEST version of our Image Definition would be updated with 1.0.1, from 1.0.0. But this is not happening.

Our Scale Set that is hooked into the Azure Compute Gallery to run Azure DevOps Pipelines continues to pull the previous version until I manually swap it around in the Scale Set -> Operating System dialog box from the Azure Portal. Even if I run Az CLI commands against the scale set, it shows the old version of the image UNTIL I manually change the version around in the dialog box below.

Please note, the upgrade policy on the ScaleSet is also set to automatic. This does not seem to make a difference. The ScaleSet is integrated with Azure DevOps as an agent pool and I know they tell you set the upgrade policy to manual, but I do not believe this be the issue.

The AIB task is not flagging the destination image as latest, and to me this feels like that should not be the case.

Can anyone point me in the right direction with this? I am stuck and this is a blocker for the solution I've been working on that incorporates the AIB, Azure Compute Gallery, and some Azure DevOps pipelines.

Here is my Azure DevOps task and subsequent info. Redacted sensitive data.

steps:
- task: AzureImageBuilder.devOps-task-for-azure-image-builder.custom-build-release-task.AzureImageBuilderTask@1
  displayName: 'Azure VM Image Builder Task'
  inputs:
    managedIdentity: 'REDACTED'
    imageSource: sig
    ImageVersionId: ''REDACTED'
    provisioner: powershell
    windowsUpdateProvisioner: true
    runElevated: true
    runAsSystem: true
    packagePath: '$(System.DefaultWorkingDirectory)/_Cycle 2 Build Pipeline/MyBuildOutputs'
    inlineScript: '& ‘c:\buildartifacts\uninstall-then-install-cycle.ps1’'
    storageAccountName: cycaplimages
    distributeType: sig
    galleryImageId: 'REDACTED'
    replicationRegions: 'eastus, eastus2'
    ibSubscription: 'REDACTED'
    ibAzureResourceGroup: 'REDACTED'
    ibLocation: eastus2
    vmSize: 'Standard_B4ms'

Image Builder: Platform Image was not found
Hi,
When trying to build a simple image with base image “Windows 19h1-Evd” I have a failed message :
“put template call failed for template t_1650881769010 with error: Platform Image was not found. location: eastus, publisherName: MicrosoftWindowsDesktop, offer: Windows-10, sku: 19h1-evd, version: latest. Please check the specified source image version in Image Builder Template exists. For information on how to check available versions, types, review https://aka.ms/azvmimagebuilderts. (CODE: 200)”
But…when I tried ether with “Windows 2019-Datacenter” or “Windows 2019-Datacenter” base image, it succeed.
Thank you,
Have a nice day,
Jasmin
ReleaseLogsandScreenshot_35.zip

As part of a feature enhancement allowing customers to specify the staging resource group that's normally created by the Azure Image Builder service, we are changing the value of the "createdBy" tag on the storage account. This change will be in effect by March 31st.

Please keep in mind this tag is subject to change in the future without notice.

Hello team!

On the public documentation, I see that the AiB does not support the GEN 2 VM.

https://docs.microsoft.com/en-us/azure/virtual-machines/image-builder-overview#hyper-v-generation

But it allows me to trigger the deployment and the process fails on the Image Distribution.

Source Image as a Gen 2 VM.

AiB template deployed with success.

AiB generates the Managed Image as generation 1

SIG image with Unknow state

AiB error on Azure Portal:

    "provisioningState": "Succeeded",
    "lastRunStatus": {
        "startTime": "2021-11-12T15:04:52.400830569Z",
        "endTime": "2021-11-12T15:28:44.353389414Z",
        "runState": "Failed",
        "message": "Failed in distributing 1 images out of total 1: Some error happened, please check the error details."
    },

Environment: Azure Image builder
Packer Version: [INFO] Packer version: 1.8.1 [go1.17.8 linux amd64]

while executing the CIS hardening fails with below error.

[9def6e3b-8c07-49b5-95f9-6dd79e4e7b68] PACKER ERR 2022/12/22 12:19:45 packer-provisioner-powershell plugin: failed to upload the remote cleanup script: "clean up script "c:/Windows/Temp/packer-cleanup-63a44abb-d76b-86d9-71a9-7005cab80e63.ps1" failed to upload: Error uploading file to $env:TEMP\winrmcp-cbccd5ef-5991-4bf6-7c70-4d4761743931.tmp: Couldn't create shell: http response error: 401 - invalid content type"
[9def6e3b-8c07-49b5-95f9-6dd79e4e7b68] PACKER OUT azure-arm: PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_USERS.DEFAULT\Control Panel\International\User Profile
[9def6e3b-8c07-49b5-95f9-6dd79e4e7b68] PACKER ERR 2022/12/22 12:19:45 packer-provisioner-powershell plugin: Retryable error: clean up script "c:/Windows/Temp/packer-cleanup-63a44abb-d76b-86d9-71a9-7005cab80e63.ps1" failed to upload: Error uploading file to $env:TEMP\winrmcp-cbccd5ef-5991-4bf6-7c70-4d4761743931.tmp: Couldn't create shell: http response error: 401 - invalid content type

====
Image Template reference:

Customize section:

        {
            "inline": [
                "Expand-Archive -Path c:\\scripts\\Hardeningfolder.zip -DestinationPath c:\\scripts"
            ],
            "name": "cisHardening script running-1",
            "runAsSystem": false,
            "runElevated": true,
            "type": "PowerShell"
        },
        {
            "inline": [
                "C:\\scripts\\Run-HardeningSteps.ps1 -config cis1-2019 -rootPath $env:SystemRoot -userDrive C -caption Companyauthorised"
            ],
            "name": "cisHardening script running-2",
            "runAsSystem": false,
            "runElevated": true,
            "type": "PowerShell"
        },

=====

Please suggest if we have to add any more switch or parameter to resolve winrm communication.

Hey Guys,

How do you handle secrets when azure image builder?

Let's say i have customization, that logins to my container register and pulls an image. How can I pass my login details in secure way?

az image builder customizer add -n $mytemplate -g $myResourceGroup  --type powershell --customizer-name pulldockerimages --defer --exit-codes 0 `
                            --inline-script `
                                'docker login myrepo.azurecr.io --username myUser--password myPassword' `
                                'docker pull myrepo.azurecr.io/imv:onprem-18.4.28601.29139-w1-10.0.17763.2300-ltsc2019' `

Now, it's just stored as plain text and could be seen on Image template Json view, and logs

Best Regards,
Gintautas

I'm getting a bad request when running New-AzRoleDefinition: Operation returned an invalid status code 'BadRequest'.

I'm new to Azure Image Builder and I was just simply following the steps in this tutorial. Any ideas why this is happening and how to fix or work around it?

We are transitioning our existing imaging process to Azure Image Builder, but some of our images require a data disk to be included in the image. Is there a way to do so via Image Builder, or any plans to include this functionality?

As far as I can tell, the best workaround currently would be to distribute to a VHD, create an image using that VHD as the OS disk and specify a data disk (created separately), and then use that to create an image gallery version - unless there's a better way I'm not aware of?

Thanks for your help!

Currently the Azure Image Builder creates a random name consisting of 15 elements, e.g.: 3df452d3sr8fg67. The question is whether this could be overwritten and an image name could be set.

Related: https://devops.stackexchange.com/questions/15594/how-to-set-the-virtual-machine-name-using-azure-image-builder

Started getting this issue from the Devops Task now.

##[warning]This task uses Node 6 execution handler, which will be deprecated soon. If you are the developer of the task - please consider the migration guideline to Node 10 handler - https://aka.ms/migrateTaskNode10. If you are the user - feel free to reach out to the owners of this task to proceed on migration.

1. Is it supported to supply your own resource group name for the build ?
2. Is it possible to get the local admin password for the VM, I would like to log on and check logs?
3. Is there any streaming output from the build process/logs etc ?

• I only see Get-AzImageBuilderTemplate -ImageTemplateName vmss2019webnetcore-WestCentralUS -ResourceGroupName ACU1-BRW-AOA-RG-G1 | select *

It would be nice to expand out some of these properties with a format file in powershell.

4. it looks like the: packerlogs/d9d79566-55c7-436d-be99-6cf17d8dcb4f/customization.log is only the output from before any customizations are run, they do not include any outputs from executing the customizations ?
5. Is the user assigned managed identity supposed to be assigned to the build virtual machine? I thought it was originally when I was testing, however at the moment it doesn't seem to be getting assigned?!
6. It's there any chance installing extensions might be supported?

I'm getting the following error in the deprovisioning phase of my Windows image:

[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: Write-Output '>>> Waiting for GA Service (RdAgent) to start ...'
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: while ((Get-Service RdAgent).Status -ne 'Running') { Start-Sleep -s 5 }
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: Write-Output '>>> Waiting for GA Service (WindowsAzureTelemetryService) to start ...'
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: while ((Get-Service WindowsAzureTelemetryService) -and ((Get-Service WindowsAzureTelemetryService).Status -ne 'Running')) { Start-Sleep -s 5 }
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: Write-Output '>>> Waiting for GA Service (WindowsAzureGuestAgent) to start ...'
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: while ((Get-Service WindowsAzureGuestAgent).Status -ne 'Running') { Start-Sleep -s 5 }
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: Write-Output '>>> Sysprepping VM ...'
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: if( Test-Path $Env:SystemRoot\system32\Sysprep\unattend.xml ) {
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm:   Remove-Item $Env:SystemRoot\system32\Sysprep\unattend.xml -Force
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: }
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: & $Env:SystemRoot\System32\Sysprep\Sysprep.exe /oobe /generalize /quiet /quit
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: while($true) {
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm:   $imageState = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State).ImageState
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm:   Write-Output $imageState
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm:   if ($imageState -eq 'IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE') { break }
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm:   Start-Sleep -s 5
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: }
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: Write-Output '>>> Sysprep complete ...'
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: >>> Waiting for GA Service (RdAgent) to start ...
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: >>> Waiting for GA Service (WindowsAzureTelemetryService) to start ...
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: >>> Waiting for GA Service (WindowsAzureGuestAgent) to start ...
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: >>> Sysprepping VM ...
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: IMAGE_STATE_COMPLETE
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT ==> azure-arm: Get-Service : Cannot find any service with service name 'WindowsAzureTelemetryService'.
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT ==> azure-arm: At C:\DeprovisioningScript.ps1:4 char:9
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT ==> azure-arm: + while ((Get-Service WindowsAzureTelemetryService) -and ((Get-Service  ...
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT ==> azure-arm: +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT ==> azure-arm:     + CategoryInfo          : ObjectNotFound: (WindowsAzureTelemetryService:String) [Get-Service], ServiceCommandExcep
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT ==> azure-arm:    tion
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT ==> azure-arm:     + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT ==> azure-arm:
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: IMAGE_STATE_UNDEPLOYABLE
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: IMAGE_STATE_UNDEPLOYABLE
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: IMAGE_STATE_UNDEPLOYABLE
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: IMAGE_STATE_UNDEPLOYABLE
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: IMAGE_STATE_UNDEPLOYABLE
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: IMAGE_STATE_UNDEPLOYABLE
[0ca7f19d-2eb3-4405-a951-1f0fe5139a0d] PACKER OUT     azure-arm: IMAGE_STATE_UNDEPLOYABLE

Relevant info from my template includes:

...
        "vmProfile": {
            "vmSize": "Standard_D2_v5",
            "osDiskSizeGB": 200
        },
        "source": {
            "type": "PlatformImage",
            "publisher": "MicrosoftWindowsServer",
            "offer": "WindowsServer",
            "sku": "2022-Datacenter",
            "version": "latest"
        },
        "customize": [
            {
                "type": "PowerShell",
                "name": "Setup",
                "runElevated": true,
                "scriptUri": "https://myimages.blob.core.windows.net/image-setup-scripts/windows_jumpbox_vmss_setup.ps1"
            },
            {
                "type": "WindowsRestart",
                "restartCheckCommand": "echo Azure-Image-Builder-Restarted-the-VM  > c:\\buildArtifacts\\azureImageBuilderRestart.txt",
                "restartTimeout": "5m"
            },
            {
                "type": "PowerShell",
                "name": "settingUpMgmtAgtPath",
                "runElevated": false,
                "inline": [
                    "mkdir c:\\buildActions",
                    "echo Azure-Image-Builder-Was-Here  > c:\\buildActions\\buildActionsOutput.txt"
                ]
            },
            {
                "type": "WindowsUpdate",
                "searchCriteria": "IsInstalled=0",
                "filters": [
                    "exclude:$_.Title -like '*Preview*'",
                    "include:$true"
                ],
                "updateLimit": 20
            }
        ],

...

Is there anything obvious I'm missing here? I took the customization steps from the Windows Managed Image template, and customized the setup script. My setup script runs without error.

By Monday, 11/15/2021, Azure Image Builder (AIB) will support creating Hyper-V Gen2 images in the following scenarios:

• AIB will accept Gen2 images as its source image for all types (Managed image, Azure Compute Gallery, Platform Image Repository)
• AIB will distribute Gen2 images to all destinations (Virtual Hard Disk, Managed image, Azure Compute Gallery) if the source is Gen2

Please be aware the new default build VM size for Gen2 is Standard_D2ds_v4. If you have any issues with this functionality, feel free to respond to this issue or raise a support ticket.

Hi there,

It appears by default that during the image creation AIB is using standard HDD's:

I've looked around and within the VMProfile there are no settings to specify the diskSKU, only size:

Is it possible to specify somewhere to use a standard SSD or premium? As my image is taking a long time to complete as it stands.

I know it's possible to set what type of disk the image is stored in, but I'd like to set the diskSKU used during image creation.

We plan to remove the following APIs on or after June 30, 2021:

• 2018-02-01-preview
• 2019-02-01-preview
• 2019-05-01-preview

Please make the transition to the current API '2020-02-14' by June 30, 2021, to avoid errors in your code.

Awareness
As the Image Builder team get closer to GA we need to do some essential regional upgrades on 2nd and 4th April between 1pm and 5pm PDT.

During this time, some Image Builder operations may slowdown and timeout, resulting in an 'InternalError', if you receive this, please wait a minimum of 30min and retry. Examples of operations that could slow down, Creating a template, starting a build getting build status.

We apologize for the temporary inconvenience during this time, please monitor this GitHub issue for updates.

Thanks,

The incredibly useful readme.md files from https://github.com/danielsollondon/azvmimagebuilder haven't been copied across to this repository.

(e.g.: https://github.com/danielsollondon/azvmimagebuilder/blob/master/quickquickstarts/0_Creating_a_Custom_Linux_Managed_Image/readme.md)

The task, intermittently fails with ECONNRESET while creating the blob in storage account, please see the following logs.
While I set a number of retries if the task failed, sometimes it gets to the same error for all subsequent retries.

Task log::
2021-11-05T07:04:56.5445829Z ==============================================================================
2021-11-05T07:04:56.5446292Z Task : Azure VM Image Builder Test(Preview)
2021-11-05T07:04:56.5446704Z Description : Build images using Azure Image Builder resource provider.
2021-11-05T07:04:56.5447030Z Version : 1.0.42
2021-11-05T07:04:56.5447304Z Author : Microsoft Corporation
2021-11-05T07:04:56.5447799Z Help : For documentation, and end to end example, please visit: http://aka.ms/azvmimagebuilderdevops
2021-11-05T07:04:56.5448332Z ==============================================================================
2021-11-05T07:04:57.8705360Z start reading task parameters...
2021-11-05T07:04:57.8748798Z found build at: C:\BuildAgent_work\r10\a
2021-11-05T07:04:57.8813525Z end reading parameters
2021-11-05T07:04:57.8955404Z getting storage account details for
2021-11-05T07:06:51.0484219Z created archive C:\BuildAgent_work_temp\temp_web_package_9115150320442449.zip
2021-11-05T07:07:52.8272063Z unable to create blob /2474-1/_1636095899224.zip in container in storage account: Error: write ECONNRESET

BuildAgent log:

[2021-11-05 07:04:56Z INFO StepsRunner] Current state: job state = ''
[2021-11-05 07:04:56Z INFO StepsRunner] Processing step: DisplayName='Azure VM Image Builder Task', ContinueOnError=False, Enabled=True
[2021-11-05 07:04:56Z INFO ExpressionManager] Evaluating: succeeded()
[2021-11-05 07:04:56Z INFO ExpressionManager] Result: True
[2021-11-05 07:04:56Z INFO StepsRunner] Starting the step.
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Bin': 'C:\BuildAgent\bin'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Root': 'C:\BuildAgent'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Work': 'C:\BuildAgent_work'
[2021-11-05 07:04:56Z INFO StepsRunner] Which: 'chcp'
[2021-11-05 07:04:56Z INFO StepsRunner] Location: 'C:\WINDOWS\system32\chcp.COM'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Starting process:
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] File name: 'C:\WINDOWS\system32\chcp.COM'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Arguments: '65001'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Working directory: 'C:\BuildAgent_work'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Require exit code zero: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Encoding web name: ; code page: ''
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Force kill process on cancellation: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Redirected STDIN: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Persist current code page: 'True'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Keep redirected STDIN open: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] High priority process: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] OOM score adjustment is Linux-only.
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Process started with process id 5316, waiting for process exit.
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] STDOUT/STDERR stream read finished.
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] STDOUT/STDERR stream read finished.
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Exited process 5316 with exit code 0
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Finished process 5316 with exit code 0, and elapsed time 00:00:00.0104702.
[2021-11-05 07:04:56Z INFO StepsRunner] Successfully returned to code page 65001 (UTF8)
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Bin': 'C:\BuildAgent\bin'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Root': 'C:\BuildAgent'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Work': 'C:\BuildAgent_work'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Tasks': 'C:\BuildAgent_work_tasks'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Bin': 'C:\BuildAgent\bin'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Root': 'C:\BuildAgent'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Work': 'C:\BuildAgent_work'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'TaskZips': 'C:\BuildAgent_work_taskzips'
[2021-11-05 07:04:56Z INFO TaskManager] Loading task definition 'C:\BuildAgent_work_tasks\AzureImageBuilderTask_a4685136-7cb5-430c-9df5-032660332fe9\1.0.42\task.json'.
[2021-11-05 07:04:56Z INFO TaskRunner] Get handler data for target platform Windows
[2021-11-05 07:04:56Z INFO TaskRunner] Handler data is of type Microsoft.VisualStudio.Services.Agent.Worker.NodeHandlerData
[2021-11-05 07:04:56Z INFO TaskRunner] The original input is a rooted path, return absolute path: C:\BuildAgent_work\r10\a
[2021-11-05 07:04:56Z INFO NodeHandler] Inspect node_modules folder, make sure vsts-task-lib doesn't overwrite String.startsWith/endsWith.
[2021-11-05 07:04:56Z INFO NodeHandler] This task has already been scanned and corrected, no more operation needed.
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Bin': 'C:\BuildAgent\bin'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Root': 'C:\BuildAgent'
[2021-11-05 07:04:56Z INFO HostContext] Well known directory 'Externals': 'C:\BuildAgent\externals'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Starting process:
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] File name: 'C:\BuildAgent\externals\node\bin\node.exe'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Arguments: '"C:\BuildAgent_work_tasks\AzureImageBuilderTask_a4685136-7cb5-430c-9df5-032660332fe9\1.0.42./index.js"'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Working directory: 'C:\BuildAgent_work\r10\a'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Require exit code zero: 'True'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Encoding web name: utf-8 ; code page: '65001'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Force kill process on cancellation: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Redirected STDIN: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Persist current code page: 'True'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Keep redirected STDIN open: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] High priority process: 'False'
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] OOM score adjustment is Linux-only.
[2021-11-05 07:04:56Z INFO ProcessInvokerWrapper] Process started with process id 1800, waiting for process exit.
[2021-11-05 07:04:56Z INFO JobServerQueue] Try to append 1 batches web console lines for record '962e3cc6-1bc7-51bb-9cde-2f64940bbaac', success rate: 1/1.
[2021-11-05 07:04:56Z INFO JobServerQueue] Try to append 1 batches web console lines for record 'bd9d7fdb-220c-55ed-823e-bc68ea8a7c7d', success rate: 1/1.
[2021-11-05 07:04:57Z INFO JobServerQueue] Try to upload 1 log files or attachments, success rate: 1/1.
[2021-11-05 07:04:58Z INFO JobServerQueue] Try to append 1 batches web console lines for record 'bd9d7fdb-220c-55ed-823e-bc68ea8a7c7d', success rate: 1/1.
[2021-11-05 07:06:51Z INFO JobServerQueue] Try to append 1 batches web console lines for record 'bd9d7fdb-220c-55ed-823e-bc68ea8a7c7d', success rate: 1/1.
[2021-11-05 07:07:52Z INFO ProcessInvokerWrapper] STDOUT/STDERR stream read finished.
[2021-11-05 07:07:52Z INFO ProcessInvokerWrapper] STDOUT/STDERR stream read finished.
[2021-11-05 07:07:52Z INFO ProcessInvokerWrapper] Exited process 1800 with exit code 0
[2021-11-05 07:07:52Z INFO ProcessInvokerWrapper] Finished process 1800 with exit code 0, and elapsed time 00:02:56.2370599.
[2021-11-05 07:07:52Z INFO StepsRunner] Step result: Failed
[2021-11-05 07:07:52Z INFO StepsRunner] Update job result with current step result 'Failed'.
[2021-11-05 07:07:52Z INFO StepsRunner] Current state: job state = 'Failed'

Specifying a custom staging resource group as per the example in the documentation does not appear to work and there appears to be no clear way to troubleshoot why.

"stagingResourceGroup": "/subscriptions//resourceGroups/",

The process should create the resource group and use it automatically, if the naming convention does not go against the standard resource group naming convention, but that does not appear to be the case.

Even if you create the resource group separately ahead of time, the process does not like it and creates its own IT_xxx resource group.

I am using AIB to build a WinServ2016 image with CIS hardening policies applied. Once the hardening policies are applied, the build seems to hang and I found this is because packer is not able to cleanup the temporary script it uploaded when looked through the customization.log:

With packer it is possible to use skip_clean to avoid this issue. Is there a similar option available with AIB or possibly made available in the near future?

Thanks