I have configured my Jenkins to execute a Linux instance on AWS EC2. This works absolutely fine and I am able to invoke Linux instances on EC2 via Jenkins. (Installed a couple of plugins; settings; creating custom Linux AMI etc.).

I want to run a Windows instance on EC2 via Jenkins. I have already setup a custom Windows AMI with Java installed and Winrm configured; a security group that allows TCP on port 445 and 5985; for SMB and Winrm respectively (https://issues.jenkins-ci.org/browse/JENKINS-4995).

I am able to invoke this Windows instance from Jenkins, but it never connects(just continues the loop "Connecting to ec2-54-191-40-110.us-west-2.compute.amazonaws.com(54.191.40.110) with WinRM as. Waiting for WinRM to come up. Sleeping 10s."

Please help me with the same.

you will need to create a new AMI and change the execution policy on it.

1. create a new machine from the AMI you mentioned above.

2. login to it and run the following from the cmd

   powershell Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine
   

3. take a new image.

4. configure the new AMI in jenkins.

and you are good to go.

I ran into similar problem. However in my case it turned out that I had windows firewall enabled and it was blocking port 445 which is required before the winrm connection as revealed by plugin source code: https://github.com/jenkinsci/ec2-plugin/blob/0278dd242a554ff200144b813122505f6d8dcd0e/src/main/java/hudson/plugins/ec2/win/WinConnection.java Look at the ping() method

I know it's been a long time since this post was created and this has probably been resolved. Anyway I created a step by step below to bring Jenkins Windows VMs with SSH using the Jenkins EC2 Plugin. I hope this is useful and helps someone.

Note: I had extreme slowdowns with WinRm. I opted to use SSH and that solved my problem getting extremely fast.

In the AWS EC2 VM that will be your image (AMI)

1. Configure OpenSSh on your Windows machine,
2. Create a public and private key pair
3. Add public key in C:\ProgramData\ssh\administrators_authorized_keys
4. Test VM access with your private key

On Jenkins

1. Configure Private Key in Jenkins Credentials (kind: SSH Username with private key)

On the AWS console

1. Configure a Secure group that allows connections on port 22 from your Jenkins server

In Jenkins in the "configure Clouds" menu

1. Create EC2 configuration by changing:
2. "AMI ID" configure the AMI that you configured the SSH
3. "EC2 Key Pair's Private Key" select the Private Key that you configured in Jenkins Credentials
4. "Remote user" set to Administrator
5. "AMI Type?" select "unix"
6. "Remote ssh port " set to 22.
7. "Override temporary dir location" put C:\Windows\Temp\
8. "Java Path" put "c:\Program Files\Microsoft\jdk-11.0.17.8-hotspot\bin\java.exe" (Or the path to your Java in the windows VM)
9. "Subnet IDs for VPC" write the AWS Secure group name you created
10. "Host Key Verification Strategy" select "accept-new"

To complete Rodrigo's answer, here are some useful commands to have your Windows AMI ready to be used as the template:

For installing OpenSSH on Windows Worker EC2 Instance:

INSTALL OPENSSH

• Open a PowerShell as Administrator and run:

  Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
  Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
  Set-Service sshd -StartupType Automatic
  Start-Service sshd
  cmd.exe /c netsh advfirewall firewall Add rule name="Open port 22" dir=in action=allow protocol=TCP localport=22
  

• Now edit: “C:\ProgramData\ssh\sshd_config” and set:

  PubkeyAuthentication yes
  PasswordAuthentication no
  

• Now restart service.

  Restart-Service sshd
  

• Be sure to open port 22 EC2's Security Group as well and try to telnet from the Jenkins server:

  curl -v telnet://windows-server-ip:22/
  

SET SSH KEYS

Public Key

• If connectivity works, create a public key (I used the PEM file when creating the Windows Worker).

  ssh-keygen -f windows-worker-jenkins.pem -y > windows-worker-jenkins.pub
  

• Now copy the windows-worker-jenkins.pub file on the Windows Worker on C:\ProgramData\ssh\administrators_authorized_keys as it states on Microsoft Documentation for OpenSSH. I used the terminal to 'echo' the result to the file directly.

  echo "ssh-rsa AAAAB3Nza....." > C:\ProgramData\ssh\administrators_authorized_keys
  

• You may require to tweak the permissions on the file.

  icacls.exe ""$env:ProgramData\ssh\administrators_authorized_keys"" /inheritance:r /grant ""Administrators:F"" /grant ""SYSTEM:F""
  

Private Key

• By default the ssh-agent service is disabled. Configure it to start automatically.

  Get-Service ssh-agent | Set-Service -StartupType Automatic
  

• Start the service

  Start-Service ssh-agent
  

• This should return a status of Running

  Get-Service ssh-agent
  

• Now load your key files into ssh-agent

  ssh-add $env:ProgramData\ssh\windows-worker-jenkins.pem
  

• Now test the connectivity from Jenkins Master

  ssh -i windows-worker-jenkins.pem Administrator@windows-server-ip
  

• When succeded, create an AMI of the server

Go to Jenkins, and follow Rodrigo's post.

Cheers!

Thanks a lot for detailed explanation. I'd like to add a bit. Got the following error

'C:\Program' is not recognized as an internal or external command

obviously because of space in Java path. Made it work by installing Java on path without spaces.