Unable to Deploy Lab with Vagrant

[null-default]

• Operating System Version: CentOS Linux release 7.9.2009
• Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): VirtualBox (Vagrant)
• Vagrant Version (if applicable): 2.2.14

I have verified that I'm using the most up-to-date version of the master branch.

Description of the issue:

While building the dc VM, the machine fails to build and stops Vagrant execution. This is presumably because a web request over HTTPS for the file autorunsc64.exe fails. Here's the full error message I receive:

The following WinRM command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

powershell -ExecutionPolicy Bypass -OutputFormat Text -file "C:\tmp\vagrant-shell.ps1"

Stdout from the command:

[19:19] Installing AutorunsToWinEventLog...


    Directory: C:\Program Files


Mode                LastWriteTime         Length Name                                             
----                -------------         ------ ----                                             
d-----        1/26/2021   7:19 PM                AutorunsToWinEventLog                            

Actions            : {MSFT_TaskExecAction}
Author             : 
Date               : 
Description        : 
Documentation      : 
Principal          : MSFT_TaskPrincipal2
SecurityDescriptor : 
Settings           : MSFT_TaskSettings3
Source             : 
State              : Ready
TaskName           : AutorunsToWinEventLog
TaskPath           : \
Triggers           : {MSFT_TaskDailyTrigger}
URI                : \AutorunsToWinEventLog
Version            : 
PSComputerName     : 


Actions            : {MSFT_TaskExecAction}
Author             : 
Date               : 
Description        : 
Documentation      : 
Principal          : MSFT_TaskPrincipal2
SecurityDescriptor : 
Settings           : MSFT_TaskSettings3
Source             : 
State              : Ready
TaskName           : AutorunsToWinEventLog
TaskPath           : \
Triggers           : {MSFT_TaskDailyTrigger}
URI                : \AutorunsToWinEventLog
Version            : 
PSComputerName     : 

[19:19] AutorunsToWinEventLog installed. Starting the scheduled task. Future runs will begin at 11am




Stderr from the command:

powershell.exe : Invoke-WebRequest : Unable to connect to the remote server
    + CategoryInfo          : NotSpecified: (Invoke-WebReque...e remote server:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
At C:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\AutorunsToWinEventLog\Install.ps1:12 char:3
+   Invoke-WebRequest -Uri "https://live.sysinternals.com/autorunsc64.e ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

All of the SysInternals tool suite fall back to HTTP instead of HTTPS when they are being downloaded, but it looks like this request doesn't have a fallback and instead causes a failure.

With a quick check, I don't see where that Invoke-WebRequest call is being made from files in this repository. Is this something that can be band-aided locally?

[null-default]

Looks like HTTPS is being used to download Autorunsc64.exe from live.sysinternals.com, when it is actually being hosted over HTTP. I've submitted an issue and pull request to the windows-event-forwarding repository that the script is being pulled from...fingers crossed.

[clong]

Sigh, guess they're having HTTPS issues again. (See: https://twitter.com/DetectionLab/status/1339681638452629504?s=20)

I'll update the code on the DL side to insert a try/catch into the installer, but agreed that it would be preferred if this was fixed upstream in the windows-event-forwarding repository.

[clong]

Should be fixed here: c681c30

Try updating git and re-running.

[null-default]

Thanks for the quick response. I won't be able to re-run until tomorrow but I'll update this comment when I do.

EDIT: Confirmed that the fix has worked. Thanks @clong

[clong]

Just tested the workaround and it appears to work:

==> dc: Running provisioner: shell...
    dc: Running: scripts/install-autorunstowineventlog.ps1 as C:\tmp\vagrant-shell.ps1
    dc: [00:15] Installing AutorunsToWinEventLog...
    dc:     Directory: C:\Program Files
    dc: Mode                LastWriteTime         Length Name
    dc: ----                -------------         ------ ----
    dc: d-----        1/27/2021  12:15 AM                AutorunsToWinEventLog
    dc: HTTPS connection failed. Switching to HTTP :(
    dc: Actions            : {MSFT_TaskExecAction}
    dc: Author             :
    dc: Date               :
    dc: Description        :
    dc: Documentation      :
    dc: Principal          : MSFT_TaskPrincipal2
    dc: SecurityDescriptor :
    dc: Settings           : MSFT_TaskSettings3
    dc: Source             :
    dc: State              : Ready
    ```
    
    Marking this closed for now, but feel free to re-open or comment if you have issues