Why is AWS-ConfigureWindowsUpdate SSM Run Command Failing?
Question
Enabling or Disabling Windows Updates with SSM Run Command
AWS-ConfigureWindowsUpdate
When running the command, it downloads a PowerShell script to my EC2 at "C:\\ProgramData\\Amazon\\Ec2Config\\Downloads\\aws_psModule\\" with a random name
When the PowerShell script executes, it downloads "Amazon.ConfigureWindowsUpdate-1.2.zip" to "%Temp%" and then unzips it to "%WinDir%\\System32\\WindowsPowerShell\\v1.0\\Modules"
The script looks to be failing at Line 32 with the .CopyHere function where it is unzipping
Pastebin of Powershell Script: 1b3hh3oy.k51.ps1
(New-Object -Com Shell.Application).namespace($powerShellModuleLocation).CopyHere((New-Object -Com Shell.Application).namespace($tempLocation).Items(), 16)
Output:
Obtaining instance region from instance metadata.
Downloading ConfigureWindowsUpdate PowerShell module from S3.
Verifying SHA 256 of the ConfigureWindowsUpdate PowerShell module zip file.
ExtractingConfigureWindowsUpdate zip file contents to the Windows PowerShell module folder.
--------------ERROR-------------- C:\\ProgramData\\Amazon\\Ec2Config\\Downloads\\aws_psModule\\1b3hh3oy.k51.ps1 :
Exception thrown while downloading ConfigureWindowsUpdate PowerShell module with message: Exception has been thrown by the target of an invocation.
At line:1 char:1 + . 'C:\\ProgramData\\Amazon\\Ec2Config\\Downloads\\aws_psModule\\1b3hh3oy.k51.ps1' ; ex ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,1b3hh3oy.k51.ps1
Other Details:
- I have micro EC2 of Windows Server Core 2012 R2 running
- I have successfully used AWS-RunPowerShellScript command a few times from AWS Console
- I ran AWS-ConfigureWindowsUpdate through the AWS Console and it fails
- I remote connected to server and ran the powershell script with administrator privileges and get same error
1 answers
solution1
2 2016-07-05 22:06:24
You are correct, the exception is occurring on the call out to the Shell namespace for extracting the cmdlet payload. The COM namespace for Shell access is not included in the Core release so the ConfigureWindowsUpdate script fails when extracting the cmdlet.
Currently there is a workaround available for Windows Server Core AMIs and a more complete fix is currently being investigated. The workaround involves creating a custom ConfigureWindowsUpdate document with a tweak to fix the extraction process.
Below is a function that would replace the call to
(New-Object -Com Shell.Application).namespace($powerShellModuleLocation).CopyHere((New-Object -Com Shell.Application).namespace($tempLocation).Items(), 16)
function ExtractZipCoreOs($zipFilePath, $destPath) {
try
{
[System.Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") | Out-Null
$zip = [System.IO.Compression.ZipFile]::OpenRead($zipFilePath)
foreach ($item in $zip.Entries) {
$extractedPath = Join-Path $destPath $item.FullName
if ($item.Length -eq 0) {
if ((Test-Path $extractedPath) -eq 0) {
mkdir $extractedPath | Out-Null
}
} else {
$fileParent = Split-Path $extractedPath
if ((Test-Path $fileParent) -eq 0) {
mkdir $fileParent | Out-Null
}
[System.IO.Compression.ZipFileExtensions]::ExtractToFile($item,(Join-Path -Path $powerShellModuleLocation -ChildPath $item.FullName), $true)
}
}
}
catch
{
throw "Error encountered when extracting ConfigureWindowsUpdate zip file.`n$($_.Exception.Message)"
}
finally
{
$zip.Dispose()
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.