Terraform Error:

Error: imeout – last error: unknown error

azurerm_windows_virtual_machine.main: Still creating... [6m30s elapsed]
azurerm_windows_virtual_machine.main: Still creating... [6m40s elapsed]
│ Error: file provisioner error
│   with azurerm_windows_virtual_machine.main,
│   on pro.tf line 144, in resource "azurerm_windows_virtual_machine" "main":
│  144:    provisioner "file" {
│ timeout - last error: unknown error Post "": dial tcp connectex: A connection attempt
│ failed because the connected party did not properly respond after a period of time, or established connection failed because connected host
│ has failed to respond.


There are a few possible reasons for this error:

  • The virtual machine is not yet running.
  • The WinRM service is not running on the virtual machine.
  • The WinRM port is blocked on the virtual machine.
  • There is a network connectivity issue between Terraform and the virtual machine.

To troubleshoot this error, you can try the following:

  • Verify that the virtual machine is running.
  • Verify that the WinRM service is running on the virtual machine. You can do this by running the following command on the virtual machine:
Get-Service WinRM

If the WinRM service is not running, you can start it by running the following command:

Start-Service WinRM

  • Verify that the WinRM port is not blocked on the virtual machine. You can do this by running the following command on the virtual machine:
Test-NetConnection -ComputerName -Port 5986

If the connection test fails, you need to open the WinRM port on the virtual machine.

  • Verify that there is network connectivity between Terraform and the virtual machine. You can do this by running a ping test from Terraform to the virtual machine.

If you are still unable to resolve the error, you can try using a different connection type, such as SSH.

Here are some additional tips for troubleshooting WinRM connectivity issues:

  • Make sure that the WinRM firewall exceptions are enabled on the virtual machine.
  • Make sure that the WinRM service is listening on the correct port. By default, WinRM listens on port 5986.
  • Make sure that the WinRM service is configured to use HTTP or HTTPS.
  • Make sure that the WinRM service is configured to allow remote connections.
  • Make sure that the WinRM service is configured to use the correct authentication method. By default, WinRM uses NTLM authentication.

The error message indicates that Terraform is having trouble connecting to the newly created Azure VM over port 5986, which is the port for secure WinRM (Windows Remote Management). Terraform uses WinRM to run the provisioners, such as the file provisioner in your case.

Here are some troubleshooting steps and considerations to resolve the error:

  1. Ensure WinRM is Enabled: The Azure VM must have WinRM enabled and properly configured to accept connections. The default Azure Windows Server images often have WinRM enabled, but ensure it’s set up correctly.
  2. Security Rules: Double-check the network security group (NSG) rules to ensure port 5986 is open for inbound traffic. From the Terraform code you provided earlier, it seems you’ve set this up, but it’s worth double-checking in the Azure portal or using the Azure CLI.
  3. Self-Signed Certificates: If you’re using self-signed certificates for WinRM (which is often the case with default Azure images), ensure that the insecure option is set to true for the connection block in the VM resource. You’ve already done this in the provided code, but it’s a common oversight.
  4. VM Availability: Sometimes, the VM might take a while to become fully operational after creation. This includes network interfaces being properly initialized and services starting up. While Terraform does wait for the VM to report as “running”, there can still be a delay before everything is ready. One option could be to introduce a deliberate delay using a local-exec provisioner that simply waits for a few minutes before proceeding.
  5. Azure VM WinRM Extension: Azure provides an extension to ensure WinRM is correctly configured on the VM. Consider using the azurerm_virtual_machine_extension resource to ensure WinRM is set up correctly. This can be used to enable and configure WinRM on the VM after it’s created but before you try to use it.
  6. Connection Block: Make sure your connection block has the correct configuration. From the code you provided, it seems mostly correct, but make sure the host and other parameters are correct at runtime.
  7. Testing Connectivity: You can test WinRM connectivity from your local machine or another machine using PowerShell or other WinRM clients. This can help determine if the issue is with Terraform or with the VM/network itself.
  8. Review VM Logs: If possible, review the logs of the VM. You can do this by logging into the VM through the Azure portal or by using another method like RDP. The logs might provide clues if there are any issues with the VM or the WinRM service.
  9. Terraform Provider Version: Ensure you’re using a recent version of the azurerm provider. Sometimes bugs or issues are resolved in newer versions.
0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x