Windows Server 2019 OpenSSH Installation

Sometimes you just know “it will not be that easy”. In this case it is Windows Server 2019 OpenSSH Installation.

Wanting to configure an SFTP server I had reviewed instructions Get Started with OpenSSH at Microsoft a couple of sites and within the Microsoft Tech Community referenced Orin Thomas’ page on this topic.

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~

Seems so simple !

Add-WindowsCapability failed. Error code = 0x800f0954

So that is broken. Why? Apparently it is related to permissions for downloading updates or software directly from the interwebs.

A quick search reveals a couple of solution pages including this one at thesysadminchannel which suggests a group policy edit:

  • Open gpedit.msc
  • Go to Computer Configuration -> Administrative Templates -> System
  • Open Specify settings for optional component installation and component repair
  • Set to Enabled
  • Check the box for Download Repair Content…. (directly rather than from WSUS)
  • Finally, exit gpedit and back in Power Shell run gpupdate /force

So that made sense, but now I get this error:

Add-WindowsCapability : Add-WindowsCapability failed. Error code = 0x8024500c

Off on another search leads me to a slightly related github discussion and way-down-the-list of comments was this gem from joshuayoerger:

  • Open regedit
  • Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  • Set UseWUServer = 0x00000000 (0)

Josh also suggested a server restart, which I did not do, and the change in the setting was apparently sufficient as the server would now accept the command and not spit it back at me.

As a final check, before continuing with configuration of the OpenSSH server, I ran this PowerShell command to check if it was installed as expected:

PS C:\windows\system32> Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

Name  : OpenSSH.Client~~~~
State : Installed

Name  : OpenSSH.Server~~~~
State : Installed

So that now looks better than the red error lines. Now to get on with configuring.

Final thoughts: Why would WSUS be configured for a stand-alone server? and if it is then surely it is just a proxy for getting updates in any case, and should be used auto-magically. Apparently what is happening here is that in the Microsoft ‘user-friendly pretty picture interface’ WSUS works quietly in the background doing the updates, but if we step into the dark-side of command lines, the ‘GetWindowsCapability’ command is not intelligent enough to know that it might want to check-in with WSUS first before doing a dummy-spit.

Related topics are:

Change the Port for OpenSSH on Windows 2019

Configure OpenSSH SFTP on Windows 2019

Leave a Reply

Your email address will not be published. Required fields are marked *