{"id":1439,"date":"2022-01-03T19:17:23","date_gmt":"2022-01-03T19:17:23","guid":{"rendered":"https:\/\/howden.net.au\/thowden\/?p=1439"},"modified":"2022-01-18T23:17:33","modified_gmt":"2022-01-18T23:17:33","slug":"windows-server-2019-openssh-installation","status":"publish","type":"post","link":"https:\/\/howden.net.au\/thowden\/2022\/01\/windows-server-2019-openssh-installation\/","title":{"rendered":"Windows Server 2019 OpenSSH Installation"},"content":{"rendered":"\n<p>Sometimes you just know &#8220;it will not be that easy&#8221;. In this case it is Windows Server 2019 OpenSSH Installation. <\/p>\n\n\n\n<p>Wanting to configure an SFTP server I had reviewed instructions <a rel=\"noreferrer noopener\" href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/administration\/openssh\/openssh_install_firstuse\" target=\"_blank\">Get Started with OpenSSH at Microsoft<\/a> a couple of sites and within the <a rel=\"noreferrer noopener\" href=\"https:\/\/techcommunity.microsoft.com\/t5\/itops-talk-blog\/installing-and-configuring-openssh-on-windows-server-2019\/ba-p\/309540\" target=\"_blank\">Microsoft Tech Community referenced Orin Thomas&#8217; page<\/a> on this topic. <\/p>\n\n\n\n<pre class=\"wp-block-syntaxhighlighter-code\">Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0<\/pre>\n\n\n\n<p>Seems so simple !<\/p>\n\n\n\n<pre class=\"wp-block-syntaxhighlighter-code\">Add-WindowsCapability failed. Error code = 0x800f0954<\/pre>\n\n\n\n<p>So that is broken. Why?  Apparently it is related to permissions for downloading updates or software directly from the interwebs. <\/p>\n\n\n\n<p>A quick search reveals a couple of solution pages including this one at <a rel=\"noreferrer noopener\" href=\"https:\/\/thesysadminchannel.com\/solved-add-windowscapability-failed-error-code-0x800f0954-rsat-fix\/\" target=\"_blank\">thesysadminchannel<\/a> which suggests a group policy edit:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Open <strong>gpedit.msc<\/strong><\/li><li>Go to <strong>Computer Configuration<\/strong> -&gt; <strong>Administrative Templates<\/strong> -&gt; <strong>System<\/strong><\/li><li>Open <strong>Specify settings for optional component installation and component repair<\/strong><\/li><li>Set to <strong>Enabled<\/strong><\/li><li>Check the box for <strong>Download Repair Content&#8230;.<\/strong> (directly rather than from WSUS)<strong> <\/strong><\/li><li>Finally, exit gpedit and back in Power Shell run <strong>gpupdate \/force<\/strong><\/li><\/ul>\n\n\n\n<p>So that made sense, but now I get this error:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/howden.net.au\/thowden\/files\/2022\/01\/image.png\"><img loading=\"lazy\" decoding=\"async\" width=\"616\" height=\"192\" src=\"https:\/\/howden.net.au\/thowden\/files\/2022\/01\/image.png\" alt=\"\" class=\"wp-image-1440\" srcset=\"https:\/\/howden.net.au\/thowden\/files\/2022\/01\/image.png 616w, https:\/\/howden.net.au\/thowden\/files\/2022\/01\/image-300x94.png 300w, https:\/\/howden.net.au\/thowden\/files\/2022\/01\/image-200x62.png 200w\" sizes=\"auto, (max-width: 616px) 100vw, 616px\" \/><\/a><figcaption>Add-WindowsCapability : Add-WindowsCapability failed. Error code = 0x8024500c<\/figcaption><\/figure>\n\n\n\n<p>Off on another search leads me to a <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/MicrosoftDocs\/windowsserverdocs\/issues\/2074\" target=\"_blank\">slightly related github discussion<\/a> and way-down-the-list of comments was this gem from <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/joshuayoerger\" target=\"_blank\">joshuayoerger<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Open regedit<\/li><li>Navigate to <code>Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU<\/code><\/li><li>Set <code>UseWUServer = 0x00000000 (0)<\/code><\/li><\/ul>\n\n\n\n<p>Josh also suggested a server restart, which I did not do, and the change in the setting was apparently sufficient as the server would now accept the command and not spit it back at me. <\/p>\n\n\n\n<p>As a final check, before continuing with configuration of the OpenSSH server, I ran this PowerShell command to check if it was installed as expected:<\/p>\n\n\n\n<pre class=\"wp-block-syntaxhighlighter-code\">PS C:\\windows\\system32> Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'\n\nName  : OpenSSH.Client~~~~0.0.1.0\nState : Installed\n\nName  : OpenSSH.Server~~~~0.0.1.0\nState : Installed<\/pre>\n\n\n\n<p>So that now looks better than the red error lines. Now to get on with configuring. <\/p>\n\n\n\n<p>Final thoughts: Why would WSUS be configured for a stand-alone server? and if it is then surely it is just a proxy for getting updates in any case, and should be used auto-magically. Apparently what is happening here is that in the Microsoft &#8216;user-friendly pretty picture interface&#8217; WSUS works quietly in the background doing the updates, but if we step into the dark-side of command lines, the &#8216;GetWindowsCapability&#8217; command is not intelligent enough to know that it might want to check-in with WSUS first before doing a dummy-spit.<\/p>\n\n\n\n<p>Related topics are:<\/p>\n\n\n\n<p><a href=\"\/thowden\/2022\/01\/change-the-port-for-openssh-on-windows-2019\/\">Change the Port for OpenSSH on Windows 2019<\/a><\/p>\n\n\n\n<p><a href=\"\/thowden\/2022\/01\/configure-openssh-sftp-on-windows-2019\/\">Configure OpenSSH SFTP on Windows 2019<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sometimes you just know &#8220;it will not be that easy&#8221;. In this case it is Windows Server 2019 OpenSSH Installation. Wanting to configure an SFTP server I had reviewed instructions Get Started with OpenSSH at Microsoft a couple of sites and within the Microsoft Tech Community referenced Orin Thomas&#8217; page on this topic. Seems so [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[127,22],"tags":[],"class_list":["post-1439","post","type-post","status-publish","format-standard","hentry","category-openssh","category-windows-servers"],"_links":{"self":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/1439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/comments?post=1439"}],"version-history":[{"count":4,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/1439\/revisions"}],"predecessor-version":[{"id":1460,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/1439\/revisions\/1460"}],"wp:attachment":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/media?parent=1439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/categories?post=1439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/tags?post=1439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}