In preparation for launch of the guide, it needs moving to the chocolatey organization.

The transfer has already happened, but we will need to adjust all the scripting to point to the new location for the repo.

Specifically, the Start-C4bSetup.ps1 needs to be updated here:

Also, the Readme itself, in Step 1:
https://github.com/chocolatey/choco-quickstart-scripts/blob/main/README.md#step-1-preparation-of-c4b-server

We'll have to go through and ensure that no other references are out-of-date.

When we run choco install we should pass --no-progress to keep output trimmed down.

When @ryanrichter94 runs the QuickStart scripts on his old Windows Server 2019 VM, he is intermittently seeing failures in the Jenkins website coming up.

Usually, a Restart-Service Jenkins brings it up fine, but incorporating this step into the script itself does not work.

Further troubleshooting and repro may be needed.

Need to add a choco apikey command to the SSL script right after this line:

Can take this line out of the Nexus script:

In the Jenkins jobs Update test repo from CCM and Update Prod Repo the file paths in the powershell within Jenkins are wrong.

This is purely an enhancement to improve the User Experience.

It would be handy to automatically open all 3 web portals (CCM, Nexus, Jenkins) in the user's web browser.

This prompt could allow a pressing of any key to override, but otherwise proceed to just open the sites in a browser after, let's say, 10 seconds.

Leverage stuff from TreasureChest so we can use the API directly without needing to mess with script execution settings.

The following line in the Start-C4bCCMSetup.ps1 script on a Windows Server 2016 box installs IIS:

However, on a Windows Server 2016 box, a reboot is required before IIS install completes. None of the IIS components are available to the later parts of this script, in setting up the requisite installs for chocolatey-management-web.

This issue does not occur in Windows Server 2019 or 2022. We will have to adjust the setup scripts to account for this difference in some way.

The following code that edits the Nexus config makes the Set-SslSecurity.ps1 unable to be run multiple times, if needed:

We'd like to make this idempotent.

The CCM service runs on Kestrel in DotNet Core now, no need to fix bindings as it is all in-proc.

At the end of the entire process we need to drop a document on the desktop with url and default account information for all services provisioned as part of the guide.

Currently, the Start-C4bSetup.ps1 script utilizes ch0.co short URI's as a convenience for the user. As some organizations block the usage of short URI's for security (although one could argue that's counter-intuitive), it would behoove us to use the raw file URI's directly from this repo.

Description

The Chocolatey Source entry for the ChocolateyInternal Source never gets updated within Chocolatey via a choco source add command after Set-SslSecurity.ps1 is run. Thus the wrong port number for nexus is being used. It needs changing from the default 8081 to 8443 when enabling SSL.

Console Output

This is my Chocolatey source entry after running the Set-SslSecurity.ps1. I tried installing the chocolatey-agent package which i confirmed is on my ChocolateyInternal repository. Also verified my repo is accessable at https://chocosever:8443

Chocolatey v0.10.15 Business
Installing the following packages:
chocolatey-agent
By installing you accept licenses for the packages.
Error retrieving packages from source 'http://localhost:8081/repository/ChocolateyInternal/':
 Unable to connect to the remote server
Progress: Downloading chocolatey-agent 0.11.2... 100%

chocolatey-agent v0.11.2
chocolatey-agent package files install completed. Performing other installation steps.
Installing Windows service named 'chocolatey-agent' pointing to 'C:\ProgramData\chocolatey\lib\chocolatey-agent\tools\service\chocolatey-agent.exe'...
Installing service chocolatey-agent...
Service chocolatey-agent has been successfully installed.
Creating EventLog source chocolatey-agent in log Application...
Windows service named 'chocolatey-agent' successfully installed.
Starting Windows service named 'chocolatey-agent' if it is not running...
 The install of chocolatey-agent was successful.
  Software install location not explicitly set, could be in package or
  default install location if installer.

Chocolatey installed 1/1 packages.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
PS C:\choco-setup\files\scripts> choco source
Chocolatey v0.10.15 Business
chocolatey - https://chocolatey.org/api/v2/ | Priority 0|Bypass Proxy - False|Self-Service - False|Admin Only - False.
chocolatey.licensed - https://licensedpackages.chocolatey.org/api/v2/ (Authenticated)| Priority 10|Bypass Proxy - False|Self-Service - False|Admin Only - False.
ChocolateyInternal - http://localhost:8081/repository/ChocolateyInternal/ | Priority 1|Bypass Proxy - False|Self-Service - False|Admin Only - False.
PS C:\choco-setup\files\scripts>

The main README.md file contains a draft of the actual QuickStart Guide V2 that we plan to PR to docs.chocolatey.org.

This doc needs to be updated to reflect the new process.

This is a bit of a problem, and we need to support them similarly to how we do in QDE.

It would be great to have a method for triggering the entire QuickStart process, without having to run each script one-by-one. This would make testing easier as well.

As per #85 which installs chocolatey-agent on the server, and then checks in to CCM, the C4B Server is not checking into itself.

The agent log states the following:

2021-10-22 14:45:41,972 6 [ERROR] - Unable to set up central management reporting and checking for
 deployments. It appears you've enabled the feature
 'useChocolateyCentralManagement', but you have not defined the
 management service url. Please ensure you set the configuration
 value centralManagementServiceUrl (e.g. 'choco config
 set centralManagementServiceUrl
 https://<location>:<port>/ChocolateyManagementService'). For more
 information, please see
 https://chocolatey.org/docs/features-chocolatey-central-management.

Again, @steviecoaster, assigning this you Sir. Please investigate.

Current environments (like QDE) have a test repo setup as a best practice.

We should add one here to keep things consistent. This will benefit Jenkins setup staying the same as other env's as well.

Wanna look into making it so if you attempt to call any of the QSG setup scripts via the Powershell_ISE.exe application. Powershell will throw an error saying to not do this and run via Windows Powershell.

These tasks were split out from #9, and include:

• Secure Nexus repo with credential
• Turn on CCM Client & Service Salts
• Generate Register-InternetEndpoint.ps1 script to pair with a ClientSetup.ps1 script

As a way to help users fall only into the "Pit of Success" (😂), it would be helpful to have some pre-flight checks run by the user, to ensure they have all the pieces in place before beginning to deploy. This could be Pester tests, or simple functions that check for certain prerequisites. This process could also be interactive, to get input from the end-user as well.

Some ideas for prerequisites to check for:

• Does the C4B Server have Internet access?
• Is it going to be Internet-enabled? If so:
  • Do you have a public IP?
  • Do you have a Fully-Qualified Domain Name (FQDN) resolving to that public IP?
  • Do you have an SSL certificate with an exportable private key for this FQDN?

Currently, all the setup scripts referenced in this guide start with a Start-Transcript command, that has a malformed format:

Current:
Get-Date -Format 'yyyyMMdd-hhmmss'

Should be:
`Get-Date -Format 'yyyyMMdd-HHmmss'

This should be an easy fix; documented here for clarity.

Small enhancement is to call the following lines in the client setup file as choco upgrade calls instead of currently being choco install ones. Mainly to make the script more idempotent in case any of these packages are already installed on an endpoint you run the Register-C4bEndpoint.ps1 script against.

Lines to change for reference:

In the appliance, scripts that Jenkins jobs rely on live on the root of C:\ in a scripts folder.

To provide parity with the appliance experience, we need to adjust the way we handle the configuration of Jenkins during that step of the Guide.

Add similar functionality to the New-SSLCertificate.ps1 Set-QdeInternetSecurity.ps1 script, which do the following:

• Generate a new SSL cert
• Add cert to appropriate cert stores
• Add cert to CCM Web
• Add cert to Nexus Web

Description of Issue

Get the following error when running the Start-C4bJenkinsSetup.ps1 in step 6 of setup. Script fails when trying to run line 172 of the script to remove the JSON files. Does not continue to prompt to bring the services sites up in browser because of this.

Console Output

Cleaning up temporary data
Remove-Item : Cannot find path 'C:\choco-setup\files\ccm.json' because it does not exist.
At C:\choco-setup\files\scripts\Get-Helpers.ps1:1104 char:70
+ ... JsonPath  -Filter '*.json' | Foreach-Object { Remove-Item $_ -Force }
+                                                   ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\choco-setup\files\ccm.json:String) [Remove-Item], ItemNotFoundExcept
   ion
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand

As the Chocolatey Central Management packages have been updated to v 0.6.0, we now have different dependencies required at different steps in the process as well.

Firstly the following packages now require a minimum of v 3.1.16:

• aspnetcore-runtimepackagestore
• dotnetcore-windowshosting

Also, as a result of moving to aspnet-core as a requirement, the above dependencies are now required earlier on in the scripting. Before, only CCM Web required the above. Now, CCM DB and CCM Service also depend on them.

All the above logic will need to be added to the Start-C4bCcmSetup.ps1 script.

As per comments from the following PR: #28

We are planning to add back the internalization and push of Chocolatey packages form the Chocolatey Licensed feed. This will encourage usage of packages like chocolateygui.extension, as well as improve the stability of the install tasks.

We are using the new Edge (Chromium) in this setup, as it is a Microsoft product, and thus preferred by our users when setting up Windows Servers.

As such, it would be nice to not have Edge prompt for setup on first-run. This will reduce the number of clicks. Also, these are servers, so the Admins will likely NOT be logging to their Microsoft accounts on the browser.

Currently the URL references for the different services on the VM are written as plain text within the Desktop Readme. Think it would be a nice to format these URLs as clickable Hyperlinks within the Readme file instead.

When running Set-SSLSecurity.ps1, starting the ChocolateyCentralManagement has failed on one occasion with the following error:

start-webitem : The object identifier does not represent a valid object. (Exception from HRESULT: 0x800710D8)
At C:\choco-setup\files\Set-SSLSecurity.ps1:110 char:5
+     Start-Website ChocolateyCentralManagement
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [Start-WebItem], COMException
+ FullyQualifiedErrorId : InvalidOperation,Microsoft.IIs.PowerShell.Provider.StartItemCommand

We may have to build a wait or check into this.

First, thanks for the updated v2 quickstart guide; it really seems to ease complexity of setup.

However, I am in need of a hostname change in the scripts and in the certificates as I'm not satisfied with the default, which is not detailed in the readme nor on the website. I do find a section on this at the QDE docs so I am assuming the same advice holds for the quickstart setup. Am I assuming this correctly? If so, I would like to suggest adding it to docs here too.

Installing the dotnetcore-sdk package in the Start-C4bCcmSetup.ps1 requires confirmation (-y).

This is something I missed when adding this dependency in the last PR. 🤦🏼

Apologies.

This guide was originally written with the Jenkins setup as the last step. As we're now incorporating SSL setup into this guide, the SSL setup script will now be the final script. Therefore, the logic and code that pops up the 3 web portals should be moved to the end of the SSL setup script.

When people bring their own SSL cert, we would like to support the ability to secure Nexus and CCM.

The steps for this are the same as outlined here:
https://docs.chocolatey.org/en-us/quick-deployment/setup/internet-setup#nexus-setup
https://docs.chocolatey.org/en-us/quick-deployment/setup/internet-setup#ccm-setup

Two things to tackle in Set-SslSecurity.ps1:

• Creating a ChocoRole and ChocoUser credential in Nexus (and disable anonymous access)
• Generate CCM Client & Service Salts, and add them to the Register-C4bEndpoint.ps1 script to pass to ClientSetup.ps1

Downloading, internalizing, and pushing one-time use packages is currently taking up quite a bit of setup time.

We need to explore the possibility of cutting down the amount of packages we internalize and push, especially if they will not be reused again.

In initial testing, this can potentially halve the total setup time, from 1 hour to 30 minutes.

On Windows Server 2016 specifically, setting the following registry key fails:

Error:

Set-ItemProperty : Cannot find path 'HKLM:\SOFTWARE\Microsoft\Edge\' because it does not exist.
At C:\choco-setup\files\Start-C4BNexusSetup.ps1:993 char:5
+     Set-ItemProperty @RegArgs
+     ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (HKLM:\SOFTWARE\Microsoft\Edge\:String) [Set-ItemProperty], ItemNotFound
   Exception
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetItemPropertyCommand

I have been able to consistently reproduce a bug with the generation of the Readme.html file on the desktop:

New-QuickstartReadme : The term 'https://${HostName}:8443' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At C:\choco-setup\files\Start-C4bJenkinsSetup.ps1:177 char:1
+ New-QuickstartReadme
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (https://${HostName}:8443:String) [New-QuickstartReadme], CommandNotFoun
   dException
    + FullyQualifiedErrorId : CommandNotFoundException,New-QuickstartReadme

This is called in the Start-C4bJenkinsSetup.ps1, and the code for this function is here:

This error is new, and could be the result of not testing #84 throughly enough?

@steviecoaster , I'm assigning this to you Sir.

Need to add the installation of the chocolatey-agent package onto the end of the StartC4bCcmSetup.ps1 script, so that the agent gets installed on the server itself. Mainly so you get reporting on the sever as well as a machine entry checking in when you login to CCM for the first time to verify it is working. Also it does count as a licensed machine in your licensed machine count then.

In current versions of QDE, a site on port 80 hosts an "Import-ChocoServerCertificate.ps1" script, in order to help endpoint clients trust the self-signed cert of the QDE server.

The same mechanism should exist here in this guide.

Need to edit the ChocolateyInstall script to not be passed as a string as it is currently written. But to mirror how we are passing this as in QDE currently.

Copy/paste happy makes for a bug in a script. Quick changes to use appropriate values in a foreach loop will fix this up.

This guide needs an easy ClientSetup.ps script, hosted in the raw choco-install repo, to help users easily install the requisite C4B packages on their endpoints, and onboard them to CCM.

As the Jenkins Chocolatey package will now be updated beyond 2.222.4, and QDE in Azure is removing the pin for this version going forward, we plan to continue our feature parity with Azure QDE by removing the pinned version for Jenkins in QSG as well.

Newer versions of Jenkins will, of course, need to be tested to support QSG code functionality. However, this issue is simply for removing the code to pin the version.

We'd like to be able to use the QuickStart Guide on ALL currently-supported Windows Server OS's. This guide is meant to be opinionated, and as such we have no intention of supporting non-WMF/PowerShell 5.1 devices.

As such, we're looking to test the Guide on:

• Windows Server 2016
• Windows Server 2019
• Windows Server 2022

We're not as worried about 1809-20H2 releases, as supporting major version OS's above and below them should cover those as well.

We still require the addition of the Jenkins setup to this server. This should include:

• Choco install of the package
• Version-pinning, if required
• Pre-downloaded Jenkins scripts for Package Internalizer automation
• Pre-defined Jenkins jobs for the scripts above

This is a part of a long-term plan to support Offline mode.

We would like to have The Quick-Start Guide (QSG) work whether there is reliable access to the Chocolatey Community Repo (CCR) and Chocolatey Licensed Repo. This is important as a first step for Folks who are attempting to deploy QSG on air-gapped servers.

As well, it'll help when we demo to have a more consistent experience, not limited by bandwidth issues.

To enable this, we can take a few approaches:

1. Have a separate script that downloads/internalizes all packages and resources required for additional steps ahead of time
2. Have a pre-baked archive downloaded that contains the above

Regardless of the approach we choose, we will have to refactor the existing scripts to account for an "Offline" method. This could be as simple as an -Offline switch parameter, that gets conditionally evaluated any time there's a download step.

Go through and upgrade the Import-ChocoServerCertificate script to handle the occasional SSPI inner exception error that is scene with the current version of the script.

Add as new line 88 in the Start-C4bCcmSetup.ps1.

# Starting with v0.6.2 of the CCM Database package, it uses dotnetcore-sdk so that it may be installed on a system without requiring IIS. At the time of publishing, the most recent version of this package is 3.1.410, but later package versions (within the 3.x.x release) are expected to work
choco install dotnetcore-sdk --version 3.1.410 --source $Ccr --no-progress -y

Ideally, there is data we'd like to pass between scripts (e.g. NuGet API key), that would be helpful for the user and Support to have handy. We already have transcript files, but those aren't always easy to get this info from.

For the time being, we can output these as JSON settings files from each script, that other scripts can read from.

We can always iterate a different direction later.