Share via

OpenSSH service fails to start on azure provided WindowsServer offer on sku: 2019-datacenter-core-g2

Papp Levente Laszlo 55 Reputation points
2024-10-09T10:02:56.7433333+00:00

On the latest update deployed to the sku (17763.6414.241004) the sshd service fails to start.

Here is my installation script:

# echo "debug waiting"
# Start-Sleep -Seconds 3600

# add openssh server as windows capability
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
echo "openssh server installed"

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
echo "firewall rule created"
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
echo "default cli set"

echo "done"
echo ""

if ($(Get-Service ssh-agent | Select-Object StartType).StartType -eq "Disabled") {
    Write-Output "ssh-agent service is disabled. Setting it to Manual."
    Get-Service -Name ssh-agent | Set-Service -StartupType Manual
}

# Start the sshd service
Start-Service sshd

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'

The error log of the script on version 17763.6414.241004:

Path          :
Online        : True
RestartNeeded : False

openssh server installed
Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists.
firewall rule created

DefaultShell : C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE
PSChildName  : OpenSSH
PSDrive      : HKLM
PSProvider   : Microsoft.PowerShell.Core\Registry

default cli set
done

ssh-agent service is disabled. Setting it to Manual.
Start-Service : Service 'OpenSSH SSH Server (sshd)' cannot be started due to the following error: Cannot start service
sshd on computer '.'.
At C:\Windows\Temp\script-67064342-7603-a1fd-d79e-c600276fad38.ps1:28 char:1
+ Start-Service sshd
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
   ServiceCommandException
    + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand

The output of this same script on sku version 17763.6293.240905:

Path          :
Online        : True
RestartNeeded : False
openssh server installed
Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists.
firewall rule created
DefaultShell : C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE
PSChildName  : OpenSSH
PSDrive      : HKLM
PSProvider   : Microsoft.PowerShell.Core\Registry
default cli set
done
ssh-agent service is disabled. Setting it to Manual.

I can confirm that both of these scripts ran on a fresh agent deployed by packer azure-arm.

The precise identifier of the base image is:

image_publisher = "MicrosoftWindowsServer"
image_offer     = "WindowsServer"
image_sku       = "2019-datacenter-core-g2"
# image_version = "17763.6293.240905" working version
# image_version = "17763.6414.241004" latest (broken) version
Windows for business | Windows Server | User experience | Other

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Papp Levente Laszlo 55 Reputation points
    2025-10-15T06:01:17.34+00:00

    Pretty old issue, but as @Lautaro Vega Scordo described, it indeed works if you install the openssh from their github releases.

    His answer:
    ✅ [SOLVED] SSH not working on Windows Server 2019 Core (Azure VM)

    I managed to solve the SSH issue by installing OpenSSH manually from GitHub (Win32-OpenSSH), since the default Windows capability was incomplete on my Server Core image.

    Here are the exact steps I ran (PowerShell as Administrator → open PowerShell → Start-Process powershell -Verb runAs):

    1️⃣ Download OpenSSH package

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    $url = "https://github.com/PowerShell/Win32-OpenSSH/releases/download/v9.5.0.0p1-Beta/OpenSSH-Win64.zip"

    $output = "$env:TEMP\OpenSSH-Win64.zip"

    Invoke-WebRequest -Uri $url -OutFile $output

    2️⃣ Extract it to Program Files

    Expand-Archive -Path $output -DestinationPath "C:\Program Files" -Force

    3️⃣ Navigate to the folder

    cd "C:\Program Files\OpenSSH-Win64"

    4️⃣ Install the SSH service

    .\install-sshd.ps1

    5️⃣ Start and configure the services

    Start-Service sshd

    Set-Service -Name sshd -StartupType Automatic

    Start-Service ssh-agent

    Set-Service -Name ssh-agent -StartupType Automatic

    6️⃣ Add firewall rule for SSH inbound traffic

    New-NetFirewallRule -DisplayName "OpenSSH Server (Inbound)" ` -Direction Inbound -Protocol TCP -LocalPort 22 -Action Allow

    After this, SSH worked perfectly on my Windows Server 2019 Datacenter Core (smalldisk) image.

    Hopefully this helps anyone struggling with the same issue — especially on Azure VMs where the built-in OpenSSH capability sometimes fails to register the service. 🚀

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.