Terraform – Azure – additional_unattend_content – InvalidParameter Error

For grins I was throwing my Packer autounattend.xml customization at an Azure marketplace VM to verify there wasn’t any funny business between the source file and what Terraform would send over.

Started with one simple config in a Terraform using templatefile() function to read so I could echo a canary file…all good.

Added a few more configs…still good.

Added the remainder of the original Packer configs…you better believe it blew right up:

Error: creating Windows Virtual Machine: (Name "{}" / Resource Group "{}"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: 

StatusCode=400 -- Original Error: Code="InvalidParameter" 

Message="The value of parameter windowsConfiguration.additionalUnattendContent.content is invalid." Target="windowsConfiguration.additionalUnattendContent.content"

So obviously I have some issue with a typo, CRLF line endings, and/or rogue DNS somehow – the usual suspects.

I start hunting and didn’t find anything out of place in the source file. However, other Terraform examples I’ve seen were either single line for the AutoLogon or only a handful of settings for FirstLogonCommands. The proverbial light bulb moment arrives and I decided to strip out the source file whitespace, terraform apply, and BAM – success!

What I found was that the source input file, in nicely formatted SynchronousCommand blocks, ended up being over 4100 characters in length and Azure eventually threw an error about it . Trimming whitespace dropped the source file length below 3700 characters and it was able to apply.

$source = get-content "C:\path\to\azure-firstlogoncommands.tftpl"

#standard format, tf apply error, view length
$source | % {$_.length} | Measure-Object -Sum

#whitespace removed, tf apply success, view length
(($source | % {$_.trim()}) -join '').length

#copy trimmed input to clipboard and paste to new file (or use set-content, redirect, etc)
(($source | % {$_.trim()}) -join '') | clip

I didn’t see this limitation mentioned in the docs but my SWAG is the limit comes in around 4096 characters.

Finally, one more thing I found from a somewhat recent reddit post which reported the same error. More than likely that was due to special characters needing translation vs not allowed. You’ll see the same translation from literal to escaped when using Windows Systems Image Manager to create autounattend.xml files.

< = &lt; 
> = &gt;
& = &amp;
" = &quot;
' = &apos;