From c2585d8fb8c4face8a68d2074c9acacf7fc5c8fd Mon Sep 17 00:00:00 2001
From: Michael Li <michael.li@hashicorp.com>
Date: Fri, 12 Sep 2025 14:02:12 -0400
Subject: [PATCH] chore(e2e): Allow worker task on windows instances to run
 indefinitely (#6043)

* chore(e2e): Allow worker to run indefinitely

* chore(e2e): Add time sync to ensure windows instances are in sync

* CR: Remove semicolons
---
 enos/modules/aws_rdp_domain_controller/main.tf     |  9 +++++++++
 enos/modules/aws_rdp_member_server/main.tf         |  9 +++++++++
 .../aws_rdp_member_server_with_worker/main.tf      |  9 +++++++++
 .../scripts/setup.ps1                              | 14 +++++++++++---
 4 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/enos/modules/aws_rdp_domain_controller/main.tf b/enos/modules/aws_rdp_domain_controller/main.tf
index 68668560df..aa8d48fb15 100644
--- a/enos/modules/aws_rdp_domain_controller/main.tf
+++ b/enos/modules/aws_rdp_domain_controller/main.tf
@@ -271,6 +271,15 @@ resource "aws_instance" "domain_controller" {
 
   user_data = <<EOF
                 <powershell>
+                  # Configure the server to use reliable external NTP sources and mark itself as reliable
+                  # We use pool.ntp.org, a public cluster of time servers. 0x9 flag means Client + SpecialInterval.
+                  w32tm /config /manualpeerlist:"pool.ntp.org,0x9" /syncfromflags:manual /reliable:yes /update
+                  # Restart the Windows Time service to apply the new configuration
+                  Stop-Service w32time
+                  Start-Service w32time
+                  # Force an immediate time synchronization
+                  w32tm /resync /force
+
                   $password = ConvertTo-SecureString ${random_string.DSRMPassword.result} -AsPlainText -Force
                   Add-WindowsFeature -name ad-domain-services -IncludeManagementTools
 
diff --git a/enos/modules/aws_rdp_member_server/main.tf b/enos/modules/aws_rdp_member_server/main.tf
index 19f4bc60c1..470a3d6d61 100644
--- a/enos/modules/aws_rdp_member_server/main.tf
+++ b/enos/modules/aws_rdp_member_server/main.tf
@@ -61,6 +61,15 @@ resource "aws_instance" "member_server" {
 
   user_data = <<EOF
                 <powershell>
+                  # Configure the server to use reliable external NTP sources and mark itself as reliable
+                  # We use pool.ntp.org, a public cluster of time servers. 0x9 flag means Client + SpecialInterval.
+                  w32tm /config /manualpeerlist:"pool.ntp.org,0x9" /syncfromflags:manual /reliable:yes /update
+                  # Restart the Windows Time service to apply the new configuration
+                  Stop-Service w32time
+                  Start-Service w32time
+                  # Force an immediate time synchronization
+                  w32tm /resync /force
+
                   %{if var.server_version != "2016"~}
                   # set variables for retry loops
                   $timeout = 300
diff --git a/enos/modules/aws_rdp_member_server_with_worker/main.tf b/enos/modules/aws_rdp_member_server_with_worker/main.tf
index a1c87f1d39..4685339b2d 100644
--- a/enos/modules/aws_rdp_member_server_with_worker/main.tf
+++ b/enos/modules/aws_rdp_member_server_with_worker/main.tf
@@ -87,6 +87,15 @@ resource "aws_instance" "worker" {
 
   user_data = <<EOF
                 <powershell>
+                  # Configure the server to use reliable external NTP sources and mark itself as reliable
+                  # We use pool.ntp.org, a public cluster of time servers. 0x9 flag means Client + SpecialInterval.
+                  w32tm /config /manualpeerlist:"pool.ntp.org,0x9" /syncfromflags:manual /reliable:yes /update
+                  # Restart the Windows Time service to apply the new configuration
+                  Stop-Service w32time
+                  Start-Service w32time
+                  # Force an immediate time synchronization
+                  w32tm /resync /force
+
                   # set variables for retry loops
                   $timeout = 300
                   $interval = 30
diff --git a/enos/modules/aws_rdp_member_server_with_worker/scripts/setup.ps1 b/enos/modules/aws_rdp_member_server_with_worker/scripts/setup.ps1
index 2e36a12187..0583464725 100644
--- a/enos/modules/aws_rdp_member_server_with_worker/scripts/setup.ps1
+++ b/enos/modules/aws_rdp_member_server_with_worker/scripts/setup.ps1
@@ -19,11 +19,19 @@ $newPath = $existingPath + ";" + $destination
 )
 
 # create a trigger that will run boundary at startup
-$trigger = New-JobTrigger -AtStartup
+$trigger = New-ScheduledTaskTrigger -AtStartup
 $configPath = Join-path ${test_dir} -ChildPath "worker.hcl"
 $jobLog = Join-path ${test_dir} -ChildPath "worker.out"
-$command = "boundary server -config `"$configPath`" *> $jobLog"
-Register-ScheduledJob boundary -ScriptBlock ([ScriptBlock]::Create($command)) -Trigger $trigger
+
+New-Item -Path C:/Test/worker_task.ps1 -ItemType File -Value "boundary server -config $configPath *> $jobLog"
+$action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-File C:/Test/worker_task.ps1'
+Register-ScheduledTask -TaskName "boundary" -Action $action -Trigger $trigger -User "SYSTEM" -RunLevel Highest -Force
+
+# set the task to have no execution time limit
+$Task = Get-ScheduledTask -TaskName "boundary"
+$Task.Settings.ExecutionTimeLimit = "PT0H" # zero hours
+Set-ScheduledTask $Task
 
 # Restart the computer to apply changes
+# Needed for adding the computer to the domain from the user_data script
 shutdown -r -t 10