3. run ``*ansible -i host -m win_ping all -* with ansible version 2.9.4
response:-
192.152.1.21 | UNREACHABLE! => {
"changed": false,
"msg": "basic: HTTPSConnectionPool(host='192.152.1.21', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:897)'),))",
"unreachable": true
}
4. I followed [https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html](https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html) documentation to setup windows host. I run Upgrade-PowerShell.ps1,
As I have stated in the issue this has nothing to do with certificate validation. If it was you will be getting a completely separate error message saying something like “certificate verify error” or something like that. This is an error that Python/OpenSSL reports when it cannot negotiate a common TLS protocol between the itself and the Windows server.
You can run the following to try and get some more info
`
ANSIBLE_PYTHON=$(head -1 $(which ansible) | cut -c 3-)
echo $ANSIBLE_PYTHON # Used to just display what Python Ansible is using
$ANSIBLE_PYTHON --version
Make sure both match, if they don’t then the openssl binary is at a different path and these tests won’t indicate anything
$ANSIBLE_PYTHON -c “import ssl; print(ssl.OPENSSL_VERSION)”
openssl version
openssl s_client -connect hostname:5986
# Prints a list of ciphers and the protocols that the openssl supports, once again the binary should be the one Python is compiled against. openssl ciphers -s -v
`
In my example here is a snippet of what I receive from the s_client -connect command
@Jordan Borean Thank you for explaining this, I got this working with TLS1.2 script.
We need restart after applying this.
This issue we are facing just for Windows2008R2 machine with recent ansible upgrade.
Considering this powershell script while preparing windows host.
