I’m trying to get Ansible working with Windows Systems. I’m currently testing it against 2k8 box.
Run: ansible windows -m win_ping -vvvvv (I have one system in the windows group)
Returns:
<System.DOMAIN.COM> ESTABLISH WINRM CONNECTION FOR USER: ansible_user on PORT 5986 TO System.DOMAIN.COM
<System.DOMAIN.COM> WINRM CONNECT: transport=plaintext endpoint=https://System.DOMAIN.COM:5986/wsman
<System.DOMAIN.COM> WINRM CONNECTION ERROR: 401 Unauthorized. basic auth failed
System.DOMAIN.COM | FAILED => 401 Unauthorized. basic auth failed
My windows.yml looks like this
ansible_ssh_user: ansible_user@DOMAIN.COM
ansible_ssh_pass: PASSWORD
ansible_ssh_port: 5986
ansible_connection: winrm
So the error seems pretty straight forward and the event viewer on the system shows the same issue as you can see below. Looking at the below log when the failure happens the Account Domain is showing up as the local system name. It appears the domain portion over the username is not being sent to the windows system. Can anyone provide assistance to what I may be doing wrong here?
An account failed to log on.
Subject:
Security ID: NETWORK SERVICE
Account Name: System$
Account Domain: Domain
Logon ID: 0x3e4
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: ansible_user
Account Domain: System
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x4e8
Caller Process Name: C:\Windows\System32\svchost.exe
Network Information:
Workstation Name: System
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Also krb is setup and kinit ansible_user@DOMAIN.COM does work correctly.