Ansible unable to winrm to Windows Server 2012

SUMMARY

1. Using Python 2.7 in RHEL7
2. Executed powershell script in windows machine ConfigureRemotingForAnsible.ps1
3. Configured yml file to the below:

• name: hit windows test instance
  hosts: “tag_class_windows_{{ env }}_{{ ec2_class }}”
  vars:
  ansible_user: Administrator
  ansible_password: {{ password }}
  ansible_port: 5986
  ansible_connection: winrm
  ansible_winrm_server_cert_validation: ignore
  ansible_winrm_operation_timeout_sec: 60
  ansible_winrm_read_timeout_sec: 70
  tasks:

• ec2:
  state: ‘absent’
  instance_ids: {{ instance_id }}’
  ec2_region: ‘{{ ec2_region }}’
  delegate_to: localhost

Error encountered:
fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {“changed”: false, “msg”: “ssl: HTTPSConnectionPool(host=‘localhost’, port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError(‘<urllib3.connection.VerifiedHTTPSConnection object at 0x7fefb0fdf3d0>: Failed to establish a new connection: [Errno 111] Connection refused’,))”, “unreachable”: true}

ISSUE TYPE

• Bug Report

COMPONENT NAME

winrm

ANSIBLE VERSION

ansible 2.4.3.0

CONFIGURATION

HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False

OS / ENVIRONMENT

Host: RHEL 7
WinRM to Windows 2012

STEPS TO REPRODUCE

ansible-playbook -i /etc/ansible/ec2.py hitwin.yml --extra-vars “ec2_class=appservers env=test”

• name: hit windows test instance
  hosts: “tag_class_windows_{{ env }}_{{ ec2_class }}”
  vars:
  ansible_user: Administrator
  ansible_password: {{ password }}
  ansible_port: 5986
  ansible_connection: winrm
  ansible_winrm_server_cert_validation: ignore
  ansible_winrm_operation_timeout_sec: 60
  ansible_winrm_read_timeout_sec: 70
  tasks:

• ec2:
  state: ‘absent’
  instance_ids: {{ instance_id }}’
  ec2_region: ‘{{ ec2_region }}’
  delegate_to: localhost

EXPECTED RESULTS

Expected success to win rm and shutdown server

ACTUAL RESULTS

PLAY [hit windows test instance] ***********************************************

TASK [Gathering Facts] *********************************************************
ok: [xxx.xxx.xxx.xxx]

TASK [ec2] *********************************************************************
fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {“changed”: false, “msg”: “ssl: HTTPSConnectionPool(host=‘localhost’, port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError(‘<urllib3.connection.VerifiedHTTPSConnection object at 0x7fefb0fdf3d0>: Failed to establish a new connection: [Errno 111] Connection refused’,))”, “unreachable”: true}

to retry, use: --limit @/home/ec2-user/ansible-netenv/hitwin.retry

PLAY RECAP *********************************************************************
xxx.xxx.xxx.xxx : ok=1 changed=0 unreachable=1 failed=0

Run below in PowerShell and it should keep you going:

netsh advfirewall firewall add rule name=“Allow WinRM (Https)” dir=in localport=5986 protocol=tcp action=allow enable=yes

Thanks and Regards,
Ameya Agashe

Hi Ameya,

thanks for your response!
I forgot to add that the firewall is already opened in my issue but it still doesnt work.
I read somewhere that it has to do with the cipher suite that RHEL7 and Windows default uses.

Do you have any idea about this?

Hi Tan,

Not aware of the issue you referring about, under normal circumstances the command I gave should work. Have you tried running playbook in debug mode to see what is happening under the cover? place “-vvv” at the last of command line.

Regards
Ameya Agashe

Hi Ameya,

Below is the debug information. By the way, the localhost is RHEL7 OS and the ec2 we are trying to winrm is Windows Server 2012.

Hi Tran,

Still, think it is Firewall only, can you double check?

Thanks
Ameya

Hi Ameya,

To verify if i can reach the server, i used win_ping

Strange, running out of ideas, anyone can think of anything else?

Kind Regards,
Ameya Agashe