I have a question and am not sure the best way to ask this as I am unfamiliar with a lot of this and have been learning as I go.
I recently created a Ansible script that uses WinRM with CredSSP to authenticate, our domain uses AD to authenticate users and is also authenticating the service account/credentials via Kerberos.
I ran into an issue where I was getting authentication errors when the playbook was ran and after much troubleshooting it came down to Ansible not using its hostname when reaching out (I found this by looking into the windows event logs and failed logon attempts from the ansible server.) to the windows server instead It would display itself as something like “67DECFA34” always a random set of numbers and letters and not the hostname setup in DNS (it looks like HEX as its 0-9, A-F). Because of this it would fail to authenticate as the service account being used was only allowed to access specific workstations.
To workaround this we have changed the service account to allow access on all workstations but we would like to revert this and limit the accounts access to just ansible and the needed windows servers.
I am unsure if maybe something was incorrectly setup within Ansible or if this is how it is suppose to be reaching out. Ansible is currently setup on a ESXi server, using RHEL9. We manage the playbooks through the RH Ansible Automation Platform.
I personally don’t even really understand what you’re trying to say you are experiencing. If Ansible is connecting to random hex host names instead of valid host names, how could any of those connection attempts reach the event viewer on the actual target Windows machines? Also, how would giving the service accounts more privileges fix invalid host names? Is this a mixup of terminology and you mean it isn’t using the correct username to connect but replaces it with random hex?
At any rate, to answer your question, this is not expected behavior in Ansible. The things you supply are the things it uses. Maybe running a playbook with verbose debugging enabled would help clarify the issue.
Ansible is not connecting to random host names it is using a random hostname as its source workstation name in the logon attempt.
By changing the account to allow logon access to all workstations it fixed the authentication as the requests were no longer coming from an unauthorized source workstation.
I am unsure why Ansible is sending a requesting using a random hostname as its source.
I had to split my reply as I could only post 1 image.
The error codes essentially translated to Username and password correct, access denied for some reason.
sub status was user not allowed access to source workstation (IE ansible or the garbled hostname it used.)
I know this is Ansible as the source network address does not change and is the IP for the Ansible server.
I’ve never encountered what you’re seeing here. When I have to log in to a windows machine, I specify the username as username@FULL.DOMAIN.NAME so I’m unclear how Ansible is specifying a random machine it’s originating from, I’ve never investigated if that’s even a configuration option.
It might be helpful to post the verbose playbook logs and your playbook itself and inventory with any sensitive info redacted.
