Connecting to Windows hosts via winrm Get "KDC has no support for encryption type"

Calum_Butler1 · September 1, 2021, 6:27am

SUMMARY

Connecting to Windows hosts via winrm
Get “KDC has no support for encryption type”

ENVIRONMENT

AWX version: 19.2.2
AWX install method: operator
AWX deployment target:minikube
Operating System: Rhel_8_4.x86_64
Web Browser:

STEPS TO REPRODUCE

ConfigMap for /etc/krb5.conf is same as working old environment.
Inventory Variables:
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_port: 5986
ansible_winrm_transport: kerberos
ansible_winrm_scheme: https
ansible_winrm_kerberos_delegation: true

tasks:

name: Win Ping (win_ping)
win_ping:

EXPECTED RESULTS

connection successful

ACTUAL RESULTS

fatal: [Host.hostzone]: UNREACHABLE! => {
“changed”: false,
“msg”: “kerberos: authGSSClientStep() failed: ((‘Unspecified GSS failure. Minor code may provide more information’, 851968), (‘KDC has no support for encryption type’, -1765328370))”,
“unreachable”: true
}
This used to work Pre AWX-Operator install

ADDITIONAL INFORMATION

from minikube host
test1:
openssl s_client -connect host.hostzove:5986
Protocol : TLSv1.2
Cipher : 0000

and test2:
openssl s_client -connect host.hostzone:5986 -cipher ‘ECDHE-RSA-AES256-SHA’
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA

Not really sure where the error is

rcdlinux · September 1, 2021, 3:52pm

Hi Calum

Try adding the following to your inventory variables/ConfigMap for /etc/krb5.conf:

ansible_winrm_message_encryption: always

Also verify the kerberos packages are installed.

Best regards,

Cnu_k · September 24, 2021, 6:38pm

Running into similar error with 19.2.2 AWX instance, any idea how to add custom krb5.conf file to the environment?
I am copying custom krb5.conf file as part of AWX docker image build but noticed that some of the entries are getting overwritten when deployed to Kubernetes but I see correct entries with ‘docker run’ command.

Thanks

Wei-Yen_Tan · September 24, 2021, 6:47pm

Through the crd. I wrote about this in my blog

https://weiyentan.github.io/2021/Installing-awx-kubernetes/

Under the heading

Kerberos Setup

Hth

Cnu_k · September 24, 2021, 8:40pm

Thanks for the link. Saw that you have the entries as tower_task_extra_volume_mounts instead of task_extra_volume_mounts, would this make a difference?
BTW, I am using 19.2.2 with AWX operator version 0.12.0.

Wei-Yen_Tan · September 24, 2021, 8:52pm

I used the same settings for all my upgrades to those iterations. They all worked for me. It might be something to do with your krb5.conf file

Topic		Replies	Views
Kerberos config that works fine with AWX 17.1.0 wouldn't work in version 19.2.2 AWX Project awx , windows	1	0	September 29, 2021
KDC has no support for encryption type Ansible Project windows	2	0	February 20, 2018
WINRM issue when tried to call connect window box AWX Project	2	0	November 21, 2017
Kerberos Support AWX Project awx , windows	10	2	September 25, 2021
Help needed with an AWX 19.2.1 Kerberos issue... AWX Project awx , windows , kubernetes , ee	17	0	January 2, 2022