We are facing below error on Windows 2008 servers in Ansible report .
credssp: (‘Connection aborted.’; ConnectionResetError(104; ‘Connection reset by peer’))
→ 2008 server upgraded to PS ver 5.1
→ WinRM is Enabled with CredSSP - true
Most likely there is no common cipher support between the Ansible host and the remote Windows host. Server 2008 is quite old and only supports a very limited set of cipher suites. This is an issue because newer hosts and OpenSSL they ship with now define a more retrictive set of protocols and cipher suites they support. Another problem is that the ephemeral certificate that Windows creates for CredSSP uses an older signature algorithm that may not be supported by newer OpenSSL hosts. The issue https://github.com/jborean93/requests-credssp/issues/27 goes over this problem in a lot more detail but the end result is you should:
- Generate a new certificate with a stronger signature algorithm and set WinRM to use that, or
- Relax the security settings on the OpenSSL policy (really you shouldn’t do this)
Thanks
Jordan