Facing issues with WinRM connection

Archives Ansible Project
1

WinRM is already set up to receive requests on this computer.
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
WinRM firewall exception enabled.
Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

(Legacy) Self-signed SSL certificate generated; thumbprint: DCDC74FDA8CADDB6667804DA9A683CA72D79C77A
New-WSManInstance : The WinRM client cannot process the request. The certificate CN and the hostname that were
provided do not match.
At C:\ConfigureRemotingForAnsible.ps1:145 char:5

  • New-WSManInstance -ResourceURI ‘winrm/config/Listener’ -SelectorSet $selecto …
  • CategoryInfo : InvalidOperation: (:slight_smile: [New-WSManInstance], InvalidOperationException
  • FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.NewWSManInstanceCommand

Getting above error.
I checked $env.ComputerName which is used for CN and hostname values are same. Still I am getting above error.
Need help in resolving this

Thanks
Deepa

2

Can you try re-running the script https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 please?

Which version of Windows are you running against?

3

I tried running the script and noticed the same issue.
I am trying this on Windows 2008 R2 and Windows 2008 SP2.
I have upgraded to Powershell 3

4

Do you have the legacy winrm connectors set up (winrm originally listened on ports 80 (http) and 443 (https)?

If you don’t need these, then please remove them - there is an open defect regarding handling legacy listeners which stops the setup module from gathering facts.

If you do need the legacy listeners please comment on the bug report which is here: https://github.com/ansible/ansible/issues/14643

Also its possible your machines do have changed hostnames. There is a Pull Request to fix this problem here https://github.com/ansible/ansible/pull/15275

Please can you try the ConfigureRemotingForAnsible.ps1 script from the Pull Request - here:

https://raw.githubusercontent.com/Cryptophobia/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

but run with the ForceNewSSLCert option (like this)

.\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert true

If you could comment on the https://github.com/ansible/ansible/pull/15275 with the results of your testing that would be helpful.

Many thanks,

Jon

5

Hi,

was this issue resolved?

I am getting a similar issue when running the prep script. I tried using the “-ForceNewSSLCert true” switch but it did not resolve the issue.

I am unable to add new hosts to the env due to this failure.

6

What error do you get when you try to connect?