I am trying to ping windows machine, I am using kerberos and everything is setup using domaincontroller information

[user@server ansible]$ ansible-playbook windows_ping.yaml -i hosts.txt

PLAY [ping test] *****************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************
fatal: [server.domain.com]: UNREACHABLE! => {“changed”: false, “msg”: “kerberos: authGSSClientInit() failed: ((‘Unspecified GSS failure. Minor code may provide more information’, 851968), ("Can’t find client principal nchitturi@domain.COM in cache collection", -1765328243)), ssl: auth method ssl requires a password”, “unreachable”: true}
[WARNING]: Could not create retry file ‘/ansible/windows_ping.retry’. [Errno 13] Permission denied: u’/ansible/windows_ping.retry’

PLAY RECAP ***********************************************************************************************************************************************************************************************************************
server.domain.COM : ok=0 changed=0 unreachable=1 failed=0

[user@servername ansible]$ klist nchitturi@DOMAIN.COM
klist: No credentials cache found (filename: nchitturi@DOMAIN.COM)
user@servername ansible ansible]$ kinit nchitturi@DOMAIN.COM
Password for nchitturi@domain.COM
[user@servername ansible ansible]$ klist
Ticket cache: KEYRING:persistent:600437:600437
Default principal: nchitturi@DOMAIN.COM

Valid starting Expires Service principal
05/23/2019 12:44:42 05/23/2019 22:44:42 krbtgt/DOMAIN.COM@DOMAIN.COM
renew until 05/30/2019 12:44:37

here is my group_vars/windows.yml file

ansible_user: nchitturi@DOMAIN.COM
ansible_password: password
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
ansible_winrm_kerberos_delegation: true

hosts.txt
Servwername.domain.COM ansible_ssh_user="nchitturi@DOMAIN.COM" ansible_connection=“winrm”

but I am getting below error, please suggest me some solution

PLAY [ping test] *****************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************
fatal: [server.domain.com]: UNREACHABLE! => {“changed”: false, “msg”: “kerberos: authGSSClientInit() failed: ((‘Unspecified GSS failure. Minor code may provide more information’, 851968), ("Can’t find client principal nchitturi@domain.COM in cache collection", -1765328243)), ssl: auth method ssl requires a password”, “unreachable”: true}
[WARNING]: Could not create retry file ‘/ansible/windows_ping.retry’. [Errno 13] Permission denied: u’/ansible/windows_ping.retry’

Can someone please help me…

Use ansible_port=5985 in the configuration instead of 5986

A couple of other suggestions.

Is your machine really registered in DNS as ‘server.domain.com’? Kerberos really needs DNS lookups to work properly - so if you can ping it and nslookup the host and get back the correct ip address, that’s well worth checking as it will not work unless the machine name is properly resolvable.

I suggest working through all the suggestions here: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#troubleshooting-kerberos

Also I’m not sure ansible will be able to read your kerberos ticket from the keyring. I have definitely had success with file based credential cache, so worth checking your krb5.conf and environment variables for KRB5CC settings which could be interfering with the kerberos setup that ansible expects.

Hope this helps,

Jon