Issue when trying to ping a windows host using Ansible

Archives Ansible Project
1

Hi Guys,

This is literally my first day using Ansible and I am trying to connect to one of my windows 2012 host and using win_ping. I have a control server using Centos. I encountered a number of issues before I got to this point but now when I run ansible windows -i host.yml -m win_ping the error I get is ERROR! Unexpected Exception: dictionary update sequence element #0 has length 1; 2 is required

No idea where to look i even did a -vvvv and it says the same thing. Below are my 2 yml files

host.yml

[windows]

10.109.140.64

windows.yml

ansible_ssh_user:admin

ansible_ssh_pass:XXXXX

ansible_ssh_port:5985

ansible_connection:winrm

ansible_winrm_cert_validation:ignore

2

host.yml

[windows]

10.109.140.64

that is not a yaml file, and the other one seems to be missing a space
after each :

3

Hi Brian,

If i dont give a space after : in the windows.yml file then i get this error ““msg": “plaintext: the specified credentials were rejected by the server”,” (Looks like a space is taken as a character entry” and thats why I removed the space after :

Now i am getting the error "ERROR! Unexpected Exception: dictionary update sequence element #0 has length 1; 2 is required"

Also what do u you mean when you say the the first one is not a yaml file?

4

its not yaml format, also if you dont have a space after : its also
incorrect yaml.

5

Hi,

Can you tell me what format should I be using so that I can correct the file?

6

I feel like with inventory files ive had better luck using = sign

Also the default winrm setting likely has basic auth set to false. if you run with -vvvvv it should should winrm debug and can see the auth type

7

IF you are connecting and NOT spec’ing a connect type I believe it goes kerberos first, then plaintext/basic.

you would need to check if basic is enabled via powershell (run powershell as admin to be safe)

`
winrm get winrm/config/service/auth

`

and it will return something like;

`

Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed

`

In order to make basic/plaintext function do this

`

PS C:\Windows\system32> winrm set winrm/config/service/auth ‘@{Basic=“true”}’
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed

`

So basic = plaintext meaning you are sending your credentials in the clear. for testing this is probably OK, but realize that if you are going http port 5985 anyone can get the password pretty darn easy with a packet capture. I don’t believe setting transport to ssl does anything in basic mode either.

Getting kerberos setup is more ideal for the long run, plus you wont have to create or embed some local account on all your machines.