That’s because you are telling it to run on windows_server but have defined the username in the windows group. Based on your inventory ‘windows_server’ is not part of the ‘windows’ group so has no username/password defined. The reason why it may have worked before is if you’ve gotten the Kerberos ticket manually outside of Ansible with kinit.
The host you are running on is not in the ‘windows’ group so it will not inherit those variables defined there. The windows group is not a magic group that applies to all Windows hosts but an arbitrarily named one that should match how your inventory is set up
ansible_winrm_read_timeout_sec shouldn’t be set by you. There is little reason for someone to change this option and even so 30 seconds is the default so just remove that altogether
ignore_unreachable, gather_facts, validate_certs don’t make sense as vars unless you are using it down in your playbook somewhere but based on your example it isn’t so just remove it altogether
If you did want to use ignore_unreachable and gather_facts, they are either play or task directives so putting them in vars is wrong. They should be indented to the same level as hosts in your play and ignore_unreachable can be set per task as well
You seem to be just building your playbook on various different components and trying variables left right and center. Start small and define your connection details in your host file like so
Added the credentials to the actual host entry itself, typically these are per host but feel free to move them back to the group if multiple hosts have the same credentials
Changed the windows group to windows_servers as that matches what’s in your playbook. Now the vars you’ve defined will be set on the hosts in the windows_servers group
Changed ansible_ssh_port to ansible_port
Removed validate_certs as it wasn’t doing anything and would lead to confusion with ansible_winrm_server_cert_validation
You should also remove all those connection vars in your playbook as it should be completely agnostic to how to connect to a host. All the playbook should be doing is define what hosts to use and the tasks to run, how to connect is what the inventory is for
name: example playbook
hosts: windows_server
tasks: