Rajesh_N
(Rajesh N)
1
Dear All,
I have an query/issue.
If i try the same thing via ansible, i get an error.
Executing just Invoke-command -computer -ScriptBlock {Get-Service}
or
New-PSSession -ComputerName
Enter-PSSession -ComputerName
Get-Service
Invoke-command -computer -ScriptBlock {Get-Service}
exit
doesn’t work. Get error saying “A specified logon session does not \r\nexist. It may already have been terminated”
win_ping and kerberos works fine. I have used the same domain user to connect to the powershell server in windows.yml file.
kindly advise.
Regards,
Rajesh
Hi Rajesh,
You are hitting what is known as the ‘second hop’ problem.
Ansible → Windows host A win_ping (ok only 2 machines involved)
Windows Host A → invoke command Windows Host B (ok, again only 2 machines involved)
Ansible → Windows Host A → invoke command Windows Host B (disallowed because of second hop to 3rd machine)
Fortunately since you have a domain set up you can use delegation to allow this.
Just set the following in your windows group vars (needs pywinrm 0.2.0 or later)
ansible_winrm_kerberos_delegation: yes
Hope this ehlps,
Jon
Rajesh_N
(Rajesh N)
3
Hi Jon,
I had a demo in 4 hours to showcase ansible and your reply below saved my day.
Thank you so much.
Any way to give you points???
Regards,
Rajesh