Trouble authenticating to a Windows host

nsavich · May 15, 2024, 1:59pm

We’re having issues establishing a WinRM session to a windows workstation. As a test I’m using win_ping to attempt to get a response. I’ve tried basic and ntlm transport methods which both failed. The following output is the vars I have set in my inventory. Credentials have been obfuscated.

[workstation:vars]
ansible_user= ''
ansible_password= ''
ansible_become_password=''
ansible_connection= ansible.builtin.winrm
ansible_port= 5985
ansible_winrm_transport= ntlm
ansible_winrm_server_cert_validation= ignore
ansible_winrm_message_encryption= auto

This is the playbook used for testing

---
- name: Test windows connectivity
  hosts: workstation
  gather_facts: false
  become: true
  become_method: ansible.builtin.runas
  become_user: ''

  tasks:
    - name: Verifiy connectivity
      ansible.windows.win_ping:

This is an example of the error I am getting.

    "changed": false,
    "msg": "ntlm: the specified credentials were rejected by the server",
    "unreachable": true
}

jborean · May 15, 2024, 6:37pm

Have you enabled the LocalAccountTokenFilterPolicy? This needs to be set to 1 to allow local accounts to be authorized with their admin token as WinRM by default only allows admin users. I’m not sure if the single quotes in your ini example is also just a placeholder but might be best to remove those if you have it in the literal inventory as well.

nsavich · May 15, 2024, 10:09pm

This was simply due to admin privileges being set incorrectly. Thanks for the help!

system · June 14, 2024, 10:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.