I have many windows hosts that have been configured identically (as far as I can tell) and I can connect to all but one of them. Anyone have an idea of why this may be happening?
- Up to date on all windows patches
- Have rebooted
$ ansible myhost -m win_ping -o -vvvv
Using /Users/[redacted]/Dropbox/Code/[redacted]/[redacted]/ansible.cfg as config file
Loaded callback oneline of type stdout, v2.0
ESTABLISH WINRM CONNECTION FOR USER: [redacted]@MYDOMAIN.LOCAL on PORT 5985 TO myhost
EXEC Set-StrictMode -Version Latest
(New-Item -Type Directory -Path $env:temp -Name “ansible-tmp-1447277903.29-206977271531324”).FullName | Write-Host -Separator ‘’;
myhost | UNREACHABLE!
$ telnet myhost 5985
Trying 10.159.15.11…
Connected to myhost.mydomain.local.
Escape character is ‘^]’.
C:\Windows\system32>hostname
myhost
C:\Windows\system32>winrm get winrm/config/service
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true [Source=“GPO”]
Auth
Basic = true [Source=“GPO”]
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source=“GPO”]
IPv6Filter = * [Source=“GPO”]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
Can you test regular psremoting from another windows host to the problematic machine using the same port (5985) and the same auth scheme (Kerberos) that you are (seemlingly) using in your Ansible config?
Worth checking if Window Remote Management service is running and if using a domain user that the domain user a member of the WinRMRemoteWMIUsers__ group too.
Jon
I have verified that PSRemoting seems to be working fine on this host. From another windows box…
PS C:> Invoke-Command -ComputerName myhost -port 5985 -Authentication Kerberos -ScriptBlock { Get-Content c:\windows\system32\drivers\etc\hosts } -credential myaccount
Copyright (c) 1993-2009 Microsoft Corp.
try hitting it again with ansible and check the event logs for any evidence of a login attempt.
if its not getting that far… is there a proxy between controller and windows host (guessing a bit here, not much experience with proxies)?
possibly firewall rules kicking in? bear in mind different profiles which may or may not be affecting connection from controller to windows target differently from windows to windows
will try and think of more ideas.
I see a sucessful connection listed in the event logs, and in my original post demonstrated that I could telnet in on the WinRM port, so no firewall blocking. There is also no proxy or anything in between. I can connect to over 100 different servers, many on the same subnet as myhost, but this is the only one giving me trouble.
Is this machine Server 2008 R2 by any chance? WMF 3.0 had an irritating bug where it would allocate a tiny memory quota for winrm so things would fail a lot. Hotfix for the fix as described in the blue box here: http://docs.ansible.com/ansible/intro_windows.html#windows-system-prep
Just comparing my winrm get winrm/config/service with yours and my last line states
‘AllowRemoteAccess = true’ - do you have that?
Jon