unable to install exchange 2016 using ansible

I get error while installing fresh exchange 2016 server using ansible —

ExchangeSetup.log Error

Active Directory operation failed on . The supplied credential for ‘ADS\Chandra Pandey’ is invalid.
[09/12/2016 19:34:45.0055] [0] The supplied credential is invalid

Ansible Error:

<dev-01.xyz.com> WINRM RESULT u’<Response code 0, out “C:\Users\Chandra Pan”, err “”>’
<dev-01.xyz.com> PUT “/etc/ansible/playbooks/exch.ps1” TO “C:\Users\Chandra Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1”
<dev-01.xyz.com> WINRM PUT “/etc/ansible/playbooks/exch.ps1” to “C:\Users\Chandra Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1” (offset=121 size=121)
<dev-01.xyz.com> EXEC & ‘C:\Users\Chandra Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1’
<dev-01.xyz.com> WINRM EXEC ‘PowerShell’ [‘-NoProfile’, ‘-NonInteractive’, ‘-ExecutionPolicy’, ‘Unrestricted’, ‘-EncodedCommand’, ‘JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABDAGgAYQBuAGQAcgBhACAAUABhAG4AZABlAHkAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMANwAwADgAOAA0ADYALgA1AC0AMgA4ADAAMwA0ADUANwA3ADkAMwAzADMAMAAyADUAXABlAHgAYwBoAC4AcABzADEAJwA=’]
<dev-01.xyz.com> WINRM RESULT u’<Response code 0, out “\r\nWelcome to Microso”, err “There is a pending r”>’
<dev-01.xyz.com> EXEC Set-StrictMode -Version Latest
Remove-Item “C:\Users\Chandra Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025” -Force -Recurse;
<dev-01.xyz.com> WINRM EXEC u’PowerShell’ [u’-NoProfile’, u’-NonInteractive’, u’-ExecutionPolicy’, u’Unrestricted’, u’-EncodedCommand’, u’UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEMAaABhAG4AZAByAGEAIABQAGEAbgBkAGUAeQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA3ADAAOAA4ADQANgAuADUALQAyADgAMAAzADQANQA3ADcAOQAzADMAMwAwADIANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwA=‘]
<dev-01.xyz.com> WINRM RESULT u’<Response code 0, out “”, err “”>’
<dev-01.xyz.com> WINRM CLOSE SHELL: 2304FF63-3899-4A5F-AA24-67A3E8DAF0B1
changed: [dev-01.xyz.com] => {“changed”: true, “invocation”: {“module_args”: {“_raw_params”: “exch.ps1”}, “module_name”: “script”}, “rc”: 0, “stderr”: “There is a pending reboot from a previous installation of a Windows Server role or feature. Please restart the computer and then run Setup again.\r\nYou must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue.\r\nYou must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.\r\nYou must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.\r\nYou must use an account that’s a member of the Organization Management role group to install the first Client Access server role in the topology.\r\nYou must use an account that’s a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.\r\nYou must use an account that’s a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.\r\nYou must use an account that’s a member of the Organization Management role group to install the first Mailbox server role in the topology.\r\nSetup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for ‘ADS\Chandra Pandey’ is invalid. See the Exchange setup log for more information on this error.\r\nEither Active Directory doesn’t exist, or it can’t be contacted.\r\n”, “stdout”: “\r\nWelcome to Microsoft Exchange Server 2016 Unattended Setup\r\n\r\nCopying Files…\r\nFile copy complete.\r\nSetup will now collect additional information needed for installation.\r\n\r\n Languages\r\n Management tools\r\n Mailbox role: Transport service\r\n Mailbox role: Client Access service\r\n Mailbox role: Unified Messaging service\r\n Mailbox role: Mailbox service\r\n Mailbox role: Front End Transport service\r\n Mailbox role: Client Access Front End service\r\n\r\nPerforming Microsoft Exchange Server Prerequisite Check\r\n\r\n Configuring Prerequisites … COMPLETED\r\n Prerequisite Analysis\r\n\r\nThe Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the :\ExchangeSetupLogs folder.\r\n”, “stdout_lines”: [“”, “Welcome to Microsoft Exchange Server 2016 Unattended Setup”, “”, “Copying Files…”, “File copy complete.”, “Setup will now collect additional information needed for installation.”, “”, " Languages", " Management tools", " Mailbox role: Transport service", " Mailbox role: Client Access service", " Mailbox role: Unified Messaging service", " Mailbox role: Mailbox service", " Mailbox role: Front End Transport service", " Mailbox role: Client Access Front End service", “”, “Performing Microsoft Exchange Server Prerequisite Check”, “”, " Configuring Prerequisites … COMPLETED", " Prerequisite Analysis", “”, “The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log located in the :\ExchangeSetupLogs folder.”]}

Can you share you playbook for creating Exchange?

Is there anything useful in :\ExchangeSetupLogs\ExchangeSetup.log ?

One of the errors was about being unable to talk to a local port. Does there need to be some firewall configuration before running this step?

I think it is possible that you need auth delegation (I don’t know anything about Exchange architecture, but if it requires talking to other windows hosts during installation it might need auth delegation.

To use auth delegation, ensure you are running pywinrm 0.2.0 and set the following in your windows group_vars/ inventory:

ansible_winrm_transport: kerberos
ansible_winrm_kerberos_delegation: yes

I hope the above helps, please let us know how you get on.

Jon

I’m actually undertaking the same task this week for a PoC demo, so I’ll let you know if I figure out the magic incantations to get it working.

-Matt

Hi, Thanks , will wait for your result …

Worked fine for me using Kerberos delegation: ansible_winrm_transport=kerberos and ansible_winrm_kerberos_delegation=yes. The setup takes so ridiculously long that I didn’t try it any other way, so your mileage may vary.

-Matt

I am getting below message after enable delegation , also pasting my , playbook ansible settings … if you can review with yours?

I am getting below message after enable delegation , also pasting my , playbook ansible settings … if you can review with yours?

Make sure you’re using the very latest pykerberos package from PyPI, not kerberos (remove kerberos if it’s there) to get all the latest goodies lit up.

Hi,

Can you please let me know the commands to install and configuration of host or group var ?

The following ought to remove pykerberos and install kerberos and latest version of pywinrm. Latest version of pywinrm also needs requests-kerberos to make kerberos connections - if it doesn’t get installed, install that too. Check what you have installed using ‘pip list’

pip uninstall pykerberos

pip install kerberos
pip install pywinrm version==0.2.0

You should be able to set configuration in host or group vars. Generally I prefer to use group_vars so I don’t have to copy and paste settings for individual hosts, but its really a case of what makes sense for your inventory.

Jon

There’s actually a bug in pywinrm for older Pythons (eg, the one in RHEL7) that is triggered by enabling kerberos delegation. It’s fixed in pywinrm 0.2.1.