Unspecified GSS failure

Trond_Hindenes · October 7, 2015, 2:27pm

Hi all,
I’m getting a new error I’ve never seen before. Control node is Centos7. When trying to use a domain account I’m getting this error when running ansible:

MSC10051.domain.local | FAILED => Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/ansible/runner/init.py”, line 582, in _executor
exec_rc = self._executor_internal(host, new_stdin)
File “/usr/lib/python2.7/site-packages/ansible/runner/init.py”, line 785, in _executor_internal
return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
File “/usr/lib/python2.7/site-packages/ansible/runner/init.py”, line 964, in _executor_internal_inner
conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host)
File “/usr/lib/python2.7/site-packages/ansible/runner/connection.py”, line 52, in connect
self.active = conn.connect()
File “/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py”, line 140, in connect
self.protocol = self._winrm_connect()
File “/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py”, line 96, in _winrm_connect
protocol.send_message(‘’)
File “/usr/lib/python2.7/site-packages/winrm/protocol.py”, line 190, in send_message
return self.transport.send_message(message)
File “/usr/lib/python2.7/site-packages/winrm/transport.py”, line 219, in send_message
krb_ticket = KerberosTicket(self.krb_service)
File “/usr/lib/python2.7/site-packages/winrm/transport.py”, line 166, in init
kerberos.authGSSClientStep(krb_context, ‘’)
GSSError: ((‘Unspecified GSS failure. Minor code may provide more information’, 851968), (‘KDC reply did not match expectations’, -1765328237))

I’ve setup kerberos with Ansible lots of times before, but only on Ubuntu. kinit/klist looks fine, so I’m struggling with how to figure this one out. Any pointers appreciated! Installed Ansible using yum, version 1.9.2

Bill_Nottingham · October 7, 2015, 2:46pm

Some googling suggests it could mean a case mismatch in the kerberos principal name, if using an AD server, or disagreements about the renewable lifetime of the ticket.

Bill

j.r.hawkesworth · October 7, 2015, 8:15pm

Hi,

I think I’ve had this before where the name I had for the domain turned out to be an alias.

If you run kinit -C user@SOME.DOMAIN
and then do a klist
if the ticket you get back is not for SOME.DOMAIN then that’s the issue.

I just changed my config so I was requesting a ticket for the actual domain, but it might be possible to tweak your /etc/krb5.conf to get round this.

Hope this helps,

Jon

Topic		Replies	Views
[Ansible windows] "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328324))", Ansible Project windows	6	14	August 28, 2018
Issue ---- Module Failure\nSee stdout/stderr Ansible Project windows	7	14	October 15, 2021
Getting an error... Ansible Project	13	0	December 12, 2022
No Kerberos credentials available' Ansible Project windows	8	2	May 1, 2015
win_domain_user fails with unexpected error Ansible Project windows	1	0	June 25, 2019

Unspecified GSS failure

Related topics