win_ping.yml

I don’t think the Windows server is configured properly to allow WinRM connections. How can I check / test this ?

winrm enumerate winrm/config/Listener

C:\WINDOWS\system32>netstat -ano | findstr 5986
TCP 0.0.0.0:5986 0.0.0.0:0 LISTENING 4
TCP [::]:5986 [::]:0 LISTENING 4

Use these vars:

ansible_connection: winrm
ansible_winrm_transport: ntlm
ansible_user: ‘{{ lookup(’‘env’‘, ‘‘WIN_GUEST_USERNAME’’) }}’
ansible_password: ‘{{ lookup(’‘env’‘, ‘‘WIN_GUEST_PASSWORD’’) }}’
ansible_become_method: runas
ansible_become_user: .\Administrator
ansible_winrm_server_cert_validation: ignore

I’m using ntlm or credssp for domain joined, basic for non-domain joined (local ansible_user account).

Make sure, of course, you have pywinrm installed. And that you ran the winrm setup script on the windows host.

https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html

Blimey !

SSH password:

2
ERROR! couldn’t resolve module/action ‘ansible.windows.win_ping’. This often indicates a misspelling, missing collection, or incorrect module path.

3

4
The error appears to be in ‘/ansible/tmp/bwrap_620561_ue_7dz9q/awx_620561_33fab03n/project/win_ping.yml’: line 4, column 7, but may

5
be elsewhere in the file depending on the exact syntax problem.

6

7
The offending line appears to be:

8

9
tasks:

10

• name: ping windows host

11
^ here

Using /etc/ansible/ansible.cfg as config file

10
SSH password:

11
BECOME password[defaults to SSH password]:

12
host_list declined parsing /ansible/tmp/bwrap_621796_mhovsw3g/awx_621796__sjzeuh7/tmp_0to4mbl as it did not pass its verify_file() method

13
Parsed /ansible/tmp/bwrap_621796_mhovsw3g/awx_621796__sjzeuh7/tmp_0to4mbl inventory source with script plugin

14
ERROR! couldn’t resolve module/action ‘ansible.windows.win_ping’. This often indicates a misspelling, missing collection, or incorrect module path.

15

16
The error appears to be in ‘/ansible/tmp/bwrap_621796_mhovsw3g/awx_621796__sjzeuh7/project/win_ping.yml’: line 4, column 7, but may

17
be elsewhere in the file depending on the exact syntax problem.

18

19
The offending line appears to be:

20

21
tasks:

22

• name: ping windows host

23
^ here

New Yaml

Enter passphrase for /ansible/tmp/bwrap_622380_u4ia3zo4/awx_622380_c1kn7_7v/artifacts/622380/ssh_key_data:

2

3
ansible-playbook 2.9.23

4
config file = /etc/ansible/ansible.cfg

5
configured module search path = [u’/var/lib/awx/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]

6
ansible python module location = /usr/lib/python2.7/site-packages/ansible

7
executable location = /usr/bin/ansible-playbook

8
python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

9
Using /etc/ansible/ansible.cfg as config file

10
SSH password:

11
BECOME password[defaults to SSH password]:

12
host_list declined parsing /ansible/tmp/bwrap_622380_u4ia3zo4/awx_622380_c1kn7_7v/tmpa2miswk1 as it did not pass its verify_file() method

13
Parsed /ansible/tmp/bwrap_622380_u4ia3zo4/awx_622380_c1kn7_7v/tmpa2miswk1 inventory source with script plugin

14
ERROR! couldn’t resolve module/action ‘ansible.windows.win_ping’. This often indicates a misspelling, missing collection, or incorrect module path.

15

16
The error appears to be in ‘/ansible/tmp/bwrap_622380_u4ia3zo4/awx_622380_c1kn7_7v/project/win_ping.yml’: line 9, column 7, but may

17
be elsewhere in the file depending on the exact syntax problem.

18

19
The offending line appears to be:

20

21

Seems pretty clear to me. There is a tilde after the module name.

you can exec the script ConfigureRemotingForAnsible.ps1 to make sure that remote options are enabled in windows.

https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

NOTE: sorry my english!!

Hello All,

So I think WinRM is working on Windows 2019 Server, but the server is rejecting my Ping request ??

fatal: [server20]: UNREACHABLE! => {

40
“changed”: false,

41
“msg”: “basic: the specified credentials were rejected by the server”,

42
“unreachable”: true

43

Under which port and user? Could be a mismatch

hi Wei-Yen Tan

domain service account, who is a member of local administrators group. WinRM configured on port 5986

Not sure if DUO is blocking things…

fatal: [server20]: UNREACHABLE! => {

40
“changed”: false,

41
“msg”: “basic: the specified credentials were rejected by the server”,

42
“unreachable”: true

43

Duo doesn’t block winrm. It intercepts rdp connections. What’s the cert you are using in 5986? Did you set to ignore cert validation?

Self Signed Certificate

Strange, I’ve just looked in Tower, and the Variables in the Windows Inventory have all disappeared !

So self signed can cause issues.

If they are domain joined machines any reason why you have not set to 5985? It’s encrypted by kerberos. So no plain text

ansible_shell_type: powershell
ansible_connection: winrm
ansible_port: 5986
ansible_winrm_server_cert_validation: ignore
ansible_winrm_transport: credssp
ansible_user: svc-ansible
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62323666616535333162323461346330666631623661326465313835323465653964666639396364
3433643266303531313637383866653464326639326365620a633136623131343265363830366462
62323539383964316634623666343962313664633434363532306231626437313936646466333662
3162366636313961630a396362663334613363653838326465363465376336333261353134633038
6465

Why credssp?

Also if it’s a domain user should it have the kerberos notation. Ansible_svc@DOMAIN.LOCAL? By putting in the way that you are it may look like a local user

If it’s in tower I would strongly use a machine credential and if you are connecting to a domain set up a krb5.conf and use 5985. Problems disappear then.