I am using the following ansible settings:
ansible_user: ‘myuser’
ansible_password: ‘mypass’
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
ansible_winrm_message_encryption: always
ansible_winrm_kerberos_delegation: true
ansible_user is a domain user - that has administrative rights on all the nodes.
Then I run win_ping command.
/usr/local/bin/ansible citrix_ch3 -m win_ping
ctx11 | UNREACHABLE! => {
“changed”: false,
“msg”: “kerberos: the specified credentials were rejected by the server”,
“unreachable”: true
}
ctx12 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
ctx13 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
ctx14 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
I get unreachable from just one host. This is the WinRM config on the machine that’s unreachable:
PS C:> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
Any suggestions or help on how to potentially debug/resolve this problem?
Thank you all,
Subhi.