Windows modules get a 500 error from WinRM

Marcus_von_Gerhardt · May 10, 2018, 9:12am

Hello,

I’m working on getting some scheduled tasks on AWX for Windows servers, which will basically copy (with win_copy) some powershell scripts from the remote server and then run these scripts on the Windows servers (with win_command).

I define the following host vars for the Windows servers:

ansible_user: user
ansible_password: password

ansible_port: 5985
ansible_connection: winrm
ansible_winrm_transport: ntlm
ansible_become: false
ansible_winrm_server_cert_validation: ignore
ansible_winrm_operation_timeout_sec: 120
ansible_winrm_read_timeout_sec: 180

These are the tasks:

name: Copy folder contents recursively
win_copy:
src: files/
dest: C:\Utils\scripts
name: Run powershell scripts
win_command: powershell.exe -ExecutionPolicy Unrestricted -File C:\Utils\scripts\install_app.ps1

Both tasks return the error:
“msg”: “ntlm: (u’http’, u’Bad HTTP response returned from server. Code 500’)”,

I was running AWX 1.0.2 (docker image) with Ansible 2.4.2, but tried upgrading to Ansible 2.5.2 and still get the same error.

Fact 1: I don’t have any issues running this playbook from my local machine (OSX), also running Ansible 2.5.2.
Fact 2: I’ve connected to the container (docker exec), went to the project folder (under /var/lib/awx/projects/) and tried to run the playbook from there, it worked like a charm.
Fact 3: I’ve installed pywinrm in the container, didn’t make a difference.

I was wondering if AWX is throwing extra stuff (e.g. environment and/or extra variables) that could be causing the problem for me.

Any help is appreciated.
Regards,

Marcus

Marcus_von_Gerhardt · May 10, 2018, 12:53pm

Looking deeper into this, I’ve enabled the winRM analytical logs and can see in the Event Viewer this is the reason behind the 500 error: extraErrorInfo1 Request was unencrypted and the server does not support unencrypted traffic

If I try to set ansible_winrm_message_encryption to always, I get the following:
[WARNING]: ansible_winrm_message_encryption unsupported by pywinrm (is an up- to-date version of pywinrm installed?)

And the message ends up going unencrypted again.

Even though I’ve installed it manually on the container:

[root@awx awx]# pip show pywinrm
Name: pywinrm
Version: 0.3.0

I know I can set ansible to connect via HTTPS over port 5986, but I was trying to avoid that as we have a ton of servers which don’t have HTTPS/5986 enabled.

Can anyone suggest on the reason why the executions in AWX and in the container’s command-line would have different outcomes?

Many thanks,
Marcus

Marcus_von_Gerhardt · May 11, 2018, 1:05pm

if any one comes across this issue, mine was solved by upgrading pywinrm in the AWX virtualenv:

so, basically:

. /var/lib/awx/venv/ansible/bin/activate

pip install --upgrade pywinrm

Topic		Replies	Views
WinRM error: ntlm: (u'http', u'Bad HTTP response returned from server. Code 500') Ansible Project windows	3	1	February 2, 2018
Windows playbooks causes cryptographic, windows remote management services to crash Ansible Project awx , windows	9	0	August 8, 2016
AWX 1.0.6.15/41 : win_ping module FAILED ntlm code 403 AWX Project awx , ubuntu , windows	0	1	August 6, 2019
NTLM over HTTP with pywinrm master AWX Project awx , windows	0	0	October 28, 2017
Code 500 WinRM ping failed Get Help help , windows , winrm , ansible	13	943	April 29, 2024

Windows modules get a 500 error from WinRM

Related topics