I am trying to ping windows machine, I am using kerberos and everything is setup using domaincontroller information

[Nk Chitturi]

[user@server ansible]$ ansible-playbook windows_ping.yaml -i hosts.txt

PLAY [ping test] *****************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************

fatal: [server.domain.com]: UNREACHABLE! => {"changed": false, "msg": "kerberos: authGSSClientInit() failed: (('Unspecified GSS failure.  Minor code may provide more information', 851968), (\"Can't find client principal nchi...@domain.COM in cache collection\", -1765328243)), ssl: auth method ssl requires a password", "unreachable": true}

 [WARNING]: Could not create retry file '/ansible/windows_ping.retry'.         [Errno 13] Permission denied: u'/ansible/windows_ping.retry'

PLAY RECAP ***********************************************************************************************************************************************************************************************************************

server.domain.COM : ok=0    changed=0    unreachable=1    failed=0

[user@servername ansible]$ klist nchi...@DOMAIN.COM

klist: No credentials cache found (filename: nchi...@DOMAIN.COM)

user@servername ansible ansible]$ kinit  nchi...@DOMAIN.COM

Password for nchi...@domain.COM

[user@servername ansible ansible]$ klist

Ticket cache: KEYRING:persistent:600437:600437

Default principal: nchi...@DOMAIN.COM

Valid starting       Expires              Service principal

05/23/2019 12:44:42  05/23/2019 22:44:42  krbtgt/DOMAI...@DOMAIN.COM

        renew until 05/30/2019 12:44:37

here is my group_vars/windows.yml file

ansible_user: nchi...@DOMAIN.COM

ansible_password: password

ansible_port: 5986

ansible_connection: winrm

ansible_winrm_transport: kerberos

ansible_winrm_server_cert_validation: ignore

ansible_winrm_kerberos_delegation: true

hosts.txt

Servwername.domain.COM ansible_ssh_user="nchi...@DOMAIN.COM" ansible_connection="winrm"

but I am getting  below error, please suggest me some solution

PLAY [ping test] *****************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************

fatal: [server.domain.com]: UNREACHABLE! => {"changed": false, "msg": "kerberos: authGSSClientInit() failed: (('Unspecified GSS failure.  Minor code may provide more information', 851968), (\"Can't find client principal nchi...@domain.COM in cache collection\", -1765328243)), ssl: auth method ssl requires a password", "unreachable": true}

 [WARNING]: Could not create retry file '/ansible/windows_ping.retry'.         [Errno 13] Permission denied: u'/ansible/windows_ping.retry'

[Nk Chitturi]

Can someone please help me..

Servwername.domain.COM ansible_ssh_user="nchitturi@DOMAIN.COM" ansible_connection="winrm"

[Oliver]

Use ansible_port=5985 in the configuration instead of 5986

[J Hawkesworth]

A couple of other suggestions.

Is your machine really registered in DNS as 'server.domain.com'?  Kerberos really needs DNS lookups to work properly - so if you can ping it and nslookup the host and get back the correct ip address, that's well worth checking as it will not work unless the machine name is properly resolvable.

I suggest working through all the suggestions here: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#troubleshooting-kerberos 

Also I'm not sure ansible will be able to read your kerberos ticket from the keyring.  I have definitely had success with file based credential cache, so worth checking your krb5.conf and environment variables for KRB5CC settings which could be interfering with the kerberos setup that ansible expects.

Hope this helps,

Jon