WINRM CONNECTION ERROR: function takes at most 2 arguments (3 given)

[Kiran Kumar]

Hi,

Goal : Use Linux centos 7.8 server with ansible version 2.9.7 to manage windows 2019 server

Error : <ServerX> WINRM CONNECTION ERROR: function takes at most 2 arguments (3 given)

#######################################

Ansible Version :

ansible 2.9.7

  config file = /etc/ansible/ansible.cfg

  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/lib/python2.7/site-packages/ansible

  executable location = /bin/ansible

  python version = 2.7.5 (default, Apr  2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

#######################################

Linux OS

CentOS 7.8

#######################################

No linux Firewall

No network Firewall between Linux & Windows

#######################################

 pip install "pywinrm>=0.3.0"

 #######################################

cat /etc/krb5.conf

# Configuration snippets may be placed in this directory as well

includedir /etc/krb5.conf.d/

includedir /var/lib/sss/pubconf/krb5.include.d/

[logging]

 default = FILE:/var/log/krb5libs.log

 kdc = FILE:/var/log/krb5kdc.log

 admin_server = FILE:/var/log/kadmind.log

[libdefaults]

# dns_lookup_realm = false

 ticket_lifetime = 2400h

 renew_lifetime = 777d

 forwardable = true

 rdns = false

 pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt

# default_realm = EXAMPLE.COM

 default_ccache_name = KEYRING:persistent:%{uid}

default_realm = TEST.COM

[realms]

TEST.COM = {

      kdc = x2.TEST.COM

      kdc = x1.TEST.COM

    }

[domain_realm]

.TEST.COM = TEST.COM

TEST.COM = TEST.COM

#######################################

kinit -C Us...@TEST.Com

#######################################

ansible windows -m win_ping -vvvvvv

Shows :

Using module file /usr/lib/python2.7/site-packages/ansible/modules/windows/win_ping.ps1

Pipelining is enabled.

<ServerX> ESTABLISH WINRM CONNECTION FOR USER: Us...@TEST.COM on PORT 5986 TO ServerX

<ServerX> WINRM CONNECT: transport=kerberos endpoint=https://ServerX:5986/wsman

<ServerX> WINRM CONNECTION ERROR: function takes at most 2 arguments (3 given)

#######################################

Ansible host file

[windows]

ServerX

[windows:vars]

ansible_user=Us...@TEST.COM

ansible_passwordi='xx'

ansible_port=5986

ansible_connection=winrm

ansible_winrm_scheme=https

ansible_winrm_server_cert_validation=ignore

ansible_winrm_transport=kerberos

#######################################

Windows OS side :

Ran

https://github.com/jborean93/ansible-windows/blob/master/scripts/Upgrade-PowerShell.ps1

#######################################

#######################################

winrm  works well ...

Invoke-Command -ComputerName ServerX   -ScriptBlock { Get-ChildItem C:\ }

#######################################

So doc - https://argonsys.com/microsoft-cloud/articles/configuring-ansible-manage-windows-servers-step-step/ was followed in short

I also went through some google links & did below

Windows Firewall : checked firewall port - was allowed - 5986 is secure https winrm traffic

nc -zv ServerX  5986  - was ok

winrm configSDDL default - added the user

#######################################

Is it possible the account password has simply expired? No - Yeah but checked the user account's properties... box is checked 'Password never expires'

#######################################

tried below no luck :

In my case, a just add this line on [libdefaults] in my krb5.conf:

allow_weak_crypto = true

#######################################

pip list | grep -i kerberos

DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support

kerberos                                        1.1

pykerberos                                      1.2.1

requests-kerberos                               0.7.0

#######################################

python --version

Python 2.7.5

#######################################

just to be sure, please check you have a kerberos ticket which has not expired before running  - its is not

ie tried all things in github.com/ansible/ansible/issues/16478

#######################################

PS C:\WINDOWS\system32> winrm quickconfig

WinRM service is already running on this machine.

WinRM is already set up for remote management on this computer.

PS C:\WINDOWS\system32>

PS C:\WINDOWS\system32>

#######################################

PS C:\WINDOWS\system32> winrm get winrm/config/service

Service

    RootSDDL = O:NSG:BAD:P(A;;GXGR;;;...)(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)

    MaxConcurrentOperations = 4294967295

    MaxConcurrentOperationsPerUser = 1500

    EnumerationTimeoutms = 240000

    MaxConnections = 300

    MaxPacketRetrievalTimeSeconds = 120

    AllowUnencrypted = false

    Auth

        Basic = true

        Kerberos = true

        Negotiate = true

        Certificate = true

        CredSSP = true

        CbtHardeningLevel = Relaxed

    DefaultPorts

        HTTP = 5985

        HTTPS = 5986

    IPv4Filter = *

    IPv6Filter = *

    EnableCompatibilityHttpListener = false

    EnableCompatibilityHttpsListener = false

    CertificateThumbprint

    AllowRemoteAccess = true

PS C:\WINDOWS\system32>

#######################################

Tried a local account as well on windows - no luck

#######################################

Thanks Please suggest

[Jordan Borean]

The issue here is the kerberos library you have installed is either too old or incompatible with what requests-kerberos requires. Uninstall both kerberos and pykerberos and install just pykerberos. You may want to update requests-kerberos as well as 0.7.0 is quite old.

[Kiran Kumar]

Thanks for the reply 

You mean : 

yum remove -y krb5-devel krb5-libs krb5-workstation

And

re-run

pip install pykerberos

[Kiran Kumar]

Shall i do below 

yum remove python-kerberos-1.1-15.el7.x86_64

=================================================================================================================================================================================================================

 Package                                                     Arch                                      Version                                                  Repository                                  Size

=================================================================================================================================================================================================================

Removing:

 python-kerberos                                             x86_64                                    1.1-15.el7                                               @base                                       53 k

Removing for dependencies:

 koji                                                        noarch                                    1.15.1-1.el7.centos                                      @extras                                    410 k

 python-requests-kerberos                                    noarch                                    0.7.0-2.el7                                              @extras                                     34 k

 python2-koji                                                noarch                                    1.15.1-1.el7.centos                                      @extras                                    1.4 M

 python2-koji-cli-plugins                                    noarch                                    1.15.1-1.el7.centos                                      @extras                                     17 k

BTW 

pip install requests-kerberos

DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support

Requirement already satisfied: requests-kerberos in /usr/lib/python2.7/site-packages (0.7.0)

Requirement already satisfied: requests>=1.1.0 in /usr/lib/python2.7/site-packages (from requests-kerberos) (2.23.0)

Requirement already satisfied: kerberos in /usr/lib64/python2.7/site-packages (from requests-kerberos) (1.1)

Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python2.7/site-packages (from requests>=1.1.0->requests-kerberos) (2020.4.5.1)

Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests>=1.1.0->requests-kerberos) (1.25.9)

Requirement already satisfied: idna<3,>=2.5 in /usr/lib/python2.7/site-packages (from requests>=1.1.0->requests-kerberos) (2.9)

Requirement already satisfied: chardet<4,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests>=1.1.0->requests-kerberos) (3.0.4)

Please suggest 

On Thursday, May 21, 2020 at 5:37:40 PM UTC-7, Jordan Borean wrote:

[Kiran Kumar]

Anyways i did below 

 1017  21/05/20 17:47:19 yum remove python-kerberos-1.1-15.el7.x86_64

 1018  21/05/20 17:49:29 rpm -qa|grep -i kerb

 1019  21/05/20 17:49:43 pip install pykerberos

 1020  21/05/20 17:49:55 pip install requests-kerberos

 1021  21/05/20 17:50:05 ansible windows -m win_ping -vvvvvv

 1022  21/05/20 17:50:30 yum install -y python-kerberos

 1023  21/05/20 17:50:38 ansible windows -m win_ping -vvvvvv

Still no luck 

On Thursday, May 21, 2020 at 5:37:40 PM UTC-7, Jordan Borean wrote:

[Kiran Kumar]

I used a fresh box & finally did below & wored

yum install -y  python3-devel

pip install pykerberos

Thanks @Jordan 

On Thursday, May 21, 2020 at 5:37:40 PM UTC-7, Jordan Borean wrote: