WinRM - running ansible on widnows returning error

[nadim mansour]

How can I let ansible run on windows node(windows server 2012 machine) ??

I ran the belwo commands on power shell before running the ansible script :

netsh advfirewall firewall add rule name="Allow WinRM (Http)" dir=in localport=5985 protocol=tcp action=allow enable=yes

netsh advfirewall firewall add rule name="Allow WinRM (Https)" dir=in localport=5986 protocol=tcp action=allow enable=yes

I am recieving the below error 

fatal: [uat_cdxdb]: UNREACHABLE! => {

    "changed": false, 

    "msg": "ssl: HTTPSConnectionPool(host='10.1.116.151', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x108cfd450>: Failed to establish a new connection: [Errno 61] Connection refused',))", 

    "unreachable": true

}

[Mohan L]

Run this PowerShell script on your windows machine: https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

That will configure the necessary changes to allow Ansible to connect to windows. 

[nadim mansour]

is thier another way like doing manual steps or rules.

The client will not allow us to run the script on his amchines 

could you please help or advice ?

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4dde28a7-b35a-4d73-9275-2e249de4b0e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jordan Borean]

You can look at the script and see what it does to enable the firewall rules. I find it amusing they won't allow scripts when you can still run arbitrary commands.

Thanks

Jordan

[nadim mansour]

I am enabling the below rules:

netsh advfirewall firewall add rule name="Allow WinRM (Http)" dir=in localport=5985 protocol=tcp action=allow enable=yes

netsh advfirewall firewall add rule name="Allow WinRM (Https)" dir=in localport=5986 protocol=tcp action=allow enable=yes

but it seems on https a certificate is needed !? cause I am still not able to run ansible on the windows server

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/278453a9-5918-48d2-a1a3-dcd221dd4bea%40googlegroups.com.

[Ankit Vashistha]

Can you share winrm configuration?

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/34216652-b054-4778-ac54-b52a80af1ff3%40googlegroups.com.

[Mohan L]

I have not done it manually. 

My be take a look at below article: https://www.virtualtothecore.com/en/configuring-windows-machines-for-ansible/

It looks like he was using SolarWinds Remote Execution Enabler for PowerShell: https://www.solarwinds.com/free-tools/remote-execution-enabler-for-powershell

[nadim mansour]

Please find below the screent shot 

I run the two rules command for http and https listener 

and I run winrm qc 

but its listining only to http 

[nadim mansour]

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACecUhviGDMGEWLaN9XbKQewaTnoD8Krt8iH1agcxjwU1rFCbw%40mail.gmail.com.

[Jordan Borean]

Yes you need a certificate for https just like any https endpoint. The Configure script will generate a self signed one for you as it is needlessly complex in older versions of PowerShell to generate your own.