Thank you for your help.
win_ping module verbose, without local admin on remote windows hosts:
[<user>@<servername> winRM]$ ansible windows -i inventory/dev/hosts -m win_ping -vvvv
<<servernaem>> ESTABLISH WINRM CONNECTION FOR USER: test_user on PORT 5986 TO <servernaem>
<<servernaem>> WINRM CONNECT: transport=plaintext endpoint=https://<servernaem>:5986/wsman
<<servernaem>> REMOTE_MODULE win_ping
<<servernaem>> EXEC (New-Item -Type Directory -Path $env:temp -Name "ansible-tmp-1456562221.68-167539675202015").FullName | Write-Host -Separator '';
<<servernaem>> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', '-EncodedCommand', 'KABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgB0AGUAbQBwACAALQBOAGEAbQBlACAAIgBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADQANQA2ADUANgAyADIAMgAxAC4ANgA4AC0AMQA2ADcANQAzADkANgA3ADUAMgAwADIAMAAxADUAIgApAC4ARgB1AGwAbABOAGEAbQBlACAAfAAgAFcAcgBpAHQAZQAtAEgAbwBzAHQAIAAtAFMAZQBwAGEAcgBhAHQAbwByACAAJwAnADsA']
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/ansible/runner/connection_plugins/winrm.py", line 161, in exec_command
result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True)
File "/usr/lib/python2.6/site-packages/ansible/runner/connection_plugins/winrm.py", line 122, in _winrm_exec
self.shell_id = self.protocol.open_shell()
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 121, in open_shell
rs = self.send_message(xmltodict.unparse(rq))
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 193, in send_message
return self.transport.send_message(message)
File "/usr/lib/python2.6/site-packages/winrm/transport.py", line 136, in send_message
raise WinRMTransportError('http', error_message)
WinRMTransportError: 500 WinRMTransport. Bad HTTP response returned from server. Code 500
<servernaem> | FAILED => failed to exec cmd PowerShell -NoProfile -NonInteractive -EncodedCommand KABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgB0AGUAbQBwACAALQBOAGEAbQBlACAAIgBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADQANQA2ADUANgAyADIAMgAxAC4ANgA4AC0AMQA2ADcANQAzADkANgA3ADUAMgAwADIAMAAxADUAIgApAC4ARgB1AGwAbABOAGEAbQBlACAAfAAgAFcAcgBpAHQAZQAtAEgAbwBzAHQAIAAtAFMAZQBwAGEAcgBhAHQAbwByACAAJwAnADsA
raw module (ipconfig) verbose, without local admin on remote windows hosts:
[<user>@<servername> winRM]$ ansible-playbook -i inventory/dev/hosts playbooks/test_windows.yml -vvvv
PLAY [test script module] *****************************************************
TASK: [run ipconfig] **********************************************************
<<servernaem>> ESTABLISH WINRM CONNECTION FOR USER: test_user on PORT 5986 TO <servernaem>
<<servernaem>> WINRM CONNECT: transport=plaintext endpoint=https://<servernaem>:5986/wsman
<<servernaem>> EXEC ipconfig
<<servernaem>> WINRM EXEC 'ipconfig' []
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/ansible/runner/connection_plugins/winrm.py", line 161, in exec_command
result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True)
File "/usr/lib/python2.6/site-packages/ansible/runner/connection_plugins/winrm.py", line 122, in _winrm_exec
self.shell_id = self.protocol.open_shell()
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 121, in open_shell
rs = self.send_message(xmltodict.unparse(rq))
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 193, in send_message
return self.transport.send_message(message)
File "/usr/lib/python2.6/site-packages/winrm/transport.py", line 136, in send_message
raise WinRMTransportError('http', error_message)
WinRMTransportError: 500 WinRMTransport. Bad HTTP response returned from server. Code 500
fatal: [<servernaem>] => failed to exec cmd ipconfig
FATAL: all hosts have already failed -- aborting
I don't see any errors in the numerous windows logs, but I do see a successful logon:
An account was successfully logged on.
Subject:
Security ID: NETWORK SERVICE
Account Name: <servername>$
Account Domain: MHF
Logon ID: 0x3E4
Logon Type: 3
Impersonation Level: Impersonation
New Logon:
Security ID: <servernaem>\test_user
Account Name: test_user
Account Domain: <servername>
Logon ID: 0x19F85BC2C
Logon GUID: {00000000-0000-0000-0000-000000000000}
pywinrm:
The examples use http, which I haven't been using. I therefore included transport over SSL.
Without admin:
import winrm
s = winrm.Session('<servername>', auth=('test_user', '**********'),transport='ssl')
r = s.run_cmd('ipconfig', ['/all'])
print r.std_out
Traceback (most recent call last):
File "./process_remote_host.py", line 6, in <module>
r = s.run_cmd('ipconfig', ['/all'])
File "/usr/lib/python2.6/site-packages/winrm/__init__.py", line 29, in run_cmd
shell_id = self.protocol.open_shell()
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 121, in open_shell
rs = self.send_message(xmltodict.unparse(rq))
File "/usr/lib/python2.6/site-packages/winrm/protocol.py", line 193, in send_message
return self.transport.send_message(message)
File "/usr/lib/python2.6/site-packages/winrm/transport.py", line 136, in send_message
raise WinRMTransportError('http', error_message)
winrm.exceptions.WinRMTransportError: 500 WinRMTransport. Bad HTTP response returned from server. Code 500
With admin:
Windows IP Configuration
Host Name . . . . . . . . . . . . : <servername>
Primary Dns Suffix . . . . . . . : <domain>
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
...
Please note it is an identical error for "Run powershell on remote host"
You can see it's the same error when running via Ansible, as it is when I run directly from pywinrm.
I can think of a couple more options:
Get pywinrm working without SSL, and see where that takes me. I will need to make changes on the Windows host for this, because unencrypted traffic is currently not allowed. This was intended, I wanted to use SSL only.
I tested this from another windows server:
"Message = The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client configuration and try the request again."
Or I take a closer look at pywinrm.
I don't have time to do either this weekend. Hopefully I will get some time next week.