Ansible unable to winrm to Windows Server 2012

[Eric Tan]

##### SUMMARY

1. Using Python 2.7 in RHEL7

2. Executed powershell script in windows machine ConfigureRemotingForAnsible.ps1

3. Configured yml file to the below:

* name: hit windows test instance

  hosts: "tag_class_windows_{{ env }}_{{ ec2_class }}"

  vars:

  ansible_user: Administrator

  ansible_password: {{ password }}

  ansible_port: 5986

  ansible_connection: winrm

  ansible_winrm_server_cert_validation: ignore

  ansible_winrm_operation_timeout_sec: 60

  ansible_winrm_read_timeout_sec: 70

  tasks:

  

  * ec2:

    state: 'absent'

    instance_ids: {{ instance_id }}'

    ec2_region: '{{ ec2_region }}'

    delegate_to: localhost

Error encountered:

fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fefb0fdf3d0>: Failed to establish a new connection: [Errno 111] Connection refused',))", "unreachable": true}

##### ISSUE TYPE

* Bug Report

##### COMPONENT NAME

winrm

##### ANSIBLE VERSION

ansible 2.4.3.0

##### CONFIGURATION

HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False

##### OS / ENVIRONMENT

Host: RHEL 7

WinRM to Windows 2012

##### STEPS TO REPRODUCE

ansible-playbook -i /etc/ansible/ec2.py hitwin.yml --extra-vars "ec2_class=appservers env=test"

* name: hit windows test instance

  hosts: "tag_class_windows_{{ env }}_{{ ec2_class }}"

  vars:

  ansible_user: Administrator

  ansible_password: {{ password }}

  ansible_port: 5986

  ansible_connection: winrm

  ansible_winrm_server_cert_validation: ignore

  ansible_winrm_operation_timeout_sec: 60

  ansible_winrm_read_timeout_sec: 70

  tasks:

  

  * ec2:

    state: 'absent'

    instance_ids: {{ instance_id }}'

    ec2_region: '{{ ec2_region }}'

    delegate_to: localhost

##### EXPECTED RESULTS

Expected success to win rm and shutdown server

##### ACTUAL RESULTS

PLAY [hit windows test instance] ***********************************************

TASK [Gathering Facts] *********************************************************

ok: [xxx.xxx.xxx.xxx]

TASK [ec2] *********************************************************************

fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fefb0fdf3d0>: Failed to establish a new connection: [Errno 111] Connection refused',))", "unreachable": true}

```

    to retry, use: --limit @/home/ec2-user/ansible-netenv/hitwin.retry

```

PLAY RECAP *********************************************************************

xxx.xxx.xxx.xxx : ok=1 changed=0 unreachable=1 failed=0

[ameya agashe]

Run below in PowerShell and it should keep you going:

netsh advfirewall firewall add rule name="Allow WinRM (Https)" dir=in localport=5986 protocol=tcp action=allow enable=yes

Thanks and Regards,

Ameya Agashe

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d90a7256-11a0-446f-943f-294356831c05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Eric Tan]

Hi Ameya,

thanks for your response!

I forgot to add that the firewall is already opened in my issue but it still doesnt work.

I read somewhere that it has to do with the cipher suite that RHEL7 and Windows default uses.

Do you have any idea about this?

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG9tf-9YD0wdZq2Y%3DbEuBBZSM%2BiYHemSmJ11M_Ux6vMBJ53O6Q%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Regards,

Mr Tan Choa Hong, Eric _(Mba)
PMP®,CBAP®,CSM®

 

LinkedIn   : https://www.linkedin.com/in/er1csg

Email        : erict...@gmail.com

AboutMe : https://about.me/er1c_sg

The information contained in this email (including all attachments) is confidential and may also be privileged. It is intended for the use only of the addressee(s) named. If you are not the intended recipient, kindly note that any dissemination, distribution, publication or copying of this email is strictly prohibited. If you have received this email in error, please accept our apologies and notify us immediately. Thereafter, kindly delete all copies from your system. Although reasonable precautions have been taken to ensure the integrity of this email and that it is virus free.

[ameya agashe]

Hi Tan,

Not aware of the issue you referring about, under normal circumstances the command I gave should work. Have you tried running playbook in debug mode to see what is happening under the cover? place "-vvv" at the last of command line.

Regards

Ameya Agashe

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CADeC%2B8bhNZh844Hmmm41-KAgU%2B_WpMiRDBG8jnxHMidYOvn3Rg%40mail.gmail.com.

[Eric Tan]

Hi Ameya,

Below is the debug information. By the way, the localhost is RHEL7 OS and the ec2 we are trying to winrm is Windows Server 2012.

---------------------------------------------

TASK [ec2] *********************************************************************

task path: /home/ec2-user/ansible-netenv/hitwin.yml:12

Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/cloud/a                         mazon/ec2.py

<localhost> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5986 TO l                         ocalhost

Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/cloud/a                         mazon/ec2.py

<localhost> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5986 TO l                         ocalhost

fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {

    "changed": false,

    "msg": "ssl: HTTPSConnectionPool(host='localhost', port=5986): Max retries e                         xceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.Veri                         fiedHTTPSConnection object at 0x7f78dc5213d0>: Failed to establish a new connect                         ion: [Errno 111] Connection refused',))",

    "unreachable": true

}

        to retry, use: --limit @/home/ec2-user/ansible-netenv/hitwin.retry

---------------------------------------------

[ameya agashe]

Hi Tran,

Still, think it is Firewall only, can you double check?

Thanks

Ameya

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fd7d8e96-1f66-4efd-a1f1-9e5a90ce8646%40googlegroups.com.

[Eric Tan]

Hi Ameya,

To verify if i can reach the server, i used win_ping

-----------------------

xxx.xxx.xxx.xxx | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

-----------------------

On the windows server side i also checked firewall is opened

Is there any particular firewall i need to open on RHEL7 OS side?

[ameya agashe]

Strange, running out of ideas, anyone can think of anything else?

Kind Regards,

Ameya Agashe

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5b046865-f4ff-4877-a22a-9b4defa2209b%40googlegroups.com.