basic connection to windows with WinRM failing, need a clue.
71 views
Skip to first unread message
Jackson Pollock
Nov 16, 2017, 6:03:32 PM11/16/17
to Ansible Project
First time trying to get some windows automation going, I must be missing something. Installed winrm & powershell via the ansible provided scripts from: http://docs.ansible.com/ansible/latest/intro_windows.html#windows-system-prep
this works just fine:
curl -vk -d "" -u "tmp:scout" http://10.80.180.41:5985/wsman
Using same everything with ansible:
This fails:
ansible windows -i hosts -m win_ping
Credentials are fine as you can see and I have logged in with them, set as "Administrator".
curl -vk -d "" -u "tmp:scout" http://10.80.180.41:5985/wsman
* Trying 10.80.180.41...
* Connected to 10.80.180.41 (10.80.180.41) port 5985 (#0)
* Server auth using Basic with user 'tmp'
> POST /wsman HTTP/1.1
> Host: 10.80.180.41:5985
> Authorization: Basic dG1wOjRzY291dA==
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 401
< Server: Microsoft-HTTPAPI/2.0
< WWW-Authenticate: Negotiate
< Date: Thu, 16 Nov 2017 22:53:09 GMT
< Connection: close
< Content-Length: 0
<
* Closing connection 0Enter code here...
Using same everything with ansible:
group_vars/windows.yml
ansible_user: tmp
ansible_password: scout
ansible_ssh_port: 5985
ansible_connection: winrm
ansible_winrm_scheme: http
ansible_winrm_server_cert_validation: ignore
ansible_winrm_transport: plaintextThis fails:
ansible windows -i hosts -m win_ping
10.80.180.41 | UNREACHABLE! => {
"changed": false,
"msg": "plaintext: the specified credentials were rejected by the server",
"unreachable": true
}
Credentials are fine as you can see and I have logged in with them, set as "Administrator".
Any ideas?
thanks!
Matt Martz
Nov 16, 2017, 6:51:18 PM11/16/17
to ansible...@googlegroups.com
Your curl command is returning a 401 Unauthorized. That is not successful.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ffa9ac6a-35dc-42a3-bd22-c229e1aa76bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Steven Pollock
Nov 16, 2017, 6:59:12 PM11/16/17
to ansible...@googlegroups.com
Good catch.
The root issue here is http, must be https or the windows trustedhost rules come into play.
I got it to work with https and a self-signed cert.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ffa9ac6a-35dc-42a3-bd22-c229e1aa76bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/MwL4nAbyV5s/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v81J9RrwXtQkFLfNf7snON7rHcTsk77gxdFsH2vaRagmA%40mail.gmail.com.
Mike Fennemore
Nov 17, 2017, 4:39:54 AM11/17/17
to Ansible Project
Is the user you are attempting to connect with a Local admin? if not try winrm configSDDL default then adding the required permissions for the user.
Reply all
Reply to author
Forward
0 new messages