kerberos: Bad HTTP response returned from server. Code 500
1,406 views
Skip to first unread message
Gajendra Gaikwad
Sep 29, 2021, 9:26:23 AM9/29/21
to Ansible Project
Good evening All
I am facing a small issue, could you please let me out
This works if i allow unencrypted is true : Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
Error: fatal: [win-client-01.adc1.com]: UNREACHABLE! => {"changed": false, "msg": "kerberos: Bad HTTP response returned from server. Code 500", "unreachable": true}
Note: I have not done any configuration on windows host node( default winrm service is running and firewall is disabled)
yaml file:
=====================================
---
- name: TEst ping
hosts: all
vars:
ansible_user: terrafo...@ADC1.COM
ansible_password: ******
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
ansible_winrm_kerberos_delegation: true
tasks:
- name: winping
win_ping:
register: out
- name: TEst ping
hosts: all
vars:
ansible_user: terrafo...@ADC1.COM
ansible_password: ******
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
ansible_winrm_kerberos_delegation: true
tasks:
- name: winping
win_ping:
register: out
=============================================
kinit
===========================================
ansible@ansible1:~$ kinit terrafo...@ADC1.COM
Password for terrafo...@ADC1.COM:
ansible@ansible1:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: terrafo...@ADC1.COM
Valid starting Expires Service principal
09/29/21 12:52:55 09/29/21 22:52:55 krbtgt/ADC1...@ADC1.COM
renew until 10/06/21 12:52:50
Password for terrafo...@ADC1.COM:
ansible@ansible1:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: terrafo...@ADC1.COM
Valid starting Expires Service principal
09/29/21 12:52:55 09/29/21 22:52:55 krbtgt/ADC1...@ADC1.COM
renew until 10/06/21 12:52:50
=============================================
winrs-ouput
============================================
C:\Users\systemadmin>winrs -r:http://127.0.0.1:5985/wsman -u:terrafor...@ADC1.COM -p:****** ipconfig
Windows IP Configuration
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . : jbtpdu1g0fpeddh5infylu3bjckbaug.gx.internal.cloudapp.net
Link-local IPv6 Address . . . . . : fe80::f8d7:1f58:8810:2e2f%5
IPv4 Address. . . . . . . . . . . : 172.16.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.1
===================================================================================
Windows IP Configuration
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . : jbtpdu1g0fpeddh5infylu3bjckbaug.gx.internal.cloudapp.net
Link-local IPv6 Address . . . . . : fe80::f8d7:1f58:8810:2e2f%5
IPv4 Address. . . . . . . . . . . : 172.16.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.1
===================================================================================
krb5-conf
============================================================================
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ADC1.COM
allow_weak_crypto = true
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
ADC1.COM = {
kdc = testadc.adc1.com
admin_server = testadc.adc1.com
}
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ADC1.COM
allow_weak_crypto = true
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
ADC1.COM = {
kdc = testadc.adc1.com
admin_server = testadc.adc1.com
}
==============================================================================
packages
================================
ansible@ansible1:~$ pip list | grep kerb
pykerberos 1.1.14
requests-kerberos 0.12.0
ansible@ansible1:~$ pip list | grep ansible
ansible 4.6.0
ansible-core 2.11.5
ansible@ansible1:~$
pykerberos 1.1.14
requests-kerberos 0.12.0
ansible@ansible1:~$ pip list | grep ansible
ansible 4.6.0
ansible-core 2.11.5
ansible@ansible1:~$
=============================================================
Tim Stauffer
Oct 22, 2021, 6:28:27 PM10/22/21
to Ansible Project
I ran into this. Upgrading the python modules pykerberos and pywinrm fixed it for me.
Reply all
Reply to author
Forward
0 new messages