winrm http port 5985

[Tony Wong]

can winrm communicate via http 5985?

my group[_vars file

ansible_user: 'administrator'

ansible_password: 'xxxxxx'

ansible_port: 5985

ansible_connection: 'winrm'

ansible_winrm_server_cert_validation: 'ignore'

ansible_winrm_transport: 'ntlm'

but getting it failed on one win host

10.200.1.31 | UNREACHABLE! => {

    "changed": false,

    "msg": "ntlm: the specified credentials were rejected by the server",

    "unreachable": true

}

10.50.1.231 | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

[Jordan Borean]

You need to figure out why it's failing, we have a page for dealing with rejected credentials https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#http-401-credentials-rejected.

[Tony Wong]

it only works with https over 5986

if I change it to ntlm

ansible_user: 'administrator'

ansible_password: 'xxxxxxx'

ansible_port: 5986

ansible_connection: 'winrm'

ansible_winrm_server_cert_validation: 'ignore'

ansible_winrm_transport: 'ntlm'

then it works

its not a firewall issue either since I can telnet to port 5985 on the windows machine

[Jordan Borean]

If only 5986 is working then it sounds like message encryption is being disabled for NTLM or is just unavailable (older libraries are installed). If you already have HTTPS working then you should just continue to use that. It provides more security benefits especially compared to NTLM over port 5985.