winrm connection to windows server 2012r2 in EC2 - Unauthorized/basic auth failed

[Michael Wozniak]

I'm attempting to set up a windows 2012 system in EC2 which can be accessed/managed with ansible.  I've used a script like the example (https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1) passed as user_data at start-up to successfully connect to a windows 2008r2 based system, however I've had issues related to memory limits in 2008r2.  When I try to use the same script to connect to a 2012r2 based system, I get these errors:

<IP> ESTABLISH WINRM CONNECTION FOR USER: Admin1 on PORT 5986 TO IP

<IP> WINRM CONNECT: transport=plaintext endpoint=https://IP:5986/wsman

<IP> WINRM CONNECTION ERROR: 401 Unauthorized. basic auth failed

<IP> WINRM CONNECT: transport=plaintext endpoint=http://IP:5986/wsman

I can successfully connect to the server with RDP, and as far as I can tell, the winrm settings look correct.  Has anyone else experienced similar issues? Any ideas on what could be going wrong?

[J Hawkesworth]

Worth checking the firewall rules.  I think I had something like this happen first time I set up 2012 server, but I probably wasn't using basic auth.

From memory I had an error when the following line of the setup script ran:

#FIrewall
	netsh advfirewall firewall add rule Profile=public name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow

I think the problem was the Profile=public part.  Yeah, that was it, I had to tweak it to Profile=domain on 2012 but it had been happy on 2008r2 as is.

Bear in mind I was using a domain account, so not the same issue as you, but perhaps worth checking the firewall configuration anyway?

Jon

[Michael Wozniak]

I actually have that line switched out for debugging purposes and I just turn off the firewall completely.

This is what I have for now:

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

I log in to the server with RDP after it's up and running and I can verify that the firewall shows as disabled in the GUI.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/79781399-d0d2-48a2-9783-c20423bbaed1%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Michael Wozniak]

Apparently the issue was that I was turning off the firewall before I was setting the new password.  The connection works when the password is properly set before turning off the firewall.

[Mayur Barge]

How did you solved this issue ?
I'm facing similar issue