Wwe have a problem when with client servers nodes via WinRM after pdating Rundeck
Stanislas LEVEAU
Hi,
Since updating Rundeck to version rundeck-5.9.0.20250205-1, we have a problem when we launch commands on our Windows client servers nodes via WinRM.
When we use winrm-check.py with the command below, everything is OK
python3 ./winrm-check.py --username rundeck --hostname myhost --password XXXXXXXXXXXXXXXXXX
...
Connection with host myhost successfull
On the other hand, as soon as we test from rundeck on the same host as above the "dir" command for example via the "Commands" menu we have a problem with winrm-exec.py for which here are the logs:
Interface Rundeck log
[ERROR ] Execution finished with the following error
(winrm-exec.py:378)[root]
[ERROR ] Bad HTTP response returned from server. Code 403
(winrm-exec.py:379)[root]
Failed: NonZeroResultCode: [WinRMPython] Result code: 1
Execution failed: 326756 in project Windows: [Workflow
result: , step failures: {1=Dispatch failed on 1 nodes:
[adm-install-test-02-Rundeck: NonZeroResultCode:
[WinRMPython] Result code: 1 +
{dataContext=MultiDataContextImpl(map={ContextView(step:1,
node:adm-install-test-02-Rundeck)=BaseDataContext{{exec={exitCode=1}}},
ContextView(node:adm-install-test-02-Rundeck)=BaseDataContext{{exec={exitCode=1}}}},
base=null)} ]}, Node failures:
{adm-install-test-02-Rundeck=[NonZeroResultCode:
[WinRMPython] Result code: 1 +
{dataContext=MultiDataContextImpl(map={ContextView(step:1,
node:adm-install-test-02-Rundeck)=BaseDataContext{{exec={exitCode=1}}},
ContextView(node:adm-install-test-02-Rundeck)=BaseDataContext{{exec={exitCode=1}}}},
base=null)} ]}, status: failed]
Rundeck.log file :
ERROR node.NodeStepPluginAdapter [pool-43702-thread-1] -
Error executing node step.
com.dtolabs.rundeck.core.execution.workflow.steps.node.NodeStepException:
[WinRMPython] Result code: 1
at
jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method) ~[?:?]
at
jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
~[?:?]
at
jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
~[?:?]
at
java.lang.reflect.Constructor.newInstance(Constructor.java:490)
~[?:?]
at
org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:72)
~[groovy-3.0.19.jar!/:3.0.19]
at
org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:105)
~[groovy-3.0.19.jar!/:3.0.19]
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:295)
~[groovy-3.0.19.jar!/:3.0.19]
at
org.rundeck.plugin.scriptnodestep.Util.handleFailureResult(Util.groovy:13)
~[?:?]
at
org.rundeck.plugin.scriptnodestep.Util$handleFailureResult.call(Unknown
Source) ~[?:?]
at
org.rundeck.plugin.scriptnodestep.CommandNodeStepPlugin.executeNodeStep(CommandNodeStepPlugin.groovy:54)
~[?:?]
at
com.dtolabs.rundeck.core.execution.workflow.steps.node.NodeStepPluginAdapter.executeNodeStep(NodeStepPluginAdapter.java:180)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.ExecutionServiceImpl.executeNodeStep(ExecutionServiceImpl.java:207)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.dispatch.SequentialNodeDispatcher.dispatch(SequentialNodeDispatcher.java:130)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.dispatch.SequentialNodeDispatcher.dispatch(SequentialNodeDispatcher.java:61)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.ExecutionServiceImpl.dispatchToNodesWith(ExecutionServiceImpl.java:263)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.ExecutionServiceImpl.dispatchToNodes(ExecutionServiceImpl.java:234)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.workflow.steps.NodeDispatchStepExecutor.executeWorkflowStep(NodeDispatchStepExecutor.java:66)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.ExecutionServiceImpl.executeStep(ExecutionServiceImpl.java:111)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.workflow.BaseWorkflowExecutor.executeWFItem(BaseWorkflowExecutor.java:285)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.workflow.BaseWorkflowExecutor.executeWorkflowStep(BaseWorkflowExecutor.java:681)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.workflow.engine.StepCallable.apply(StepCallable.java:71)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.workflow.engine.StepOperation.apply(StepOperation.java:76)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.execution.workflow.engine.StepOperation.apply(StepOperation.java:32)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.dtolabs.rundeck.core.rules.WorkflowEngineOperationsProcessor.lambda$beginOperation$1(WorkflowEngineOperationsProcessor.java:323)
~[rundeck-core-5.9.0-20250205.jar!/:?]
at
com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
~[guava-32.0.1-jre.jar!/:?]
at
com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:75)
~[guava-32.0.1-jre.jar!/:?]
at
com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
~[guava-32.0.1-jre.jar!/:?]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
~[?:?]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
[2025-03-05T14:51:14,727] ERROR api.workflowstatus
[pool-43702-thread-1] - Step 1 failed: exec-command
[2025-03-05T14:51:14,984] ERROR
services.ExecutionUtilService [quartzScheduler_Worker-4] -
Execution failed: 326756 in project Windows: [Workflow
result: , step failures: {1=Dispatch failed on 1 nodes:
[adm-install-test-02-Rundeck: NonZeroResultCode:
[WinRMPython] Result code: 1 +
{dataContext=MultiDataContextImpl(map={ContextView(step:1,
node:adm-install-test-02-Rundeck)=BaseDataContext{{exec={exitCode=1}}},
ContextView(node:adm-install-test-02-Rundeck)=BaseDataContext{{exec={exitCode=1}}}},
base=null)} ]}, Node failures:
{adm-install-test-02-Rundeck=[NonZeroResultCode:
[WinRMPython] Result code: 1 +
{dataContext=MultiDataContextImpl(map={ContextView(step:1,
node:adm-install-test-02-Rundeck)=BaseDataContext{{exec={exitCode=1}}},
ContextView(node:adm-install-test-02-Rundeck)=BaseDataContext{{exec={exitCode=1}}}},
base=null)} ]}, status: failed]
below is our project configuration file :
#edit below project.description=Projet pour gérer la mise à jour des serveurs Windows project.disable.executions=false project.disable.schedule=false project.execution.history.cleanup.batch=500 project.execution.history.cleanup.enabled=false project.execution.history.cleanup.retention.days=60 project.execution.history.cleanup.retention.minimum=50 project.execution.history.cleanup.schedule=0 0 0 1/1 * ? * project.jobs.gui.groupExpandLevel=1 project.label=MAJ_DES_SERVEURS_WINDOWS project.later.executions.disable=false project.later.executions.enable=false project.later.schedule.disable=false project.later.schedule.enable=false project.name=Windows project.nodeCache.enabled=true project.nodeCache.firstLoadSynch=true project.output.allowUnsanitized=false project.plugin.FileCopier.WinRMcpPython.authtype=basic project.plugin.FileCopier.WinRMcpPython.interpreter=python3 project.plugin.FileCopier.WinRMcpPython.kinit=kinit project.plugin.FileCopier.WinRMcpPython.krb5config=/etc/krb5.conf project.plugin.FileCopier.WinRMcpPython.nossl=true project.plugin.FileCopier.WinRMcpPython.readtimeout=30 project.plugin.FileCopier.WinRMcpPython.retryconnection=1 project.plugin.FileCopier.WinRMcpPython.retryconnectiondelay=10 project.plugin.FileCopier.WinRMcpPython.winrmport=5985 project.plugin.FileCopier.WinRMcpPython.winrmtransport=http project.plugin.NodeExecutor.WinRMPython.authtype=basic project.plugin.NodeExecutor.WinRMPython.exitbehaviour=console project.plugin.NodeExecutor.WinRMPython.interpreter=python3 project.plugin.NodeExecutor.WinRMPython.kinit=kinit project.plugin.NodeExecutor.WinRMPython.krb5config=/etc/krb5.conf project.plugin.NodeExecutor.WinRMPython.nossl=true project.plugin.NodeExecutor.WinRMPython.readtimeout=30 project.plugin.NodeExecutor.WinRMPython.retryconnection=1 project.plugin.NodeExecutor.WinRMPython.retryconnectiondelay=10 project.plugin.NodeExecutor.WinRMPython.shell=powershell project.plugin.NodeExecutor.WinRMPython.winrmport=5985 project.plugin.NodeExecutor.WinRMPython.winrmtransport=http project.ssh-authentication=privateKey project.ssh-keypath=/var/lib/rundeck/.ssh/id_rsa resources.source.1.type=local resources.source.2.config.file=/var/lib/rundeck/projects/Windows/etc/resources.xml resources.source.2.config.format=resourcexml resources.source.2.config.generateFileAutomatically=true resources.source.2.config.includeServerNode=true resources.source.2.config.requireFileExists=true resources.source.2.config.writeable=true resources.source.2.type=file service.FileCopier.default.provider=WinRMcpPython service.NodeExecutor.default.provider=WinRMPython
Have you ever encountered this problem?
Regards
Stan
rac...@rundeck.com
Stanislas LEVEAU
rac...@rundeck.com
Hi,
I successfully tested your configuration and the model source on 5.9.0 without issues, so, I’m suspecting the problem is from the remote node. However, I recommend explicitly defining the osArch and osFamily attributes as shown below:
<node name="windows" description="My Windows Server" tags="win" hostname="192.168.1.14" osArch="amd64" osFamily="windows" osName="Windows 2022" osVersion="21H2" username="myuser" winrm-authtype="basic" winrm-password-storage-path="keys/winpasswd"/>Can you try using this definition, including only the attributes specified above?
Regarding the WinRM “Code 403” error, this indicates that the server denied the request. The HTTP 403 status code typically means that authentication was successful, but the authenticated user lacks the necessary permissions to perform the requested action.
You can try:
- Reconfiguring the WinRM on the remote box:
- Verify that the WinRM listerner is enable and well-configured:
If the listener is inactive, enable it with:
winrm create winrm/config/Listener?Address=*+Transport=HTTP @{Port="5985";Enabled="true"}Check if you windows box runs a security software that denies the Rundeck requests. Also check carefully the rules defined on the Windows Firewall.
Ensure you’re using the latest pywinrm Rundeck plugin. Rundeck 5.9.0 includes version 2.1.3 of the plugin.
Regards.
Stanislas LEVEAU
Hi,
thanks a lot for you answer.
After following your suggestions of solutions, we still had the same error message.
All the configuration on the client was correct. We found a solution in the hostname variable in the resources.xml file. We were forced to replace hostname=<client_ipaddress> by hostname=<client_name.domain> And it works ! python3 ./winrm-check.py --username rundeck --hostname 172.*.*.* --password XXXXXXXXXXXXXXXXXX winrm.exceptions.WinRMTransportError: Bad HTTP response returned from server. Code 403 but python3 ./winrm-check.py --username rundeck --hostname client_name.domain --password XXXXXXXXXXXXXXXXXX Connection with host XXXXXXXXXXXXXXXXXXXXXX successfull It's really strange because before Rundeck's Upgrade (5.2 to 5.9), the ressources.xml file was configurate with "hostname=client_ipaddress"), and it worked.
--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/rundeck-discuss/fba4baa7-5648-456c-b8da-bf3437305729n%40googlegroups.com.