Develop Reference

Not possible to execute win_ping with Ansible

is it possible to give me an hint in regards to Ansible and Windows host? I have set up a Ansible server and a Windows host. I am not able to execute win_ping. It seems that I have something messed up with the configuration on the server.
ansible win -m win_ping
Error message:
192.168.178.10 | FAILED! => {
"msg": "the connection plugin 'winrm ## The kind of connection which ansible will make with remote windows node' was not found"
}
Firewall config seems to configured properly. I am able to connect from the Ansible server to the Windows host:
b#b:~$ nc -vz 192.168.178.10 5986
Connection to 192.168.178.10 5986 port [tcp/*] succeeded!
b#b:~$ nc -vz 192.168.178.10 5985
Connection to 192.168.178.10 5985 port [tcp/*] succeeded!
This is the configuration of /etc/ansible/hosts
...
[win]
192.168.178.10
[win:vars]
ansible_user=a
ansible_password="xxxx"
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_port=5986
...

Ansible uses the pywinrm package to communicate with Windows servers over WinRM. It is not installed by default with the Ansible package, but can be installed by running the following:
pip install "pywinrm>=0.3.0"
If you have installed the packages required and still facing the issue then I would recommend you to go through Ansible guide again.
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html

Ansible WinRM Server did not response with a CredSSP token after step Step 5

I am using Ansible (2.9.6) to connect Windows server using WinRM CredSSP. for win ping command its giving server did not response with CredSSP token. CredSSP enabled on the clinet machine
ansible windows -i hosts -m win_ping
| UNREACHABLE! => {
"changed": false,
"msg": "credssp: Server did not response with a CredSSP token after step Step 5. Delegate Credentials - actual 'Negotiate, Kerberos, CredSSP'",
"unreachable": true
}
Any help to resolve this error message?
Thanks

I was getting the below error
msg: 'credssp: Server did not response with a CredSSP token after step Step 5. Delegate Credentials - actual '''''
after updating pywinrm to 0.4.2 the issue was resolved

I'm using PSRP to a Windows 2012R2 server and I have the same issue on a win_copy task, but win_ping works. That didn't make any sense, then I disabled the Antivirus (McAfee) and the issue is gone.

On the Windows server set the Credssp to true. Open powershell as administrator and paste the below commands:
winrm set winrm/config/service/auth '#{CredSSP="true"}'
winrm set winrm/config/client/auth '#{CredSSP="true"}'
Enable-WSManCredSSP -Role Server
Then you will be able to get:
SUCCESS => {
"changed": false,
"ping": "pong"
for the ansible windows -i hosts -m win_ping command.

Ansible for Windows

I am trying to set up my ansible host to connect to windows. However ping is failing with the following error:
sudo ansible win -m win_ping
hostname | UNREACHABLE! => {
"changed": false,
"msg": "basic: HTTPConnectionPool(host='hostname', port=5986): Read timed out. (read timeout=30)",
"unreachable": true
}
pywinrm is installed on my linux box and WinRM is installed on the windows box.
Hosts file:
[win]
systemname
[win:vars]
ansible_user=username
ansible_password=passord
ansible_connection=winrm
ansible_winrm_scheme=http
ansible_winrm_server_cert_validation=ignore
ansible_winrm_transport=basic
Appreciate any advice.
Thanks.

Disabling the Windows Firewall (Domain, private and public networks) in the Windows box, fixed the issue for me.

Can you double check the WinRM Listener settings:
winrm enumerate winrm/config/Listener
If the output is what you expect, can you test a command on the local server as shown here:
winrs -r:http://server:5985/wsman -u:Username -p:Password ipconfig
Ansible has a good reference on this topic as well.

Unable to connect to a Windows Instance using Ansible Playbook

Every time I try running a playbook to automate some installations in Windows Server, my Windows Remote Host seems to be unreachable.
Here, I am trying to install IIS Server and my playbook looks like this :
---
- hosts : windows
tasks :
- name : Install Microsoft IIS
win_feature :
name : Web-Server
state : present
And the error is :
fatal: [ec2-54-197-197-91.compute-1.amazonaws.com]: UNREACHABLE! => {
"changed": false,
"msg": "ssl: HTTPSConnectionPool(host='ec2-54-197-197-91.compute-1.amazonaws.com', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x1b11310>, 'Connection to ec2-54-197-197-91.compute-1.amazonaws.com timed out. (connect timeout=30)'))",
"unreachable": true
}
But, now I came to know that, to run playbooks for Windows, I need to have winrm installed on my control node.
I have done the following :
pip install "pywinrm>=0.1.1"
I have added the public ip of Windows Instance and my hosts file looks like:
[local]
127.0.0.1
[aws]
ec2-54-152-85-197.compute-1.amazonaws.com
[windows]
ec2-54-197-197-91.compute-1.amazonaws.com
Then, I created a directory "group_vars" in /etc/ansible, and in that a file windows.yml which reads :
ansible_user: Administrator
ansible_password: SecretPasswordGoesHere
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Please let me know where I am going wrong.

(most likely, because you have not mentioned it)
You need to configure remote commands in PowerShell on your Windows instance (as described in the Windows system prep section). Execute the following (with administrator permissions):
iwr https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -UseBasicParsing | iex
Before, depending on your settings, you might also need to enable the PowerShell execution policy, set the network interface to private network (mind the InterfaceAlias value below) and enable PowerShell remoting.
Set-ExecutionPolicy Unrestricted -Force
Set-NetConnectionProfile -InterfaceAlias Ethernet0 -NetworkCategory Private
Enable-PSRemoting

Ansible windows fails with "Server not found in Kerberos database"

I am testing ansible (developer build) to connect to a windows machine.
ansible 2.0.0 (devel d1b98ec776)
The following command fails
ansible inh-jnambood-dt.india.mentorg.com -m win_ping -vvvv
Error is as below
bash-4.1$ ansible inh-jnambood-dt.india.mentorg.com -m win_ping -vvvv
Using /etc/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<inh-jnambood-dt.india.mentorg.com> ESTABLISH WINRM CONNECTION FOR USER: jnambood#MGC.MENTORG.COM on PORT 5985 TO inh-jnambood-dt.india.mentorg.com
inh-jnambood-dt.india.mentorg.com | FAILED! => {
"failed": true,
"msg": "ERROR! kerberos: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)), plaintext: 401 Unauthorized."
jnambood is my user id MGC.MENTORG.COM is the domain
Clearly there is some step I missed. What should I do to fix this error?

That usually means that the Linux host where you're running kinit is not joined to the domain (ie, it doesn't have a properly configured computer account in the domain). The existing docs unhelpfully omit that requirement...

I've also seen this occur where the FQDN of the the host is not entered in both the command and the ansible hosts file.
Try something like:
inh-jnambood-dt.mcg.mentorg.com
HTH

I'm not using Ansible, but pywinrm directly. To get things working from a RHEL7 computer to a Windows 10 host in the domain, I changed # to / in the pywinrm code. I did this because I saw other software use HTTP/hostname and not HTTP#hostname when talking to Kerberos. Hope this is useful for somebody.
https://github.com/requests/requests-kerberos/pull/141/commits

We had this same error. For us, it was resolved by shortening the hostname to have less than 15 characters.