Mayur, Make sure your Linux Control Machine is bound to the same domain as your target Windows VM. After much reading and debugging, I realized my Ubuntu server where I was running Ansible was not bound to the Domain.
*Another thing...* I had to run the kinit command with the below flags on the Control Machine to get past the auth failures (according to https://github.com/diyan/pywinrm/issues/36#issuecomment-60175388): kinit -l 7d -r 7d -pAf [email protected] *NOTE: I had run the kinit command before, but not with the flags. The forwarding flags of kinit is what got me over the hump.* On Friday, January 22, 2016 at 4:30:09 AM UTC-8, Mayur Barge wrote: > > Hi Jon, > > Thanks for your inputs > > If I manage windows machine using local administrator account then it > works. But for AD account following is the error. I can successfully do > kinit with domain user and klist displays appropriate ticket > > <win2k8r2-client> ESTABLISH WINRM CONNECTION FOR USER: on PORT 5986 TO > win2k8r2-client > > <win2k8r2-client> WINRM CONNECT: transport=kerberos endpoint= > https://win2k8r2-client:5986/wsman > > win2k8r2-client | FAILED => Traceback (most recent call last): > > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 586, in _executor > > exec_rc = self._executor_internal(host, new_stdin) > > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 789, in _executor_internal > > return self._executor_internal_inner(host, self.module_name, > self.module_args, inject, port, complex_args=complex_args) > > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 968, in _executor_internal_inner > > conn = self.connector.connect(actual_host, actual_port, actual_user, > actual_pass, actual_transport, actual_private_key_file, delegate_host) > > File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line > 52, in connect > > self.active = conn.connect() > > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 140, in connect > > self.protocol = self._winrm_connect() > > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 96, in _winrm_connect > > protocol.send_message('') > > File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in > send_message > > return self.transport.send_message(message) > > File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in > send_message > > krb_ticket = KerberosTicket(self.krb_service) > > File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in > __init__ > > kerberos.authGSSClientStep(krb_context, '') > > GSSError: (('Unspecified GSS failure. Minor code may provide more > information', 851968), ('Server not found in Kerberos database', > -1765328377)) > > > > > > > > > > On Monday, 18 January 2016 19:39:14 UTC+5:30, J Hawkesworth wrote: >> >> Hi Mayur, >> >> You usually get that message when kerberos is not configured properly on >> your ansible controller. >> >> Please ensure you have followed the setup instructions here: >> >> http://docs.ansible.com/ansible/intro_windows.html#configuring-kerberos >> >> Without this, the ansible controller does cannot connect to your windows >> domain, because it is unaware of the network location of your windows >> domain controllers. >> >> Hope this helps, >> >> Jon >> >> On Friday, January 15, 2016 at 6:54:39 PM UTC, Mayur Barge wrote: >>> >>> Hi I'm facing below issue while connecting to windows machine using AD >>> accounts >>> >>> >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line >>> 586, in _executor >>> exec_rc = self._executor_internal(host, new_stdin) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 789, in _executor_internal >>> return self._executor_internal_inner(host, self.module_name, >>> self.module_args, inject, port, complex_args=complex_args) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 968, in _executor_internal_inner >>> conn = self.connector.connect(actual_host, actual_port, actual_user, >>> actual_pass, actual_transport, actual_private_key_file, delegate_host) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", >>> line 52, in connect >>> self.active = conn.connect() >>> File >>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>> >>> line 140, in connect >>> self.protocol = self._winrm_connect() >>> File >>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>> >>> line 96, in _winrm_connect >>> protocol.send_message('') >>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, >>> in send_message >>> return self.transport.send_message(message) >>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, >>> in send_message >>> krb_ticket = KerberosTicket(self.krb_service) >>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, >>> in __init__ >>> kerberos.authGSSClientStep(krb_context, '') >>> GSSError: (('Unspecified GSS failure. Minor code may provide more >>> information', 851968), ('Server not found in Kerberos database', >>> -1765328377)) >>> >>> >>> Please help >>> >>> Thanks, >>> Mayur >>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b2c843b7-701d-4b45-a00e-3f3ca8e47829%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
