Jon's correct- disabling server cert validation (or installing a trusted cert on the WinRM listener) will get you past this point. However, even if you get it working from command-line, it won't work from Tower without a little more hassle, since Tower redirects to a bundled version of pywinrm (0.1.1) that is too old to support ntlm. It can be replaced, but you'd need to contact support on the proper procedure to update Tower's bundled pywinrm version.
Future builds of Tower are already including the new version, but IIRC there hasn't been a Tower release since pywinrm 0.2.0 shipped. On Thursday, June 23, 2016 at 6:51:31 AM UTC-7, J Hawkesworth wrote: > > Hi Mark, > > I've not tried the NTLM support yet but I think you might need to set > > ansible_winrm_server_cert_validation: ignore > > ... in your inventory/ group_vars. > > Otherwise python will attempt to validate the certificate presented by > your windows vm, which is (very likely) self signed one. > > Give that a go and see how you get on. > > All the best, > > Jon > > > On Thursday, June 23, 2016 at 11:38:28 AM UTC+1, Mark Matthews wrote: >> >> Hi >> >> >> >> I am trying to authenticated to server using domain credentials. >> >> >> >> I watch the following video with Matt Davis, >> https://www.ansible.com/webinars-training/ask-an-expert-ansible-and-windows, >> and he mentions that with Ansible 2.1 you are now able to use ‘ntlm’ to >> authenticate with domain credentials. >> >> >> >> I am testing this in the console first before applying these setting to >> Tower, but I am having issues. >> >> >> >> I have change the host file entries to the following: >> >> >> >> [win] >> >> uk-ansible-util >> >> >> >> [win:vars] >> >> ansible_connection=winrm >> >> ansible_user=wintech.local\sa_Ansible >> >> ansible_password=password >> >> >> >> ansible_winrm_transport=ntlm >> >> >> >> And then when I try run the following task: ansible win -i hosts -m raw >> -a ipconfig >> >> >> >> I am getting the following error: >> >> >> >> uk-ansible-util | UNREACHABLE! => { >> >> "changed": false, >> >> "msg": "ntlm: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify >> failed (_ssl.c:765)", >> >> "unreachable": true >> >> } >> >> >> >> >> >> I have updated pywinrm to the latest version on the Ansible server. >> >> >> >> >> >> Any ideas what could be causing this, as I cant find anything on the >> Internet. >> >> >> >> Cheers >> >> Mark >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a2d2c208-ae4f-4add-8e1e-3be149c57fd0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
