Worked fine for me using Kerberos delegation:
ansible_winrm_transport=kerberos and ansible_winrm_kerberos_delegation=yes.
The setup takes so ridiculously long that I didn't try it any other way, so
your mileage may vary.
-Matt
On Friday, September 16, 2016 at 12:50:48 AM UTC-7, Chandra Pandey wrote:
>
> Hi, Thanks , will wait for your result ...
>
>
> On Friday, September 16, 2016 at 3:53:57 AM UTC+5:30, Matt Davis wrote:
>>
>> I'm actually undertaking the same task this week for a PoC demo, so I'll
>> let you know if I figure out the magic incantations to get it working. :)
>>
>> -Matt
>>
>> On Monday, September 12, 2016 at 12:48:49 PM UTC-7, Chandra Pandey wrote:
>>>
>>> I get error while installing fresh exchange 2016 server using ansible
>>> ---
>>>
>>>
>>> ExchangeSetup.log Error
>>>
>>> Active Directory operation failed on . The supplied credential for
>>> 'ADS\Chandra Pandey' is invalid.
>>> [09/12/2016 19:34:45.0055] [0] The supplied credential is invalid
>>>
>>>
>>> Ansible Error:
>>>
>>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out
>>> "C:\\Users\\Chandra Pan", err "">'
>>> <dev-01.xyz.com> PUT "/etc/ansible/playbooks/exch.ps1" TO
>>> "C:\Users\Chandra
>>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1"
>>> <dev-01.xyz.com> WINRM PUT "/etc/ansible/playbooks/exch.ps1" to
>>> "C:\Users\Chandra
>>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1"
>>>
>>> (offset=121 size=121)
>>> <dev-01.xyz.com> EXEC & 'C:\Users\Chandra
>>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1'
>>> <dev-01.xyz.com> WINRM EXEC 'PowerShell' ['-NoProfile',
>>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand',
>>> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABDAGgAYQBuAGQAcgBhACAAUABhAG4AZABlAHkAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMANwAwADgAOAA0ADYALgA1AC0AMgA4ADAAMwA0ADUANwA3ADkAMwAzADMAMAAyADUAXABlAHgAYwBoAC4AcABzADEAJwA=']
>>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out "\r\nWelcome to
>>> Microso", err "There is a pending r">'
>>> <dev-01.xyz.com> EXEC Set-StrictMode -Version Latest
>>> Remove-Item "C:\Users\Chandra
>>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025" -Force
>>> -Recurse;
>>> <dev-01.xyz.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>> u'-EncodedCommand',
>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEMAaABhAG4AZAByAGEAIABQAGEAbgBkAGUAeQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA3ADAAOAA4ADQANgAuADUALQAyADgAMAAzADQANQA3ADcAOQAzADMAMwAwADIANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwA=']
>>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out "", err "">'
>>> <dev-01.xyz.com> WINRM CLOSE SHELL: 2304FF63-3899-4A5F-AA24-67A3E8DAF0B1
>>> changed: [dev-01.xyz.com] => {"changed": true, "invocation":
>>> {"module_args": {"_raw_params": "exch.ps1"}, "module_name": "script"},
>>> "rc": 0, "stderr": "There is a pending reboot from a previous installation
>>> of a Windows Server role or feature. Please restart the computer and then
>>> run Setup again.\r\nYou must be a member of the 'Organization Management'
>>> role group or a member of the 'Enterprise Admins' group to continue.\r\nYou
>>> must use an account that's a member of the Organization Management role
>>> group to install or upgrade the first Mailbox server role in the
>>> topology.\r\nYou must use an account that's a member of the Organization
>>> Management role group to install the first Client Access server role in the
>>> topology.\r\nYou must use an account that's a member of the Organization
>>> Management role group to install the first Client Access server role in the
>>> topology.\r\nYou must use an account that's a member of the Organization
>>> Management role group to install or upgrade the first Mailbox server role
>>> in the topology.\r\nYou must use an account that's a member of the
>>> Organization Management role group to install or upgrade the first Client
>>> Access server role in the topology.\r\nYou must use an account that's a
>>> member of the Organization Management role group to install the first
>>> Mailbox server role in the topology.\r\nSetup encountered a problem while
>>> validating the state of Active Directory: Active Directory operation failed
>>> on . The supplied credential for 'ADS\\Chandra Pandey' is invalid. See the
>>> Exchange setup log for more information on this error.\r\nEither Active
>>> Directory doesn't exist, or it can't be contacted.\r\n", "stdout":
>>> "\r\nWelcome to Microsoft Exchange Server 2016 Unattended
>>> Setup\r\n\r\nCopying Files...\r\nFile copy complete.\r\nSetup will now
>>> collect additional information needed for installation.\r\n\r\n
>>> Languages\r\n Management tools\r\n Mailbox role: Transport
>>> service\r\n Mailbox role: Client Access service\r\n Mailbox role:
>>> Unified Messaging service\r\n Mailbox role: Mailbox service\r\n
>>> Mailbox role: Front End Transport service\r\n Mailbox role: Client
>>> Access Front End service\r\n\r\nPerforming Microsoft Exchange Server
>>> Prerequisite Check\r\n\r\n Configuring Prerequisites ... COMPLETED\r\n
>>> Prerequisite Analysis\r\n\r\nThe Exchange Server setup operation didn't
>>> complete. More details can be found in ExchangeSetup.log located in the
>>> <SystemDrive>:\\ExchangeSetupLogs folder.\r\n", "stdout_lines": ["",
>>> "Welcome to Microsoft Exchange Server 2016 Unattended Setup", "", "Copying
>>> Files...", "File copy complete.", "Setup will now collect additional
>>> information needed for installation.", "", " Languages", "
>>> Management tools", " Mailbox role: Transport service", " Mailbox
>>> role: Client Access service", " Mailbox role: Unified Messaging
>>> service", " Mailbox role: Mailbox service", " Mailbox role: Front
>>> End Transport service", " Mailbox role: Client Access Front End
>>> service", "", "Performing Microsoft Exchange Server Prerequisite Check",
>>> "", " Configuring Prerequisites ... COMPLETED", " Prerequisite Analysis",
>>> "", "The Exchange Server setup operation didn't complete. More details can
>>> be found in ExchangeSetup.log located in the
>>> <SystemDrive>:\\ExchangeSetupLogs folder."]}
>>>
>>>
>>> ==========
>>>
>>> event errors:
>>>
>>> The description for Event ID 4027 from source MSExchange ADAccess cannot
>>> be found. Either the component that raises this event is not installed on
>>> your local computer or the installation is corrupted. You can install or
>>> repair the component on the local computer.
>>>
>>> If the event originated on another computer, the display information had
>>> to be saved with the event.
>>>
>>> The following information was included with the event:
>>>
>>> ExSetup.exe
>>> 7044
>>> Get Servers for ads.xyz.com
>>> TopologyClientTcpEndpoint (localhost)
>>> 3
>>> System.ServiceModel.EndpointNotFoundException: Could not connect to
>>> net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The
>>> connection attempt lasted for a time span of 00:00:02.0468972. TCP error
>>> code 10061: No connection could be made because the target machine actively
>>> refused it [::1]:890. ---> System.Net.Sockets.SocketException: No
>>> connection could be made because the target machine actively refused it
>>> [::1]:890
>>> at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,
>>> SocketAddress socketAddress)
>>> at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
>>> at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri
>>> uri, TimeSpan timeout)
>>> --- End of inner exception stack trace ---
>>>
>>> Server stack trace:
>>> at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri
>>> uri, TimeSpan timeout)
>>> at
>>> System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri,
>>> TimeSpan timeout)
>>> at
>>> System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan
>>>
>>> timeout)
>>> at
>>> System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan
>>>
>>> timeout)
>>> at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
>>> timeout)
>>> at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan
>>> timeout)
>>> at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
>>> timeout)
>>>
>>> Exception rethrown at [0]:
>>> at
>>> System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
>>> reqMsg, IMessage retMsg)
>>> at
>>> System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
>>> msgData, Int32 type)
>>> at System.ServiceModel.ICommunicationObject.Open()
>>> at Microsoft.Exchange.Net.ServiceProxyPool`1.GetClient(Int32 retry,
>>> Boolean& doNotReturnProxyAfterRetry, Boolean useCache)
>>> at
>>> Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1
>>> action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32
>>> numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
>>>
>>> the message resource is present but the message is not found in the
>>> string/message table
>>>
>>>
>>> ======================
>>>
>>> The description for Event ID 106 from source MSExchange Common cannot be
>>> found. Either the component that raises this event is not installed on your
>>> local computer or the installation is corrupted. You can install or repair
>>> the component on the local computer.
>>>
>>> If the event originated on another computer, the display information had
>>> to be saved with the event.
>>>
>>> The following information was included with the event:
>>>
>>> 1
>>> Base for Average Latency
>>> MSExchange ServiceProxyPool
>>> The exception thrown is : System.InvalidOperationException: The
>>> requested Performance Counter is not a custom counter, it has to be
>>> initialized as ReadOnly.
>>> at System.Diagnostics.PerformanceCounter.InitializeImpl()
>>> at System.Diagnostics.PerformanceCounter.IncrementBy(Int64 value)
>>> at
>>> Microsoft.Exchange.Diagnostics.ExPerformanceCounter.IncrementBy(Int64
>>> incrementValue)
>>> Last worker process info : Last worker process info not available!
>>> Processes running while Performance counter failed to update:
>>> 6300 TrustedInstaller
>>> 1176 svchost
>>> 2548 vmtoolsd
>>> 4912 csrss
>>> 380 csrss
>>> 1364 inetinfo
>>> 5892 winrshost
>>> 5692 WMSvc
>>> 1948 svchost
>>> 1220 nsd
>>> 2336 SMSvcHost
>>> 6664 svchost
>>> 1152 svchost
>>> 560 lsass
>>> 6860 taskhostex
>>> 1740 rdpinput
>>> 1396 mqsvc
>>> 2132 vmtoolsd
>>> 752 LogonUI
>>> 944 svchost
>>> 4292 taskhostex
>>> 548 services
>>> 872 svchost
>>> 1728 splunkd
>>> 7044 ExSetup
>>> 4224 cmd
>>> 4084 splunk-winevtlog
>>> 5264 conhost
>>> 728 TabTip
>>> 4272 ccSvcHst
>>> 4456 dwm
>>> 1696 snmp
>>> 6616 VSSVC
>>> 1096 spoolsv
>>> 2868 unsecapp
>>> 2472 svchost
>>> 1940 conhost
>>> 5424 powershell
>>> 2860 WmiPrvSE
>>> 760 svchost
>>> 3248 svchost
>>> 484 winlogon
>>> 5800 taskhost
>>> 5404 AeXAgentUIHost
>>> 1660 ccSvcHst
>>> 3504 dllhost
>>> 4092 splunk-winprintmon
>>> 6576 WmiApSrv
>>> 2240 svchost
>>> 2040 uptmagnt
>>> 4776 AeXMetricProv
>>> 656 svchost
>>> 5184 AeXSMAppDetector
>>> 6364 TiWorker
>>> 452 csrss
>>> 252 smss
>>> 2368 setup
>>> 2020 svchost
>>> 2412 TabTip32
>>> 440 wininit
>>> 3196 svchost
>>> 2200 svchost
>>> 4376 AeXNSAgentHostSurrogate32
>>> 1420 SMSvcHost
>>> 6540 powershell
>>> 432 svchost
>>> 3780 splunk-perfmon
>>> 6536 conhost
>>> 624 svchost
>>> 1604 NPSrvHost
>>> 788 dwm
>>> 2192 putty
>>> 812 svchost
>>> 6524 conhost
>>> 4944 winlogon
>>> 2184 serversetup
>>> 4812 explorer
>>> 3364 splunk-wmi
>>> 3336 WmiPrvSE
>>> 2376 AeXNSAgent
>>> 4320 rdpclip
>>> 5128 AeXSMLogUpload
>>> 3748 msdtc
>>> 4 System
>>> 3484 NPSrvWatchdog
>>> 5212 conhost
>>> 0 Idle
>>> Performance Counters Layout information: FileMappingNotFoundException
>>> for category MSExchange ServiceProxyPool :
>>> Microsoft.Exchange.Diagnostics.FileMappingNotFoundException: Cound not open
>>> File mapping for name Global\netfxcustomperfcounters.1.0msexchange
>>> serviceproxypool. Error Details: 2
>>> at Microsoft.Exchange.Diagnostics.FileMapping.OpenFileMapping(String
>>> name, Boolean writable)
>>> at
>>> Microsoft.Exchange.Diagnostics.PerformanceCounterMemoryMappedFile.Initialize(String
>>>
>>> fileMappingName, Boolean writable)
>>> at
>>> Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetAllInstancesLayout(String
>>>
>>> categoryName)
>>>
>>>
>>>
>>> the message resource is present but the message is not found in the
>>> string/message table
>>>
>>>
>>> ============================
>>>
>>> Login Successfull on system
>>>
>>>
>>> An account was successfully logged on.
>>>
>>> Subject:
>>> Security ID: NULL SID
>>> Account Name: -
>>> Account Domain: -
>>> Logon ID: 0x0
>>>
>>> Logon Type: 3
>>>
>>> Impersonation Level: Impersonation
>>>
>>> New Logon:
>>> Security ID: ADS\Chandra Pandey
>>> Account Name: Chandra Pandey
>>> Account Domain: ADS
>>> Logon ID: 0xD475400
>>> Logon GUID: {10046cb6-9f06-048b-d251-f66c2878fa16}
>>>
>>> Process Information:
>>> Process ID: 0x0
>>> Process Name: -
>>>
>>> Network Information:
>>> Workstation Name:
>>> Source Network Address: -
>>> Source Port: -
>>>
>>> Detailed Authentication Information:
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Transited Services: -
>>> Package Name (NTLM only): -
>>> Key Length: 0
>>>
>>> This event is generated when a logon session is created. It is generated
>>> on the computer that was accessed.
>>>
>>> The subject fields indicate the account on the local system which
>>> requested the logon. This is most commonly a service such as the Server
>>> service, or a local process such as Winlogon.exe or Services.exe.
>>>
>>> The logon type field indicates the kind of logon that occurred. The most
>>> common types are 2 (interactive) and 3 (network).
>>>
>>> The New Logon fields indicate the account for whom the new logon was
>>> created, i.e. the account that was logged on.
>>>
>>> The network fields indicate where a remote logon request originated.
>>> Workstation name is not always available and may be left blank in some
>>> cases.
>>>
>>> The impersonation level field indicates the extent to which a process in
>>> the logon session can impersonate.
>>>
>>> The authentication information fields provide detailed information about
>>> this specific logon request.
>>> - Logon GUID is a unique identifier that can be used to correlate this
>>> event with a KDC event.
>>> - Transited services indicate which intermediate services have
>>> participated in this logon request.
>>> - Package name indicates which sub-protocol was used among the NTLM
>>> protocols.
>>> - Key length indicates the length of the generated session key. This
>>> will be 0 if no session key was requested.
>>>
>>> ===================
>>>
>>> Special privileges assigned to new logon.
>>>
>>> Subject:
>>> Security ID: ADS\Chandra Pandey
>>> Account Name: Chandra Pandey
>>> Account Domain: ADS
>>> Logon ID: 0xD475400
>>>
>>> Privileges: SeSecurityPrivilege
>>> SeBackupPrivilege
>>> SeRestorePrivilege
>>> SeTakeOwnershipPrivilege
>>> SeDebugPrivilege
>>> SeSystemEnvironmentPrivilege
>>> SeLoadDriverPrivilege
>>> SeImpersonatePrivilege
>>> SeEnableDelegationPrivilege
>>>
>>> =====================================================
>>>
>>>
>>>
>>>
>>>
>>>
>>> I am part of "Organization Management role group" in AD
>>>
>>> I am able to run ansible commands for dev-01 server with same
>>> ads\chandra pandey credentails but can't install exchange
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c33de7c1-c092-4134-a203-cf2b24be65be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
