I am getting below message after enable delegation , also pasting my , playbook ansible settings ... if you can review with yours?
======== [root@dev-testser-lx01 playbooks]# vi /etc/ansible/hosts [root@dev-testser-lx01 playbooks]# ansible-playbook win_exchange.yml -vvvv Using /etc/ansible/ansible.cfg as config file Loaded callback default of type stdout, v2.0 PLAYBOOK: win_exchange.yml ***************************************************** 1 plays in win_exchange.yml PLAY [install] ***************************************************************** TASK [install exchange] ******************************************************** task path: /etc/ansible/playbooks/win_exchange.yml:19 <dev-ansiblewn01.ads.xyz.com> ESTABLISH WINRM CONNECTION FOR USER: Chandra [email protected] on PORT 5986 TO dev-ansiblewn01.ads.xyz.com fatal: [dev-ansiblewn01.ads.xyz.com]: UNREACHABLE! => {"changed": false, "msg": "kerberos: 'module' object has no attribute 'util'", "unreachable": true} to retry, use: --limit @win_exchange.retry PLAY RECAP ********************************************************************* dev-ansiblewn01.ads.xyz.com : ok=0 changed=0 unreachable=1 failed=0 ==================== My hosts setting [wintestserverchandra] dev-ansiblewn01.ads.xyz.com [wintestserverchandra:vars] ansible_ssh_user = Chandra [email protected] #ansible_ssh_user = ADS\Chandra Pandey #ansible_ssh_pass = password #ansible_winrm_transport = ntlm ansible_winrm_transport = kerberos ansible_winrm_kerberos_delegation = yes ansible_connection = winrm ansible_ssh_port = 5986 ansible_winrm_server_cert_validation = ignore ~ ~ ================ My play book --- - name: install hosts: wintestserverchandra gather_facts: false tasks: - name: install exchange raw: 'D:\install\Exchange2016\.\Setup.exe /mode:Install /role:Mailbox /TargetDir:D:\Mailbox /IAcceptExchangeServerLicenseTerms' ~ ~ ~ ================= klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Chandra [email protected] Valid starting Expires Service principal 09/17/2016 09:12:06 09/17/2016 19:12:06 krbtgt/[email protected] renew until 09/18/2016 09:12:03 ================================ On Saturday, September 17, 2016 at 4:55:37 AM UTC+5:30, Matt Davis wrote: > > Worked fine for me using Kerberos delegation: > ansible_winrm_transport=kerberos and ansible_winrm_kerberos_delegation=yes. > The setup takes so ridiculously long that I didn't try it any other way, so > your mileage may vary. > > -Matt > > > On Friday, September 16, 2016 at 12:50:48 AM UTC-7, Chandra Pandey wrote: >> >> Hi, Thanks , will wait for your result ... >> >> >> On Friday, September 16, 2016 at 3:53:57 AM UTC+5:30, Matt Davis wrote: >>> >>> I'm actually undertaking the same task this week for a PoC demo, so I'll >>> let you know if I figure out the magic incantations to get it working. :) >>> >>> -Matt >>> >>> On Monday, September 12, 2016 at 12:48:49 PM UTC-7, Chandra Pandey wrote: >>>> >>>> I get error while installing fresh exchange 2016 server using ansible >>>> --- >>>> >>>> >>>> ExchangeSetup.log Error >>>> >>>> Active Directory operation failed on . The supplied credential for >>>> 'ADS\Chandra Pandey' is invalid. >>>> [09/12/2016 19:34:45.0055] [0] The supplied credential is invalid >>>> >>>> >>>> Ansible Error: >>>> >>>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out >>>> "C:\\Users\\Chandra Pan", err "">' >>>> <dev-01.xyz.com> PUT "/etc/ansible/playbooks/exch.ps1" TO >>>> "C:\Users\Chandra >>>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1" >>>> <dev-01.xyz.com> WINRM PUT "/etc/ansible/playbooks/exch.ps1" to >>>> "C:\Users\Chandra >>>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1" >>>> >>>> (offset=121 size=121) >>>> <dev-01.xyz.com> EXEC & 'C:\Users\Chandra >>>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1' >>>> <dev-01.xyz.com> WINRM EXEC 'PowerShell' ['-NoProfile', >>>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', >>>> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABDAGgAYQBuAGQAcgBhACAAUABhAG4AZABlAHkAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMANwAwADgAOAA0ADYALgA1AC0AMgA4ADAAMwA0ADUANwA3ADkAMwAzADMAMAAyADUAXABlAHgAYwBoAC4AcABzADEAJwA='] >>>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out "\r\nWelcome to >>>> Microso", err "There is a pending r">' >>>> <dev-01.xyz.com> EXEC Set-StrictMode -Version Latest >>>> Remove-Item "C:\Users\Chandra >>>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025" -Force >>>> -Recurse; >>>> <dev-01.xyz.com> WINRM EXEC u'PowerShell' [u'-NoProfile', >>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted', >>>> u'-EncodedCommand', >>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEMAaABhAG4AZAByAGEAIABQAGEAbgBkAGUAeQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA3ADAAOAA4ADQANgAuADUALQAyADgAMAAzADQANQA3ADcAOQAzADMAMwAwADIANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwA='] >>>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out "", err "">' >>>> <dev-01.xyz.com> WINRM CLOSE SHELL: >>>> 2304FF63-3899-4A5F-AA24-67A3E8DAF0B1 >>>> changed: [dev-01.xyz.com] => {"changed": true, "invocation": >>>> {"module_args": {"_raw_params": "exch.ps1"}, "module_name": "script"}, >>>> "rc": 0, "stderr": "There is a pending reboot from a previous installation >>>> of a Windows Server role or feature. Please restart the computer and then >>>> run Setup again.\r\nYou must be a member of the 'Organization Management' >>>> role group or a member of the 'Enterprise Admins' group to >>>> continue.\r\nYou >>>> must use an account that's a member of the Organization Management role >>>> group to install or upgrade the first Mailbox server role in the >>>> topology.\r\nYou must use an account that's a member of the Organization >>>> Management role group to install the first Client Access server role in >>>> the >>>> topology.\r\nYou must use an account that's a member of the Organization >>>> Management role group to install the first Client Access server role in >>>> the >>>> topology.\r\nYou must use an account that's a member of the Organization >>>> Management role group to install or upgrade the first Mailbox server role >>>> in the topology.\r\nYou must use an account that's a member of the >>>> Organization Management role group to install or upgrade the first Client >>>> Access server role in the topology.\r\nYou must use an account that's a >>>> member of the Organization Management role group to install the first >>>> Mailbox server role in the topology.\r\nSetup encountered a problem while >>>> validating the state of Active Directory: Active Directory operation >>>> failed >>>> on . The supplied credential for 'ADS\\Chandra Pandey' is invalid. See >>>> the >>>> Exchange setup log for more information on this error.\r\nEither Active >>>> Directory doesn't exist, or it can't be contacted.\r\n", "stdout": >>>> "\r\nWelcome to Microsoft Exchange Server 2016 Unattended >>>> Setup\r\n\r\nCopying Files...\r\nFile copy complete.\r\nSetup will now >>>> collect additional information needed for installation.\r\n\r\n >>>> Languages\r\n Management tools\r\n Mailbox role: Transport >>>> service\r\n Mailbox role: Client Access service\r\n Mailbox role: >>>> Unified Messaging service\r\n Mailbox role: Mailbox service\r\n >>>> Mailbox role: Front End Transport service\r\n Mailbox role: Client >>>> Access Front End service\r\n\r\nPerforming Microsoft Exchange Server >>>> Prerequisite Check\r\n\r\n Configuring Prerequisites ... COMPLETED\r\n >>>> Prerequisite Analysis\r\n\r\nThe Exchange Server setup operation didn't >>>> complete. More details can be found in ExchangeSetup.log located in the >>>> <SystemDrive>:\\ExchangeSetupLogs folder.\r\n", "stdout_lines": ["", >>>> "Welcome to Microsoft Exchange Server 2016 Unattended Setup", "", "Copying >>>> Files...", "File copy complete.", "Setup will now collect additional >>>> information needed for installation.", "", " Languages", " >>>> Management tools", " Mailbox role: Transport service", " Mailbox >>>> role: Client Access service", " Mailbox role: Unified Messaging >>>> service", " Mailbox role: Mailbox service", " Mailbox role: Front >>>> End Transport service", " Mailbox role: Client Access Front End >>>> service", "", "Performing Microsoft Exchange Server Prerequisite Check", >>>> "", " Configuring Prerequisites ... COMPLETED", " Prerequisite Analysis", >>>> "", "The Exchange Server setup operation didn't complete. More details >>>> can >>>> be found in ExchangeSetup.log located in the >>>> <SystemDrive>:\\ExchangeSetupLogs folder."]} >>>> >>>> >>>> ========== >>>> >>>> event errors: >>>> >>>> The description for Event ID 4027 from source MSExchange ADAccess >>>> cannot be found. Either the component that raises this event is not >>>> installed on your local computer or the installation is corrupted. You can >>>> install or repair the component on the local computer. >>>> >>>> If the event originated on another computer, the display information >>>> had to be saved with the event. >>>> >>>> The following information was included with the event: >>>> >>>> ExSetup.exe >>>> 7044 >>>> Get Servers for ads.xyz.com >>>> TopologyClientTcpEndpoint (localhost) >>>> 3 >>>> System.ServiceModel.EndpointNotFoundException: Could not connect to >>>> net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The >>>> connection attempt lasted for a time span of 00:00:02.0468972. TCP error >>>> code 10061: No connection could be made because the target machine >>>> actively >>>> refused it [::1]:890. ---> System.Net.Sockets.SocketException: No >>>> connection could be made because the target machine actively refused it >>>> [::1]:890 >>>> at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, >>>> SocketAddress socketAddress) >>>> at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) >>>> at >>>> System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, >>>> TimeSpan timeout) >>>> --- End of inner exception stack trace --- >>>> >>>> Server stack trace: >>>> at >>>> System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, >>>> TimeSpan timeout) >>>> at >>>> System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, >>>> TimeSpan timeout) >>>> at >>>> System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan >>>> >>>> timeout) >>>> at >>>> System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan >>>> >>>> timeout) >>>> at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan >>>> timeout) >>>> at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan >>>> timeout) >>>> at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan >>>> timeout) >>>> >>>> Exception rethrown at [0]: >>>> at >>>> System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage >>>> reqMsg, IMessage retMsg) >>>> at >>>> System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& >>>> msgData, Int32 type) >>>> at System.ServiceModel.ICommunicationObject.Open() >>>> at Microsoft.Exchange.Net.ServiceProxyPool`1.GetClient(Int32 retry, >>>> Boolean& doNotReturnProxyAfterRetry, Boolean useCache) >>>> at >>>> Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 >>>> action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 >>>> numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception) >>>> >>>> the message resource is present but the message is not found in the >>>> string/message table >>>> >>>> >>>> ====================== >>>> >>>> The description for Event ID 106 from source MSExchange Common cannot >>>> be found. Either the component that raises this event is not installed on >>>> your local computer or the installation is corrupted. You can install or >>>> repair the component on the local computer. >>>> >>>> If the event originated on another computer, the display information >>>> had to be saved with the event. >>>> >>>> The following information was included with the event: >>>> >>>> 1 >>>> Base for Average Latency >>>> MSExchange ServiceProxyPool >>>> The exception thrown is : System.InvalidOperationException: The >>>> requested Performance Counter is not a custom counter, it has to be >>>> initialized as ReadOnly. >>>> at System.Diagnostics.PerformanceCounter.InitializeImpl() >>>> at System.Diagnostics.PerformanceCounter.IncrementBy(Int64 value) >>>> at >>>> Microsoft.Exchange.Diagnostics.ExPerformanceCounter.IncrementBy(Int64 >>>> incrementValue) >>>> Last worker process info : Last worker process info not available! >>>> Processes running while Performance counter failed to update: >>>> 6300 TrustedInstaller >>>> 1176 svchost >>>> 2548 vmtoolsd >>>> 4912 csrss >>>> 380 csrss >>>> 1364 inetinfo >>>> 5892 winrshost >>>> 5692 WMSvc >>>> 1948 svchost >>>> 1220 nsd >>>> 2336 SMSvcHost >>>> 6664 svchost >>>> 1152 svchost >>>> 560 lsass >>>> 6860 taskhostex >>>> 1740 rdpinput >>>> 1396 mqsvc >>>> 2132 vmtoolsd >>>> 752 LogonUI >>>> 944 svchost >>>> 4292 taskhostex >>>> 548 services >>>> 872 svchost >>>> 1728 splunkd >>>> 7044 ExSetup >>>> 4224 cmd >>>> 4084 splunk-winevtlog >>>> 5264 conhost >>>> 728 TabTip >>>> 4272 ccSvcHst >>>> 4456 dwm >>>> 1696 snmp >>>> 6616 VSSVC >>>> 1096 spoolsv >>>> 2868 unsecapp >>>> 2472 svchost >>>> 1940 conhost >>>> 5424 powershell >>>> 2860 WmiPrvSE >>>> 760 svchost >>>> 3248 svchost >>>> 484 winlogon >>>> 5800 taskhost >>>> 5404 AeXAgentUIHost >>>> 1660 ccSvcHst >>>> 3504 dllhost >>>> 4092 splunk-winprintmon >>>> 6576 WmiApSrv >>>> 2240 svchost >>>> 2040 uptmagnt >>>> 4776 AeXMetricProv >>>> 656 svchost >>>> 5184 AeXSMAppDetector >>>> 6364 TiWorker >>>> 452 csrss >>>> 252 smss >>>> 2368 setup >>>> 2020 svchost >>>> 2412 TabTip32 >>>> 440 wininit >>>> 3196 svchost >>>> 2200 svchost >>>> 4376 AeXNSAgentHostSurrogate32 >>>> 1420 SMSvcHost >>>> 6540 powershell >>>> 432 svchost >>>> 3780 splunk-perfmon >>>> 6536 conhost >>>> 624 svchost >>>> 1604 NPSrvHost >>>> 788 dwm >>>> 2192 putty >>>> 812 svchost >>>> 6524 conhost >>>> 4944 winlogon >>>> 2184 serversetup >>>> 4812 explorer >>>> 3364 splunk-wmi >>>> 3336 WmiPrvSE >>>> 2376 AeXNSAgent >>>> 4320 rdpclip >>>> 5128 AeXSMLogUpload >>>> 3748 msdtc >>>> 4 System >>>> 3484 NPSrvWatchdog >>>> 5212 conhost >>>> 0 Idle >>>> Performance Counters Layout information: FileMappingNotFoundException >>>> for category MSExchange ServiceProxyPool : >>>> Microsoft.Exchange.Diagnostics.FileMappingNotFoundException: Cound not >>>> open >>>> File mapping for name Global\netfxcustomperfcounters.1.0msexchange >>>> serviceproxypool. Error Details: 2 >>>> at Microsoft.Exchange.Diagnostics.FileMapping.OpenFileMapping(String >>>> name, Boolean writable) >>>> at >>>> Microsoft.Exchange.Diagnostics.PerformanceCounterMemoryMappedFile.Initialize(String >>>> >>>> fileMappingName, Boolean writable) >>>> at >>>> Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetAllInstancesLayout(String >>>> >>>> categoryName) >>>> >>>> >>>> >>>> the message resource is present but the message is not found in the >>>> string/message table >>>> >>>> >>>> ============================ >>>> >>>> Login Successfull on system >>>> >>>> >>>> An account was successfully logged on. >>>> >>>> Subject: >>>> Security ID: NULL SID >>>> Account Name: - >>>> Account Domain: - >>>> Logon ID: 0x0 >>>> >>>> Logon Type: 3 >>>> >>>> Impersonation Level: Impersonation >>>> >>>> New Logon: >>>> Security ID: ADS\Chandra Pandey >>>> Account Name: Chandra Pandey >>>> Account Domain: ADS >>>> Logon ID: 0xD475400 >>>> Logon GUID: {10046cb6-9f06-048b-d251-f66c2878fa16} >>>> >>>> Process Information: >>>> Process ID: 0x0 >>>> Process Name: - >>>> >>>> Network Information: >>>> Workstation Name: >>>> Source Network Address: - >>>> Source Port: - >>>> >>>> Detailed Authentication Information: >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Transited Services: - >>>> Package Name (NTLM only): - >>>> Key Length: 0 >>>> >>>> This event is generated when a logon session is created. It is >>>> generated on the computer that was accessed. >>>> >>>> The subject fields indicate the account on the local system which >>>> requested the logon. This is most commonly a service such as the Server >>>> service, or a local process such as Winlogon.exe or Services.exe. >>>> >>>> The logon type field indicates the kind of logon that occurred. The >>>> most common types are 2 (interactive) and 3 (network). >>>> >>>> The New Logon fields indicate the account for whom the new logon was >>>> created, i.e. the account that was logged on. >>>> >>>> The network fields indicate where a remote logon request originated. >>>> Workstation name is not always available and may be left blank in some >>>> cases. >>>> >>>> The impersonation level field indicates the extent to which a process >>>> in the logon session can impersonate. >>>> >>>> The authentication information fields provide detailed information >>>> about this specific logon request. >>>> - Logon GUID is a unique identifier that can be used to correlate this >>>> event with a KDC event. >>>> - Transited services indicate which intermediate services have >>>> participated in this logon request. >>>> - Package name indicates which sub-protocol was used among the NTLM >>>> protocols. >>>> - Key length indicates the length of the generated session key. This >>>> will be 0 if no session key was requested. >>>> >>>> =================== >>>> >>>> Special privileges assigned to new logon. >>>> >>>> Subject: >>>> Security ID: ADS\Chandra Pandey >>>> Account Name: Chandra Pandey >>>> Account Domain: ADS >>>> Logon ID: 0xD475400 >>>> >>>> Privileges: SeSecurityPrivilege >>>> SeBackupPrivilege >>>> SeRestorePrivilege >>>> SeTakeOwnershipPrivilege >>>> SeDebugPrivilege >>>> SeSystemEnvironmentPrivilege >>>> SeLoadDriverPrivilege >>>> SeImpersonatePrivilege >>>> SeEnableDelegationPrivilege >>>> >>>> ===================================================== >>>> >>>> >>>> >>>> >>>> >>>> >>>> I am part of "Organization Management role group" in AD >>>> >>>> I am able to run ansible commands for dev-01 server with same >>>> ads\chandra pandey credentails but can't install exchange >>>> >>>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/15bd70d8-b50a-4894-bd2a-b1ecc25702de%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
