I am getting below message after enable delegation , also pasting my , 
playbook ansible settings ... if you can review with yours? 


========
[root@dev-testser-lx01 playbooks]# vi /etc/ansible/hosts
[root@dev-testser-lx01 playbooks]# ansible-playbook win_exchange.yml -vvvv
Using /etc/ansible/ansible.cfg as config file
Loaded callback default of type stdout, v2.0

PLAYBOOK: win_exchange.yml 
*****************************************************
1 plays in win_exchange.yml

PLAY [install] 
*****************************************************************

TASK [install exchange] 
********************************************************
task path: /etc/ansible/playbooks/win_exchange.yml:19
<dev-ansiblewn01.ads.xyz.com> ESTABLISH WINRM CONNECTION FOR USER: Chandra 
pan...@ads.xyz.com on PORT 5986 TO dev-ansiblewn01.ads.xyz.com
fatal: [dev-ansiblewn01.ads.xyz.com]: UNREACHABLE! => {"changed": false, 
"msg": "kerberos: 'module' object has no attribute 'util'", "unreachable": 
true}
        to retry, use: --limit @win_exchange.retry

PLAY RECAP 
*********************************************************************
dev-ansiblewn01.ads.xyz.com : ok=0    changed=0    unreachable=1    failed=0

====================

My hosts setting 




[wintestserverchandra]
dev-ansiblewn01.ads.xyz.com
[wintestserverchandra:vars]
ansible_ssh_user = Chandra pan...@ads.xyz.com
#ansible_ssh_user = ADS\Chandra Pandey
#ansible_ssh_pass = password
#ansible_winrm_transport = ntlm
ansible_winrm_transport = kerberos
ansible_winrm_kerberos_delegation = yes
ansible_connection = winrm
ansible_ssh_port = 5986
ansible_winrm_server_cert_validation = ignore
~
~

================

My play book 

---
- name: install

  hosts: wintestserverchandra
  gather_facts: false
  tasks:
     - name: install exchange
       raw: 'D:\install\Exchange2016\.\Setup.exe /mode:Install 
/role:Mailbox /TargetDir:D:\Mailbox /IAcceptExchangeServerLicenseTerms'
      
~
~
~
=================

klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Chandra pan...@ads.xyz.com

Valid starting       Expires              Service principal
09/17/2016 09:12:06  09/17/2016 19:12:06  krbtgt/ads.xyz....@ads.xyz.com
        renew until 09/18/2016 09:12:03


On Tuesday, September 13, 2016 at 2:17:58 AM UTC+5:30, J Hawkesworth wrote:
>
> Can you share you playbook for creating Exchange?
>
> Is there anything useful in 
> <SystemDrive>:\\ExchangeSetupLogs\\ExchangeSetup.log ?
>
> One of the errors was about being unable to talk to a local port.  Does 
> there need to be some firewall configuration before running this step?
>
> I think it is possible that you need auth delegation (I don't know 
> anything about Exchange architecture, but if it requires talking to other 
> windows hosts during installation it might need auth delegation.
>
> To use auth delegation, ensure you are running pywinrm 0.2.0 and set the 
> following in your windows group_vars/ inventory:
>
> ansible_winrm_transport: kerberos
> ansible_winrm_kerberos_delegation: yes
>
> I hope the above helps, please let us know how you get on.
>
> Jon
>
> On Monday, September 12, 2016 at 8:48:49 PM UTC+1, Chandra Pandey wrote:
>>
>> I get error while installing fresh exchange 2016 server using ansible --- 
>>
>>
>> ExchangeSetup.log Error 
>>
>> Active Directory operation failed on . The supplied credential for 
>> 'ADS\Chandra Pandey' is invalid.
>> [09/12/2016 19:34:45.0055] [0] The supplied credential is invalid
>>
>>
>> Ansible Error: 
>>
>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out 
>> "C:\\Users\\Chandra Pan", err "">'
>> <dev-01.xyz.com> PUT "/etc/ansible/playbooks/exch.ps1" TO 
>> "C:\Users\Chandra 
>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1"
>> <dev-01.xyz.com> WINRM PUT "/etc/ansible/playbooks/exch.ps1" to 
>> "C:\Users\Chandra 
>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1" 
>> (offset=121 size=121)
>> <dev-01.xyz.com> EXEC &  'C:\Users\Chandra 
>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1'
>> <dev-01.xyz.com> WINRM EXEC 'PowerShell' ['-NoProfile', 
>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', 
>> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABDAGgAYQBuAGQAcgBhACAAUABhAG4AZABlAHkAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMANwAwADgAOAA0ADYALgA1AC0AMgA4ADAAMwA0ADUANwA3ADkAMwAzADMAMAAyADUAXABlAHgAYwBoAC4AcABzADEAJwA=']
>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out "\r\nWelcome to 
>> Microso", err "There is a pending r">'
>> <dev-01.xyz.com> EXEC Set-StrictMode -Version Latest
>> Remove-Item "C:\Users\Chandra 
>> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025" -Force 
>> -Recurse;
>> <dev-01.xyz.com> WINRM EXEC u'PowerShell' [u'-NoProfile', 
>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted', 
>> u'-EncodedCommand', 
>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEMAaABhAG4AZAByAGEAIABQAGEAbgBkAGUAeQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA3ADAAOAA4ADQANgAuADUALQAyADgAMAAzADQANQA3ADcAOQAzADMAMwAwADIANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwA=']
>> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out "", err "">'
>> <dev-01.xyz.com> WINRM CLOSE SHELL: 2304FF63-3899-4A5F-AA24-67A3E8DAF0B1
>> changed: [dev-01.xyz.com] => {"changed": true, "invocation": 
>> {"module_args": {"_raw_params": "exch.ps1"}, "module_name": "script"}, 
>> "rc": 0, "stderr": "There is a pending reboot from a previous installation 
>> of a Windows Server role or feature. Please restart the computer and then 
>> run Setup again.\r\nYou must be a member of the 'Organization Management' 
>> role group or a member of the 'Enterprise Admins' group to continue.\r\nYou 
>> must use an account that's a member of the Organization Management role 
>> group to install or upgrade the first Mailbox server role in the 
>> topology.\r\nYou must use an account that's a member of the Organization 
>> Management role group to install the first Client Access server role in the 
>> topology.\r\nYou must use an account that's a member of the Organization 
>> Management role group to install the first Client Access server role in the 
>> topology.\r\nYou must use an account that's a member of the Organization 
>> Management role group to install or upgrade the first Mailbox server role 
>> in the topology.\r\nYou must use an account that's a member of the 
>> Organization Management role group to install or upgrade the first Client 
>> Access server role in the topology.\r\nYou must use an account that's a 
>> member of the Organization Management role group to install the first 
>> Mailbox server role in the topology.\r\nSetup encountered a problem while 
>> validating the state of Active Directory: Active Directory operation failed 
>> on . The supplied credential for 'ADS\\Chandra Pandey' is invalid.  See the 
>> Exchange setup log for more information on this error.\r\nEither Active 
>> Directory doesn't exist, or it can't be contacted.\r\n", "stdout": 
>> "\r\nWelcome to Microsoft Exchange Server 2016 Unattended 
>> Setup\r\n\r\nCopying Files...\r\nFile copy complete.\r\nSetup will now 
>> collect additional information needed for installation.\r\n\r\n     
>> Languages\r\n     Management tools\r\n     Mailbox role: Transport 
>> service\r\n     Mailbox role: Client Access service\r\n     Mailbox role: 
>> Unified Messaging service\r\n     Mailbox role: Mailbox service\r\n     
>> Mailbox role: Front End Transport service\r\n     Mailbox role: Client 
>> Access Front End service\r\n\r\nPerforming Microsoft Exchange Server 
>> Prerequisite Check\r\n\r\n Configuring Prerequisites ... COMPLETED\r\n 
>> Prerequisite Analysis\r\n\r\nThe Exchange Server setup operation didn't 
>> complete.  More details can be found in ExchangeSetup.log located in the 
>> <SystemDrive>:\\ExchangeSetupLogs folder.\r\n", "stdout_lines": ["", 
>> "Welcome to Microsoft Exchange Server 2016 Unattended Setup", "", "Copying 
>> Files...", "File copy complete.", "Setup will now collect additional 
>> information needed for installation.", "", "     Languages", "     
>> Management tools", "     Mailbox role: Transport service", "     Mailbox 
>> role: Client Access service", "     Mailbox role: Unified Messaging 
>> service", "     Mailbox role: Mailbox service", "     Mailbox role: Front 
>> End Transport service", "     Mailbox role: Client Access Front End 
>> service", "", "Performing Microsoft Exchange Server Prerequisite Check", 
>> "", " Configuring Prerequisites ... COMPLETED", " Prerequisite Analysis", 
>> "", "The Exchange Server setup operation didn't complete.  More details can 
>> be found in ExchangeSetup.log located in the 
>> <SystemDrive>:\\ExchangeSetupLogs folder."]}
>>
>>
>> ==========
>>
>> event errors:
>>
>> The description for Event ID 4027 from source MSExchange ADAccess cannot 
>> be found. Either the component that raises this event is not installed on 
>> your local computer or the installation is corrupted. You can install or 
>> repair the component on the local computer.
>>
>> If the event originated on another computer, the display information had 
>> to be saved with the event.
>>
>> The following information was included with the event: 
>>
>> ExSetup.exe
>> 7044
>> Get Servers for ads.xyz.com
>> TopologyClientTcpEndpoint (localhost)
>> 3
>> System.ServiceModel.EndpointNotFoundException: Could not connect to 
>> net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The 
>> connection attempt lasted for a time span of 00:00:02.0468972. TCP error 
>> code 10061: No connection could be made because the target machine actively 
>> refused it [::1]:890.  ---> System.Net.Sockets.SocketException: No 
>> connection could be made because the target machine actively refused it 
>> [::1]:890
>>    at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, 
>> SocketAddress socketAddress)
>>    at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
>>    at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri 
>> uri, TimeSpan timeout)
>>    --- End of inner exception stack trace ---
>>
>> Server stack trace: 
>>    at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri 
>> uri, TimeSpan timeout)
>>    at 
>> System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, 
>> TimeSpan timeout)
>>    at 
>> System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan
>>  
>> timeout)
>>    at 
>> System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan
>>  
>> timeout)
>>    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan 
>> timeout)
>>    at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
>>    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan 
>> timeout)
>>
>> Exception rethrown at [0]: 
>>    at 
>> System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage 
>> reqMsg, IMessage retMsg)
>>    at 
>> System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& 
>> msgData, Int32 type)
>>    at System.ServiceModel.ICommunicationObject.Open()
>>    at Microsoft.Exchange.Net.ServiceProxyPool`1.GetClient(Int32 retry, 
>> Boolean& doNotReturnProxyAfterRetry, Boolean useCache)
>>    at 
>> Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 
>> action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 
>> numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
>>
>> the message resource is present but the message is not found in the 
>> string/message table
>>
>>
>> ======================
>>
>> The description for Event ID 106 from source MSExchange Common cannot be 
>> found. Either the component that raises this event is not installed on your 
>> local computer or the installation is corrupted. You can install or repair 
>> the component on the local computer.
>>
>> If the event originated on another computer, the display information had 
>> to be saved with the event.
>>
>> The following information was included with the event: 
>>
>> 1
>> Base for Average Latency
>> MSExchange ServiceProxyPool
>> The exception thrown is : System.InvalidOperationException: The requested 
>> Performance Counter is not a custom counter, it has to be initialized as 
>> ReadOnly.
>>    at System.Diagnostics.PerformanceCounter.InitializeImpl()
>>    at System.Diagnostics.PerformanceCounter.IncrementBy(Int64 value)
>>    at 
>> Microsoft.Exchange.Diagnostics.ExPerformanceCounter.IncrementBy(Int64 
>> incrementValue)
>> Last worker process info : Last worker process info not available!
>> Processes running while Performance counter failed to update: 
>> 6300 TrustedInstaller
>> 1176 svchost
>> 2548 vmtoolsd
>> 4912 csrss
>> 380 csrss
>> 1364 inetinfo
>> 5892 winrshost
>> 5692 WMSvc
>> 1948 svchost
>> 1220 nsd
>> 2336 SMSvcHost
>> 6664 svchost
>> 1152 svchost
>> 560 lsass
>> 6860 taskhostex
>> 1740 rdpinput
>> 1396 mqsvc
>> 2132 vmtoolsd
>> 752 LogonUI
>> 944 svchost
>> 4292 taskhostex
>> 548 services
>> 872 svchost
>> 1728 splunkd
>> 7044 ExSetup
>> 4224 cmd
>> 4084 splunk-winevtlog
>> 5264 conhost
>> 728 TabTip
>> 4272 ccSvcHst
>> 4456 dwm
>> 1696 snmp
>> 6616 VSSVC
>> 1096 spoolsv
>> 2868 unsecapp
>> 2472 svchost
>> 1940 conhost
>> 5424 powershell
>> 2860 WmiPrvSE
>> 760 svchost
>> 3248 svchost
>> 484 winlogon
>> 5800 taskhost
>> 5404 AeXAgentUIHost
>> 1660 ccSvcHst
>> 3504 dllhost
>> 4092 splunk-winprintmon
>> 6576 WmiApSrv
>> 2240 svchost
>> 2040 uptmagnt
>> 4776 AeXMetricProv
>> 656 svchost
>> 5184 AeXSMAppDetector
>> 6364 TiWorker
>> 452 csrss
>> 252 smss
>> 2368 setup
>> 2020 svchost
>> 2412 TabTip32
>> 440 wininit
>> 3196 svchost
>> 2200 svchost
>> 4376 AeXNSAgentHostSurrogate32
>> 1420 SMSvcHost
>> 6540 powershell
>> 432 svchost
>> 3780 splunk-perfmon
>> 6536 conhost
>> 624 svchost
>> 1604 NPSrvHost
>> 788 dwm
>> 2192 putty
>> 812 svchost
>> 6524 conhost
>> 4944 winlogon
>> 2184 serversetup
>> 4812 explorer
>> 3364 splunk-wmi
>> 3336 WmiPrvSE
>> 2376 AeXNSAgent
>> 4320 rdpclip
>> 5128 AeXSMLogUpload
>> 3748 msdtc
>> 4 System
>> 3484 NPSrvWatchdog
>> 5212 conhost
>> 0 Idle
>> Performance Counters Layout information: FileMappingNotFoundException for 
>> category MSExchange ServiceProxyPool : 
>> Microsoft.Exchange.Diagnostics.FileMappingNotFoundException: Cound not open 
>> File mapping for name Global\netfxcustomperfcounters.1.0msexchange 
>> serviceproxypool. Error Details: 2
>>    at Microsoft.Exchange.Diagnostics.FileMapping.OpenFileMapping(String 
>> name, Boolean writable)
>>    at 
>> Microsoft.Exchange.Diagnostics.PerformanceCounterMemoryMappedFile.Initialize(String
>>  
>> fileMappingName, Boolean writable)
>>    at 
>> Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetAllInstancesLayout(String
>>  
>> categoryName)
>>
>>
>>
>> the message resource is present but the message is not found in the 
>> string/message table
>>
>>
>> ============================
>>
>> Login Successfull on system 
>>
>>
>> An account was successfully logged on.
>>
>> Subject:
>> Security ID: NULL SID
>> Account Name: -
>> Account Domain: -
>> Logon ID: 0x0
>>
>> Logon Type: 3
>>
>> Impersonation Level: Impersonation
>>
>> New Logon:
>> Security ID: ADS\Chandra Pandey
>> Account Name: Chandra Pandey
>> Account Domain: ADS
>> Logon ID: 0xD475400
>> Logon GUID: {10046cb6-9f06-048b-d251-f66c2878fa16}
>>
>> Process Information:
>> Process ID: 0x0
>> Process Name: -
>>
>> Network Information:
>> Workstation Name: 
>> Source Network Address: -
>> Source Port: -
>>
>> Detailed Authentication Information:
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Transited Services: -
>> Package Name (NTLM only): -
>> Key Length: 0
>>
>> This event is generated when a logon session is created. It is generated 
>> on the computer that was accessed.
>>
>> The subject fields indicate the account on the local system which 
>> requested the logon. This is most commonly a service such as the Server 
>> service, or a local process such as Winlogon.exe or Services.exe.
>>
>> The logon type field indicates the kind of logon that occurred. The most 
>> common types are 2 (interactive) and 3 (network).
>>
>> The New Logon fields indicate the account for whom the new logon was 
>> created, i.e. the account that was logged on.
>>
>> The network fields indicate where a remote logon request originated. 
>> Workstation name is not always available and may be left blank in some 
>> cases.
>>
>> The impersonation level field indicates the extent to which a process in 
>> the logon session can impersonate.
>>
>> The authentication information fields provide detailed information about 
>> this specific logon request.
>> - Logon GUID is a unique identifier that can be used to correlate this 
>> event with a KDC event.
>> - Transited services indicate which intermediate services have 
>> participated in this logon request.
>> - Package name indicates which sub-protocol was used among the NTLM 
>> protocols.
>> - Key length indicates the length of the generated session key. This will 
>> be 0 if no session key was requested.
>>
>> ===================
>>
>> Special privileges assigned to new logon.
>>
>> Subject:
>> Security ID: ADS\Chandra Pandey
>> Account Name: Chandra Pandey
>> Account Domain: ADS
>> Logon ID: 0xD475400
>>
>> Privileges: SeSecurityPrivilege
>> SeBackupPrivilege
>> SeRestorePrivilege
>> SeTakeOwnershipPrivilege
>> SeDebugPrivilege
>> SeSystemEnvironmentPrivilege
>> SeLoadDriverPrivilege
>> SeImpersonatePrivilege
>> SeEnableDelegationPrivilege
>>
>> ===================================================== 
>>
>>
>>
>>
>>
>>
>> I am part of "Organization Management role group" in AD
>>
>> I am able to run ansible commands for dev-01 server with same ads\chandra 
>> pandey credentails but can't install exchange 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6ad25a1f-96d9-4315-8876-6aad796d4331%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to