I am getting below message after enable delegation , also pasting my , playbook ansible settings ... if you can review with yours?
======== [root@dev-testser-lx01 playbooks]# vi /etc/ansible/hosts [root@dev-testser-lx01 playbooks]# ansible-playbook win_exchange.yml -vvvv Using /etc/ansible/ansible.cfg as config file Loaded callback default of type stdout, v2.0 PLAYBOOK: win_exchange.yml ***************************************************** 1 plays in win_exchange.yml PLAY [install] ***************************************************************** TASK [install exchange] ******************************************************** task path: /etc/ansible/playbooks/win_exchange.yml:19 <dev-ansiblewn01.ads.xyz.com> ESTABLISH WINRM CONNECTION FOR USER: Chandra [email protected] on PORT 5986 TO dev-ansiblewn01.ads.xyz.com fatal: [dev-ansiblewn01.ads.xyz.com]: UNREACHABLE! => {"changed": false, "msg": "kerberos: 'module' object has no attribute 'util'", "unreachable": true} to retry, use: --limit @win_exchange.retry PLAY RECAP ********************************************************************* dev-ansiblewn01.ads.xyz.com : ok=0 changed=0 unreachable=1 failed=0 ==================== My hosts setting [wintestserverchandra] dev-ansiblewn01.ads.xyz.com [wintestserverchandra:vars] ansible_ssh_user = Chandra [email protected] #ansible_ssh_user = ADS\Chandra Pandey #ansible_ssh_pass = password #ansible_winrm_transport = ntlm ansible_winrm_transport = kerberos ansible_winrm_kerberos_delegation = yes ansible_connection = winrm ansible_ssh_port = 5986 ansible_winrm_server_cert_validation = ignore ~ ~ ================ My play book --- - name: install hosts: wintestserverchandra gather_facts: false tasks: - name: install exchange raw: 'D:\install\Exchange2016\.\Setup.exe /mode:Install /role:Mailbox /TargetDir:D:\Mailbox /IAcceptExchangeServerLicenseTerms' ~ ~ ~ ================= klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Chandra [email protected] Valid starting Expires Service principal 09/17/2016 09:12:06 09/17/2016 19:12:06 krbtgt/[email protected] renew until 09/18/2016 09:12:03 On Tuesday, September 13, 2016 at 2:17:58 AM UTC+5:30, J Hawkesworth wrote: > > Can you share you playbook for creating Exchange? > > Is there anything useful in > <SystemDrive>:\\ExchangeSetupLogs\\ExchangeSetup.log ? > > One of the errors was about being unable to talk to a local port. Does > there need to be some firewall configuration before running this step? > > I think it is possible that you need auth delegation (I don't know > anything about Exchange architecture, but if it requires talking to other > windows hosts during installation it might need auth delegation. > > To use auth delegation, ensure you are running pywinrm 0.2.0 and set the > following in your windows group_vars/ inventory: > > ansible_winrm_transport: kerberos > ansible_winrm_kerberos_delegation: yes > > I hope the above helps, please let us know how you get on. > > Jon > > On Monday, September 12, 2016 at 8:48:49 PM UTC+1, Chandra Pandey wrote: >> >> I get error while installing fresh exchange 2016 server using ansible --- >> >> >> ExchangeSetup.log Error >> >> Active Directory operation failed on . The supplied credential for >> 'ADS\Chandra Pandey' is invalid. >> [09/12/2016 19:34:45.0055] [0] The supplied credential is invalid >> >> >> Ansible Error: >> >> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out >> "C:\\Users\\Chandra Pan", err "">' >> <dev-01.xyz.com> PUT "/etc/ansible/playbooks/exch.ps1" TO >> "C:\Users\Chandra >> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1" >> <dev-01.xyz.com> WINRM PUT "/etc/ansible/playbooks/exch.ps1" to >> "C:\Users\Chandra >> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1" >> (offset=121 size=121) >> <dev-01.xyz.com> EXEC & 'C:\Users\Chandra >> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025\exch.ps1' >> <dev-01.xyz.com> WINRM EXEC 'PowerShell' ['-NoProfile', >> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', >> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABDAGgAYQBuAGQAcgBhACAAUABhAG4AZABlAHkAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMANwAwADgAOAA0ADYALgA1AC0AMgA4ADAAMwA0ADUANwA3ADkAMwAzADMAMAAyADUAXABlAHgAYwBoAC4AcABzADEAJwA='] >> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out "\r\nWelcome to >> Microso", err "There is a pending r">' >> <dev-01.xyz.com> EXEC Set-StrictMode -Version Latest >> Remove-Item "C:\Users\Chandra >> Pandey\AppData\Local\Temp\ansible-tmp-1473708846.5-280345779333025" -Force >> -Recurse; >> <dev-01.xyz.com> WINRM EXEC u'PowerShell' [u'-NoProfile', >> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted', >> u'-EncodedCommand', >> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEMAaABhAG4AZAByAGEAIABQAGEAbgBkAGUAeQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA3ADAAOAA4ADQANgAuADUALQAyADgAMAAzADQANQA3ADcAOQAzADMAMwAwADIANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwA='] >> <dev-01.xyz.com> WINRM RESULT u'<Response code 0, out "", err "">' >> <dev-01.xyz.com> WINRM CLOSE SHELL: 2304FF63-3899-4A5F-AA24-67A3E8DAF0B1 >> changed: [dev-01.xyz.com] => {"changed": true, "invocation": >> {"module_args": {"_raw_params": "exch.ps1"}, "module_name": "script"}, >> "rc": 0, "stderr": "There is a pending reboot from a previous installation >> of a Windows Server role or feature. Please restart the computer and then >> run Setup again.\r\nYou must be a member of the 'Organization Management' >> role group or a member of the 'Enterprise Admins' group to continue.\r\nYou >> must use an account that's a member of the Organization Management role >> group to install or upgrade the first Mailbox server role in the >> topology.\r\nYou must use an account that's a member of the Organization >> Management role group to install the first Client Access server role in the >> topology.\r\nYou must use an account that's a member of the Organization >> Management role group to install the first Client Access server role in the >> topology.\r\nYou must use an account that's a member of the Organization >> Management role group to install or upgrade the first Mailbox server role >> in the topology.\r\nYou must use an account that's a member of the >> Organization Management role group to install or upgrade the first Client >> Access server role in the topology.\r\nYou must use an account that's a >> member of the Organization Management role group to install the first >> Mailbox server role in the topology.\r\nSetup encountered a problem while >> validating the state of Active Directory: Active Directory operation failed >> on . The supplied credential for 'ADS\\Chandra Pandey' is invalid. See the >> Exchange setup log for more information on this error.\r\nEither Active >> Directory doesn't exist, or it can't be contacted.\r\n", "stdout": >> "\r\nWelcome to Microsoft Exchange Server 2016 Unattended >> Setup\r\n\r\nCopying Files...\r\nFile copy complete.\r\nSetup will now >> collect additional information needed for installation.\r\n\r\n >> Languages\r\n Management tools\r\n Mailbox role: Transport >> service\r\n Mailbox role: Client Access service\r\n Mailbox role: >> Unified Messaging service\r\n Mailbox role: Mailbox service\r\n >> Mailbox role: Front End Transport service\r\n Mailbox role: Client >> Access Front End service\r\n\r\nPerforming Microsoft Exchange Server >> Prerequisite Check\r\n\r\n Configuring Prerequisites ... COMPLETED\r\n >> Prerequisite Analysis\r\n\r\nThe Exchange Server setup operation didn't >> complete. More details can be found in ExchangeSetup.log located in the >> <SystemDrive>:\\ExchangeSetupLogs folder.\r\n", "stdout_lines": ["", >> "Welcome to Microsoft Exchange Server 2016 Unattended Setup", "", "Copying >> Files...", "File copy complete.", "Setup will now collect additional >> information needed for installation.", "", " Languages", " >> Management tools", " Mailbox role: Transport service", " Mailbox >> role: Client Access service", " Mailbox role: Unified Messaging >> service", " Mailbox role: Mailbox service", " Mailbox role: Front >> End Transport service", " Mailbox role: Client Access Front End >> service", "", "Performing Microsoft Exchange Server Prerequisite Check", >> "", " Configuring Prerequisites ... COMPLETED", " Prerequisite Analysis", >> "", "The Exchange Server setup operation didn't complete. More details can >> be found in ExchangeSetup.log located in the >> <SystemDrive>:\\ExchangeSetupLogs folder."]} >> >> >> ========== >> >> event errors: >> >> The description for Event ID 4027 from source MSExchange ADAccess cannot >> be found. Either the component that raises this event is not installed on >> your local computer or the installation is corrupted. You can install or >> repair the component on the local computer. >> >> If the event originated on another computer, the display information had >> to be saved with the event. >> >> The following information was included with the event: >> >> ExSetup.exe >> 7044 >> Get Servers for ads.xyz.com >> TopologyClientTcpEndpoint (localhost) >> 3 >> System.ServiceModel.EndpointNotFoundException: Could not connect to >> net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The >> connection attempt lasted for a time span of 00:00:02.0468972. TCP error >> code 10061: No connection could be made because the target machine actively >> refused it [::1]:890. ---> System.Net.Sockets.SocketException: No >> connection could be made because the target machine actively refused it >> [::1]:890 >> at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, >> SocketAddress socketAddress) >> at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) >> at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri >> uri, TimeSpan timeout) >> --- End of inner exception stack trace --- >> >> Server stack trace: >> at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri >> uri, TimeSpan timeout) >> at >> System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, >> TimeSpan timeout) >> at >> System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan >> >> timeout) >> at >> System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan >> >> timeout) >> at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan >> timeout) >> at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) >> at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan >> timeout) >> >> Exception rethrown at [0]: >> at >> System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage >> reqMsg, IMessage retMsg) >> at >> System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& >> msgData, Int32 type) >> at System.ServiceModel.ICommunicationObject.Open() >> at Microsoft.Exchange.Net.ServiceProxyPool`1.GetClient(Int32 retry, >> Boolean& doNotReturnProxyAfterRetry, Boolean useCache) >> at >> Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 >> action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 >> numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception) >> >> the message resource is present but the message is not found in the >> string/message table >> >> >> ====================== >> >> The description for Event ID 106 from source MSExchange Common cannot be >> found. Either the component that raises this event is not installed on your >> local computer or the installation is corrupted. You can install or repair >> the component on the local computer. >> >> If the event originated on another computer, the display information had >> to be saved with the event. >> >> The following information was included with the event: >> >> 1 >> Base for Average Latency >> MSExchange ServiceProxyPool >> The exception thrown is : System.InvalidOperationException: The requested >> Performance Counter is not a custom counter, it has to be initialized as >> ReadOnly. >> at System.Diagnostics.PerformanceCounter.InitializeImpl() >> at System.Diagnostics.PerformanceCounter.IncrementBy(Int64 value) >> at >> Microsoft.Exchange.Diagnostics.ExPerformanceCounter.IncrementBy(Int64 >> incrementValue) >> Last worker process info : Last worker process info not available! >> Processes running while Performance counter failed to update: >> 6300 TrustedInstaller >> 1176 svchost >> 2548 vmtoolsd >> 4912 csrss >> 380 csrss >> 1364 inetinfo >> 5892 winrshost >> 5692 WMSvc >> 1948 svchost >> 1220 nsd >> 2336 SMSvcHost >> 6664 svchost >> 1152 svchost >> 560 lsass >> 6860 taskhostex >> 1740 rdpinput >> 1396 mqsvc >> 2132 vmtoolsd >> 752 LogonUI >> 944 svchost >> 4292 taskhostex >> 548 services >> 872 svchost >> 1728 splunkd >> 7044 ExSetup >> 4224 cmd >> 4084 splunk-winevtlog >> 5264 conhost >> 728 TabTip >> 4272 ccSvcHst >> 4456 dwm >> 1696 snmp >> 6616 VSSVC >> 1096 spoolsv >> 2868 unsecapp >> 2472 svchost >> 1940 conhost >> 5424 powershell >> 2860 WmiPrvSE >> 760 svchost >> 3248 svchost >> 484 winlogon >> 5800 taskhost >> 5404 AeXAgentUIHost >> 1660 ccSvcHst >> 3504 dllhost >> 4092 splunk-winprintmon >> 6576 WmiApSrv >> 2240 svchost >> 2040 uptmagnt >> 4776 AeXMetricProv >> 656 svchost >> 5184 AeXSMAppDetector >> 6364 TiWorker >> 452 csrss >> 252 smss >> 2368 setup >> 2020 svchost >> 2412 TabTip32 >> 440 wininit >> 3196 svchost >> 2200 svchost >> 4376 AeXNSAgentHostSurrogate32 >> 1420 SMSvcHost >> 6540 powershell >> 432 svchost >> 3780 splunk-perfmon >> 6536 conhost >> 624 svchost >> 1604 NPSrvHost >> 788 dwm >> 2192 putty >> 812 svchost >> 6524 conhost >> 4944 winlogon >> 2184 serversetup >> 4812 explorer >> 3364 splunk-wmi >> 3336 WmiPrvSE >> 2376 AeXNSAgent >> 4320 rdpclip >> 5128 AeXSMLogUpload >> 3748 msdtc >> 4 System >> 3484 NPSrvWatchdog >> 5212 conhost >> 0 Idle >> Performance Counters Layout information: FileMappingNotFoundException for >> category MSExchange ServiceProxyPool : >> Microsoft.Exchange.Diagnostics.FileMappingNotFoundException: Cound not open >> File mapping for name Global\netfxcustomperfcounters.1.0msexchange >> serviceproxypool. Error Details: 2 >> at Microsoft.Exchange.Diagnostics.FileMapping.OpenFileMapping(String >> name, Boolean writable) >> at >> Microsoft.Exchange.Diagnostics.PerformanceCounterMemoryMappedFile.Initialize(String >> >> fileMappingName, Boolean writable) >> at >> Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetAllInstancesLayout(String >> >> categoryName) >> >> >> >> the message resource is present but the message is not found in the >> string/message table >> >> >> ============================ >> >> Login Successfull on system >> >> >> An account was successfully logged on. >> >> Subject: >> Security ID: NULL SID >> Account Name: - >> Account Domain: - >> Logon ID: 0x0 >> >> Logon Type: 3 >> >> Impersonation Level: Impersonation >> >> New Logon: >> Security ID: ADS\Chandra Pandey >> Account Name: Chandra Pandey >> Account Domain: ADS >> Logon ID: 0xD475400 >> Logon GUID: {10046cb6-9f06-048b-d251-f66c2878fa16} >> >> Process Information: >> Process ID: 0x0 >> Process Name: - >> >> Network Information: >> Workstation Name: >> Source Network Address: - >> Source Port: - >> >> Detailed Authentication Information: >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Transited Services: - >> Package Name (NTLM only): - >> Key Length: 0 >> >> This event is generated when a logon session is created. It is generated >> on the computer that was accessed. >> >> The subject fields indicate the account on the local system which >> requested the logon. This is most commonly a service such as the Server >> service, or a local process such as Winlogon.exe or Services.exe. >> >> The logon type field indicates the kind of logon that occurred. The most >> common types are 2 (interactive) and 3 (network). >> >> The New Logon fields indicate the account for whom the new logon was >> created, i.e. the account that was logged on. >> >> The network fields indicate where a remote logon request originated. >> Workstation name is not always available and may be left blank in some >> cases. >> >> The impersonation level field indicates the extent to which a process in >> the logon session can impersonate. >> >> The authentication information fields provide detailed information about >> this specific logon request. >> - Logon GUID is a unique identifier that can be used to correlate this >> event with a KDC event. >> - Transited services indicate which intermediate services have >> participated in this logon request. >> - Package name indicates which sub-protocol was used among the NTLM >> protocols. >> - Key length indicates the length of the generated session key. This will >> be 0 if no session key was requested. >> >> =================== >> >> Special privileges assigned to new logon. >> >> Subject: >> Security ID: ADS\Chandra Pandey >> Account Name: Chandra Pandey >> Account Domain: ADS >> Logon ID: 0xD475400 >> >> Privileges: SeSecurityPrivilege >> SeBackupPrivilege >> SeRestorePrivilege >> SeTakeOwnershipPrivilege >> SeDebugPrivilege >> SeSystemEnvironmentPrivilege >> SeLoadDriverPrivilege >> SeImpersonatePrivilege >> SeEnableDelegationPrivilege >> >> ===================================================== >> >> >> >> >> >> >> I am part of "Organization Management role group" in AD >> >> I am able to run ansible commands for dev-01 server with same ads\chandra >> pandey credentails but can't install exchange >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6ad25a1f-96d9-4315-8876-6aad796d4331%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
