Thanks for the response Matt! I did verify we are running ansible version
2.1.1.0
user@ansible:~> ansible --version
ansible 2.1.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
I ran the klist command on the windows host (DC1) that ansible directly
connects to via winrm and I do not see a cached ticket for the service
account ansible is using. Your thoughts?
On Friday, October 28, 2016 at 1:07:11 PM UTC-5, Matt Davis wrote:
>
> You mentioned you were using ansible 2.1.0 and that you'd switched to
> group_vars- that version has an inventory bug where any ansible_winrm_X
> connection vars are ignored if they live in group_vars. Either upgrade to
> at least 2.1.1, or move them back. Also, try doing a raw: klist on the
> Windows host with delegation enabled- you should see a TGT listed.
>
> On Friday, October 28, 2016 at 10:10:45 AM UTC-7, Surred wrote:
>>
>> Apologies for the delayed response... I've been looking for ways to work
>> around this issue, but I hit a roadblock so I really need to figure this
>> out. Below are the logs from the server hosting the network share.
>> Apparently the login was successful, but it was as an anonymous user using
>> NTLM. I'm still receiving the same Access Denied message in ansible. Any
>> further assistance would be greatly appreciated. Thanks.
>>
>> Log Name: Security
>> Source: Microsoft-Windows-Security-Auditing
>> Date: 10/28/2016 11:50:35 AM
>> Event ID: 4624
>> Task Category: Logon
>> Level: Information
>> Keywords: Audit Success
>> User: N/A
>> Computer: SCCM01.domain.com
>> Description:
>> An account was successfully logged on.
>>
>> Subject:
>> Security ID: NULL SID
>> Account Name: -
>> Account Domain: -
>> Logon ID: 0x0
>>
>> Logon Type: 3
>>
>> Impersonation Level: Impersonation
>>
>> New Logon:
>> Security ID: ANONYMOUS LOGON
>> Account Name: ANONYMOUS LOGON
>> Account Domain: NT AUTHORITY
>> Logon ID: 0x614767F6
>> Logon GUID: {00000000-0000-0000-0000-000000000000}
>>
>> Process Information:
>> Process ID: 0x0
>> Process Name: -
>>
>> Network Information:
>> Workstation Name: DC1.domain.com
>> Source Network Address: x.x.x.x
>> Source Port: 59019
>>
>> Detailed Authentication Information:
>> Logon Process: NtLmSsp
>> Authentication Package: NTLM
>> Transited Services: -
>> Package Name (NTLM only): NTLM V1
>> Key Length: 128
>>
>> This event is generated when a logon session is created. It is generated
>> on the computer that was accessed.
>>
>> The subject fields indicate the account on the local system which
>> requested the logon. This is most commonly a service such as the Server
>> service, or a local process such as Winlogon.exe or Services.exe.
>>
>> The logon type field indicates the kind of logon that occurred. The most
>> common types are 2 (interactive) and 3 (network).
>>
>> The New Logon fields indicate the account for whom the new logon was
>> created, i.e. the account that was logged on.
>>
>> The network fields indicate where a remote logon request originated.
>> Workstation name is not always available and may be left blank in some
>> cases.
>>
>> The impersonation level field indicates the extent to which a process in
>> the logon session can impersonate.
>>
>> The authentication information fields provide detailed information about
>> this specific logon request.
>> - Logon GUID is a unique identifier that can be used to correlate this
>> event with a KDC event.
>> - Transited services indicate which intermediate services have
>> participated in this logon request.
>> - Package name indicates which sub-protocol was used among the NTLM
>> protocols.
>> - Key length indicates the length of the generated session key. This will
>> be 0 if no session key was requested.
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event";>
>> <System>
>> <Provider Name="Microsoft-Windows-Security-Auditing"
>> Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
>> <EventID>4624</EventID>
>> <Version>1</Version>
>> <Level>0</Level>
>> <Task>12544</Task>
>> <Opcode>0</Opcode>
>> <Keywords>0x8020000000000000</Keywords>
>> <TimeCreated SystemTime="2016-10-28T16:50:35.912189700Z" />
>> <EventRecordID>2087408</EventRecordID>
>> <Correlation />
>> <Execution ProcessID="492" ThreadID="7628" />
>> <Channel>Security</Channel>
>> <Computer>SCCM01.domain.com</Computer>
>> <Security />
>> </System>
>> <EventData>
>> <Data Name="SubjectUserSid">S-1-0-0</Data>
>> <Data Name="SubjectUserName">-</Data>
>> <Data Name="SubjectDomainName">-</Data>
>> <Data Name="SubjectLogonId">0x0</Data>
>> <Data Name="TargetUserSid">S-1-5-7</Data>
>> <Data Name="TargetUserName">ANONYMOUS LOGON</Data>
>> <Data Name="TargetDomainName">NT AUTHORITY</Data>
>> <Data Name="TargetLogonId">0x614767f6</Data>
>> <Data Name="LogonType">3</Data>
>> <Data Name="LogonProcessName">NtLmSsp </Data>
>> <Data Name="AuthenticationPackageName">NTLM</Data>
>> <Data Name="WorkstationName">DC1.domain.com</Data>
>> <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
>> <Data Name="TransmittedServices">-</Data>
>> <Data Name="LmPackageName">NTLM V1</Data>
>> <Data Name="KeyLength">128</Data>
>> <Data Name="ProcessId">0x0</Data>
>> <Data Name="ProcessName">-</Data>
>> <Data Name="IpAddress">x.x.x.x</Data>
>> <Data Name="IpPort">59019</Data>
>> <Data Name="ImpersonationLevel">%%1833</Data>
>> </EventData>
>> </Event>
>>
>>
>>
>>
>> Log Name: Security
>> Source: Microsoft-Windows-Security-Auditing
>> Date: 10/28/2016 11:50:35 AM
>> Event ID: 5140
>> Task Category: File Share
>> Level: Information
>> Keywords: Audit Success
>> User: N/A
>> Computer: SCCM01.domain.com
>> Description:
>> A network share object was accessed.
>> Subject:
>> Security ID: ANONYMOUS LOGON
>> Account Name: ANONYMOUS LOGON
>> Account Domain: NT AUTHORITY
>> Logon ID: 0x614767F6
>>
>> Network Information:
>> Object Type: File
>> Source Address: x.x.x.x
>> Source Port: 59019
>> Share Information:
>> Share Name: \\*\IPC$
>> Share Path:
>>
>> Access Request Information:
>> Access Mask: 0x1
>> Accesses: ReadData (or ListDirectory)
>>
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event";>
>> <System>
>> <Provider Name="Microsoft-Windows-Security-Auditing"
>> Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
>> <EventID>5140</EventID>
>> <Version>1</Version>
>> <Level>0</Level>
>> <Task>12808</Task>
>> <Opcode>0</Opcode>
>> <Keywords>0x8020000000000000</Keywords>
>> <TimeCreated SystemTime="2016-10-28T16:50:35.912189700Z" />
>> <EventRecordID>2087409</EventRecordID>
>> <Correlation />
>> <Execution ProcessID="4" ThreadID="9240" />
>> <Channel>Security</Channel>
>> <Computer>SCCM01.domain.com</Computer>
>> <Security />
>> </System>
>> <EventData>
>> <Data Name="SubjectUserSid">S-1-5-7</Data>
>> <Data Name="SubjectUserName">ANONYMOUS LOGON</Data>
>> <Data Name="SubjectDomainName">NT AUTHORITY</Data>
>> <Data Name="SubjectLogonId">0x614767f6</Data>
>> <Data Name="ObjectType">File</Data>
>> <Data Name="IpAddress">x.x.x.x</Data>
>> <Data Name="IpPort">59019</Data>
>> <Data Name="ShareName">\\*\IPC$</Data>
>> <Data Name="ShareLocalPath">
>> </Data>
>> <Data Name="AccessMask">0x1</Data>
>> <Data Name="AccessList">%%4416
>> </Data>
>> </EventData>
>> </Event>
>>
>>
>>
>> On Thursday, September 22, 2016 at 2:15:09 AM UTC-5, J Hawkesworth wrote:
>>>
>>> Have a look in the event logs. I suspect all you will see is 'Access is
>>> denied'. Worth looking on the network share machine (if it is an actual
>>> windows box). If it isn't a windows box I guess there will be some kind of
>>> samba share logging that you could examine too.
>>>
>>> Make sure that you are using the same user when logged in via remote
>>> desktop as the user that ansible is using.
>>>
>>> You could check for logon events in the event viewer and see what
>>> privileges are assigned to your ansible.... user and see how these differ
>>> when you login via RDP.
>>>
>>> My understanding is that the auth delegation changes the kerberos ticket
>>> in some some way so you could try examining the kerberos ticket using klist
>>> - unfortunately I can't try this myself at the moment.
>>>
>>> I wonder if it is possible for the domain controller to disallow
>>> granting the necessary kerberos ticket for auth delegation. Perhaps ask
>>> Active Directory administrators if they can do anything like this and
>>> whether it it is in place.
>>>
>>> I still think that you are 'almost there' with solving this problem.
>>>
>>> Hope the above helps,
>>>
>>> Jon
>>>
>>>
>>> On Tuesday, September 20, 2016 at 3:35:27 PM UTC+1, Surred wrote:
>>>>
>>>> JH,
>>>>
>>>> Do you know of any other tests/logging I could try/review to determine
>>>> why the kerberos delegation is not working in my environment?
>>>>
>>>> On Friday, September 16, 2016 at 2:22:05 AM UTC-5, J Hawkesworth wrote:
>>>>>
>>>>> Sorry, I should have been clearer. 2.0.0.2 and 2.1.1 are ansible
>>>>> versions.
>>>>>
>>>>>
>>>>>
>>>>> On Thursday, September 15, 2016 at 4:11:02 PM UTC+1, Surred wrote:
>>>>>>
>>>>>> Thanks for the response JH. I've moved the winrm connection details
>>>>>> to group_vars as you suggested, but am still not able to list the files
>>>>>> of
>>>>>> a network share. You said you are using "2.0.0.2 / 2.1.1" Can you
>>>>>> please
>>>>>> clarify those version numbers and what they are associated with?
>>>>>>
>>>>>> host file:
>>>>>> user@ansible:~/ansible> cat inventories/domain
>>>>>> [test]
>>>>>> dc1.domain.com
>>>>>>
>>>>>>
>>>>>> group_vars:
>>>>>> user@ansible:~/ansible> cat inventories/group_vars/test.yml
>>>>>> ---
>>>>>>
>>>>>> ansible_ssh_port: 5986
>>>>>> ansible_connection: winrm
>>>>>> ansible_winrm_transport: kerberos
>>>>>> ansible_winrm_kerberos_delegation: yes
>>>>>> ansible_ssh_user: [email protected]
>>>>>> ansible_winrm_server_cert_validation: ignore
>>>>>>
>>>>>>
>>>>>> output of playbook (i've added a debug task to dump the variables):
>>>>>> user@ansible:~/ansible> ansible-playbook test.yml -i
>>>>>> inventories/domain -vvvvv
>>>>>> Using /home/user/ansible/ansible.cfg as config file
>>>>>> Loaded callback default of type stdout, v2.0
>>>>>>
>>>>>> PLAYBOOK: test.yml
>>>>>> *************************************************************
>>>>>> 1 plays in test.yml
>>>>>>
>>>>>> PLAY [list unc]
>>>>>> ****************************************************************
>>>>>>
>>>>>> TASK [display variables]
>>>>>> *******************************************************
>>>>>> task path: /home/user/ansible/test.yml:6
>>>>>> ok: [dc1.domain.com] => {
>>>>>> "hostvars[inventory_hostname]": {
>>>>>> "ansible_check_mode": false,
>>>>>> "ansible_connection": "winrm",
>>>>>> "ansible_ssh_port": 5986,
>>>>>> "ansible_ssh_user": "[email protected]",
>>>>>> "ansible_version": {
>>>>>> "full": "2.1.0.0",
>>>>>> "major": 2,
>>>>>> "minor": 1,
>>>>>> "revision": 0,
>>>>>> "string": "2.1.0.0"
>>>>>> },
>>>>>> "ansible_winrm_kerberos_delegation": true,
>>>>>> "ansible_winrm_server_cert_validation": "ignore",
>>>>>> "ansible_winrm_transport": "kerberos",
>>>>>> "group_names": [
>>>>>> "test"
>>>>>> ],
>>>>>> "groups": {
>>>>>> "all": [
>>>>>> "dc1.domain.com"
>>>>>> ],
>>>>>> "test": [
>>>>>> "dc1.domain.com"
>>>>>> ],
>>>>>> "ungrouped": []
>>>>>> },
>>>>>> "inventory_dir": "/home/user/ansible/inventories",
>>>>>> "inventory_file": "inventories/domain",
>>>>>> "inventory_hostname": "dc1.domain.com",
>>>>>> "inventory_hostname_short": "dc1",
>>>>>> "omit":
>>>>>> "__omit_place_holder__aefe246ae370864260078b474e205946a8274802",
>>>>>> "playbook_dir": "/home/user/ansible"
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> TASK [list unc]
>>>>>> ****************************************************************
>>>>>> task path: /home/user/ansible/test.yml:9
>>>>>> <dc1.domain.com> ESTABLISH WINRM CONNECTION FOR USER:
>>>>>> [email protected] on PORT 5986 TO dc1.domain.com
>>>>>> <dc1.domain.com> WINRM CONNECT: transport=kerberos endpoint=
>>>>>> https://dc1.domain.com:5986/wsman
>>>>>> <dc1.domain.com> WINRM OPEN SHELL:
>>>>>> 33ADC923-1FA6-4D0D-B5AF-7A474202BD2E
>>>>>> <dc1.domain.com> EXEC Set-StrictMode -Version Latest
>>>>>> (New-Item -Type Directory -Path $env:temp -Name
>>>>>> "ansible-tmp-1473950183.23-4669660185733").FullName | Write-Host
>>>>>> -Separator
>>>>>> '';
>>>>>> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>>>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>>>>> u'-EncodedCommand',
>>>>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOQA1ADAAMQA4ADMALgAyADMALQA0ADYANgA5ADYANgAwADEAOAA1ADcAMwAzACIAKQAuAEYAdQBsAGwATgBhAG0AZQAgAHwAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAALQBTAGUAcABhAHIAYQB0AG8AcgAgACcAJwA7AA==']
>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out
>>>>>> "C:\\Users\\ansible_svc", err "">'
>>>>>> <dc1.domain.com> PUT "/home/user/ansible/test.ps1" TO
>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1"
>>>>>> <dc1.domain.com> WINRM PUT "/home/user/ansible/test.ps1" to
>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1"
>>>>>>
>>>>>> (offset=46 size=46)
>>>>>> <dc1.domain.com> EXEC &
>>>>>>
>>>>>> 'C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1'
>>>>>> <dc1.domain.com> WINRM EXEC 'PowerShell' ['-NoProfile',
>>>>>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted',
>>>>>> '-EncodedCommand',
>>>>>> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABhAG4AcwBpAGIAbABlAF8AcwB2AGMAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOQA1ADAAMQA4ADMALgAyADMALQA0ADYANgA5ADYANgAwADEAOAA1ADcAMwAzAFwAdABlAHMAdAAuAHAAcwAxACcA']
>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "#<
>>>>>> CLIXML\r\n<Objs Ver">'
>>>>>> <dc1.domain.com> EXEC Set-StrictMode -Version Latest
>>>>>> Remove-Item
>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733"
>>>>>>
>>>>>> -Force -Recurse;
>>>>>> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>>>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>>>>> u'-EncodedCommand',
>>>>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAGEAbgBzAGkAYgBsAGUAXwBzAHYAYwBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA5ADUAMAAxADgAMwAuADIAMwAtADQANgA2ADkANgA2ADAAMQA4ADUANwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsA']
>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "">'
>>>>>> <dc1.domain.com> WINRM CLOSE SHELL:
>>>>>> 33ADC923-1FA6-4D0D-B5AF-7A474202BD2E
>>>>>> changed: [dc1.domain.com] => {"changed": true, "invocation":
>>>>>> {"module_args": {"_raw_params": "/home/user/ansible/test.ps1"},
>>>>>> "module_name": "script"}, "rc": 0, "stderr": "Get-ChildItem : Access is
>>>>>> denied\r\nAt
>>>>>> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473950183.23-4669660185\r\n733\\test.ps1:1
>>>>>>
>>>>>> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+
>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo
>>>>>> :
>>>>>> PermissionDenied: (\\\\sccm01\\SMS_ABC\\Client \r\n:String)
>>>>>> [Get-ChildItem], UnauthorizedAccessException\r\n+ FullyQualifiedErrorId
>>>>>> :
>>>>>> ItemExistsUnauthorizedAccessError,Microsoft.Powe
>>>>>> \r\nrShell.Commands.GetChildItemCommand\r\n\r\nGet-ChildItem : Cannot
>>>>>> find
>>>>>> path '\\\\sccm01\\SMS_ABC\\Client' because it \r\ndoes not exist.\r\nAt
>>>>>> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473950183.23-4669660185\r\n733\\test.ps1:1
>>>>>>
>>>>>> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+
>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo
>>>>>> :
>>>>>> ObjectNotFound: (\\\\sccm01\\SMS_ABC\\Client:S \r\ntring)
>>>>>> [Get-ChildItem],
>>>>>> ItemNotFoundException\r\n+ FullyQualifiedErrorId :
>>>>>> PathNotFound,Microsoft.PowerShell.Commands.GetCh
>>>>>> \r\nildItemCommand\r\n",
>>>>>> "stdout": "", "stdout_lines": []}
>>>>>>
>>>>>> PLAY RECAP
>>>>>> *********************************************************************
>>>>>> dc1.domain.com : ok=2 changed=1 unreachable=0 failed=0
>>>>>>
>>>>>> user@ansible:~/ansible>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wednesday, September 14, 2016 at 12:52:13 PM UTC-5, Surred wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I'm having issues getting the double hop scenario working. To test
>>>>>>> kerberos delegation I have a simple PowerShell script that does a
>>>>>>> Get-ChildItem on a UNC path. When running the command manually on the
>>>>>>> host
>>>>>>> it works, but when executing as playbook with Ansible I get "Access
>>>>>>> Denied." Below is my configuration and the verbose output I receive.
>>>>>>> Any
>>>>>>> help or suggestions would be greatly appreciated.
>>>>>>>
>>>>>>>
>>>>>>> Environment:
>>>>>>> user@ansible:~/ansible> pip list 2>/dev/null | grep -i pywinrm
>>>>>>> pywinrm (0.2.0)
>>>>>>>
>>>>>>> user@ansible:~/ansible> ansible --version
>>>>>>> ansible 2.1.0.0
>>>>>>> config file = /home/user/ansible/ansible.cfg
>>>>>>> configured module search path = Default w/o overrides
>>>>>>>
>>>>>>> user@ansible:~/ansible> cat /etc/*-release
>>>>>>> NAME="SLES"
>>>>>>> VERSION="11.4"
>>>>>>> VERSION_ID="11.4"
>>>>>>> PRETTY_NAME="SUSE Linux Enterprise Server 11 SP4"
>>>>>>> ID="sles"
>>>>>>> ANSI_COLOR="0;32"
>>>>>>> CPE_NAME="cpe:/o:suse:sles:11:4"
>>>>>>> SUSE Linux Enterprise Server 11 (x86_64)
>>>>>>> VERSION = 11
>>>>>>> PATCHLEVEL = 4
>>>>>>>
>>>>>>>
>>>>>>> Inventory excerpt:
>>>>>>> [all:vars]
>>>>>>> ansible_ssh_port=5986
>>>>>>> ansible_connection=winrm
>>>>>>> ansible_winrm_transport=kerberos
>>>>>>> ansible_winrm_kerberos_delegation=yes
>>>>>>> [email protected]
>>>>>>> ansible_winrm_server_cert_validation=ignore
>>>>>>>
>>>>>>> Playbook output:
>>>>>>> user@ansible:~/ansible> ansible-playbook test.yml -i
>>>>>>> inventories/domain -vvvvv
>>>>>>> Using /home/user/ansible/ansible.cfg as config file
>>>>>>> Loaded callback default of type stdout, v2.0
>>>>>>>
>>>>>>> PLAYBOOK: test.yml
>>>>>>> *************************************************************
>>>>>>> 1 plays in test.yml
>>>>>>>
>>>>>>> PLAY [list unc]
>>>>>>> ****************************************************************
>>>>>>>
>>>>>>> TASK [list unc]
>>>>>>> ****************************************************************
>>>>>>> task path: /home/user/ansible/test.yml:6
>>>>>>> <dc1.domain.com> ESTABLISH WINRM CONNECTION FOR USER:
>>>>>>> [email protected] on PORT 5986 TO dc1.domain.com
>>>>>>> <dc1.domain.com> WINRM CONNECT: transport=kerberos endpoint=
>>>>>>> https://dc1.domain.com:5986/wsman
>>>>>>> <dc1.domain.com> WINRM OPEN SHELL:
>>>>>>> 33CC652E-0DED-4C66-B898-2860580A29A8
>>>>>>> <dc1.domain.com> EXEC Set-StrictMode -Version Latest
>>>>>>> (New-Item -Type Directory -Path $env:temp -Name
>>>>>>> "ansible-tmp-1473809521.62-137672088908702").FullName | Write-Host
>>>>>>> -Separator '';
>>>>>>> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>>>>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>>>>>> u'-EncodedCommand',
>>>>>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOAAwADkANQAyADEALgA2ADIALQAxADMANwA2ADcAMgAwADgAOAA5ADAAOAA3ADAAMgAiACkALgBGAHUAbABsAE4AYQBtAGUAIAB8ACAAVwByAGkAdABlAC0ASABvAHMAdAAgAC0AUwBlAHAAYQByAGEAdABvAHIAIAAnACcAOwA=']
>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out
>>>>>>> "C:\\Users\\ansible_svc", err "">'
>>>>>>> <dc1.domain.com> PUT "/home/user/ansible/test.ps1" TO
>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1"
>>>>>>> <dc1.domain.com> WINRM PUT "/home/user/ansible/test.ps1" to
>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1"
>>>>>>>
>>>>>>> (offset=46 size=46)
>>>>>>> <dc1.domain.com> EXEC &
>>>>>>>
>>>>>>> 'C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1'
>>>>>>> <dc1.domain.com> WINRM EXEC 'PowerShell' ['-NoProfile',
>>>>>>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted',
>>>>>>> '-EncodedCommand',
>>>>>>> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABhAG4AcwBpAGIAbABlAF8AcwB2AGMAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOAAwADkANQAyADEALgA2ADIALQAxADMANwA2ADcAMgAwADgAOAA5ADAAOAA3ADAAMgBcAHQAZQBzAHQALgBwAHMAMQAnAA==']
>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "#<
>>>>>>> CLIXML\r\n<Objs Ver">'
>>>>>>> <dc1.domain.com> EXEC Set-StrictMode -Version Latest
>>>>>>> Remove-Item
>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702"
>>>>>>>
>>>>>>> -Force -Recurse;
>>>>>>> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>>>>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>>>>>> u'-EncodedCommand',
>>>>>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAGEAbgBzAGkAYgBsAGUAXwBzAHYAYwBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA4ADAAOQA1ADIAMQAuADYAMgAtADEAMwA3ADYANwAyADAAOAA4ADkAMAA4ADcAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AA==']
>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "">'
>>>>>>> <dc1.domain.com> WINRM CLOSE SHELL:
>>>>>>> 33CC652E-0DED-4C66-B898-2860580A29A8
>>>>>>> changed: [dc1.domain.com] => {"changed": true, "invocation":
>>>>>>> {"module_args": {"_raw_params": "/home/user/ansible/test.ps1"},
>>>>>>> "module_name": "script"}, "rc": 0, "stderr": "Get-ChildItem : Access is
>>>>>>> denied\r\nAt
>>>>>>> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473809521.62-1376720889\r\n08702\\test.ps1:1
>>>>>>>
>>>>>>> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+
>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo
>>>>>>> :
>>>>>>> PermissionDenied: (\\\\sccm01\\SMS_ABC\\Client \r\n:String)
>>>>>>> [Get-ChildItem], UnauthorizedAccessException\r\n+ FullyQualifiedErrorId
>>>>>>> :
>>>>>>> ItemExistsUnauthorizedAccessError,Microsoft.Powe
>>>>>>> \r\nrShell.Commands.GetChildItemCommand\r\n\r\nGet-ChildItem : Cannot
>>>>>>> find
>>>>>>> path '\\\\sccm01\\SMS_ABC\\Client' because it \r\ndoes not exist.\r\nAt
>>>>>>> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473809521.62-1376720889\r\n08702\\test.ps1:1
>>>>>>>
>>>>>>> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+
>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo
>>>>>>> :
>>>>>>> ObjectNotFound: (\\\\sccm01\\SMS_ABC\\Client:S \r\ntring)
>>>>>>> [Get-ChildItem],
>>>>>>> ItemNotFoundException\r\n+ FullyQualifiedErrorId :
>>>>>>> PathNotFound,Microsoft.PowerShell.Commands.GetCh
>>>>>>> \r\nildItemCommand\r\n",
>>>>>>> "stdout": "", "stdout_lines": []}
>>>>>>>
>>>>>>> PLAY RECAP
>>>>>>> *********************************************************************
>>>>>>> dc1.domain.com : ok=1 changed=1 unreachable=0 failed=0
>>>>>>>
>>>>>>> user@ansible:~/ansible>
>>>>>>>
>>>>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c0b52200-d515-4944-94d9-d1da06be69fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
