Don't know what else to say- works for everyone I know that's tried it, so
I'm suspecting some sort of local configuration or installation issue that
hasn't been covered yet.
On Monday, October 31, 2016 at 8:09:02 AM UTC-7, Surred wrote:
>
> Thanks for the response Matt! I did verify we are running ansible version
> 2.1.1.0
>
> user@ansible:~> ansible --version
> ansible 2.1.1.0
> config file = /etc/ansible/ansible.cfg
> configured module search path = Default w/o overrides
>
> I ran the klist command on the windows host (DC1) that ansible directly
> connects to via winrm and I do not see a cached ticket for the service
> account ansible is using. Your thoughts?
>
>
> On Friday, October 28, 2016 at 1:07:11 PM UTC-5, Matt Davis wrote:
>>
>> You mentioned you were using ansible 2.1.0 and that you'd switched to
>> group_vars- that version has an inventory bug where any ansible_winrm_X
>> connection vars are ignored if they live in group_vars. Either upgrade to
>> at least 2.1.1, or move them back. Also, try doing a raw: klist on the
>> Windows host with delegation enabled- you should see a TGT listed.
>>
>> On Friday, October 28, 2016 at 10:10:45 AM UTC-7, Surred wrote:
>>>
>>> Apologies for the delayed response... I've been looking for ways to work
>>> around this issue, but I hit a roadblock so I really need to figure this
>>> out. Below are the logs from the server hosting the network share.
>>> Apparently the login was successful, but it was as an anonymous user using
>>> NTLM. I'm still receiving the same Access Denied message in ansible. Any
>>> further assistance would be greatly appreciated. Thanks.
>>>
>>> Log Name: Security
>>> Source: Microsoft-Windows-Security-Auditing
>>> Date: 10/28/2016 11:50:35 AM
>>> Event ID: 4624
>>> Task Category: Logon
>>> Level: Information
>>> Keywords: Audit Success
>>> User: N/A
>>> Computer: SCCM01.domain.com
>>> Description:
>>> An account was successfully logged on.
>>>
>>> Subject:
>>> Security ID: NULL SID
>>> Account Name: -
>>> Account Domain: -
>>> Logon ID: 0x0
>>>
>>> Logon Type: 3
>>>
>>> Impersonation Level: Impersonation
>>>
>>> New Logon:
>>> Security ID: ANONYMOUS LOGON
>>> Account Name: ANONYMOUS LOGON
>>> Account Domain: NT AUTHORITY
>>> Logon ID: 0x614767F6
>>> Logon GUID: {00000000-0000-0000-0000-000000000000}
>>>
>>> Process Information:
>>> Process ID: 0x0
>>> Process Name: -
>>>
>>> Network Information:
>>> Workstation Name: DC1.domain.com
>>> Source Network Address: x.x.x.x
>>> Source Port: 59019
>>>
>>> Detailed Authentication Information:
>>> Logon Process: NtLmSsp
>>> Authentication Package: NTLM
>>> Transited Services: -
>>> Package Name (NTLM only): NTLM V1
>>> Key Length: 128
>>>
>>> This event is generated when a logon session is created. It is generated
>>> on the computer that was accessed.
>>>
>>> The subject fields indicate the account on the local system which
>>> requested the logon. This is most commonly a service such as the Server
>>> service, or a local process such as Winlogon.exe or Services.exe.
>>>
>>> The logon type field indicates the kind of logon that occurred. The most
>>> common types are 2 (interactive) and 3 (network).
>>>
>>> The New Logon fields indicate the account for whom the new logon was
>>> created, i.e. the account that was logged on.
>>>
>>> The network fields indicate where a remote logon request originated.
>>> Workstation name is not always available and may be left blank in some
>>> cases.
>>>
>>> The impersonation level field indicates the extent to which a process in
>>> the logon session can impersonate.
>>>
>>> The authentication information fields provide detailed information about
>>> this specific logon request.
>>> - Logon GUID is a unique identifier that can be used to correlate this
>>> event with a KDC event.
>>> - Transited services indicate which intermediate services have
>>> participated in this logon request.
>>> - Package name indicates which sub-protocol was used among the NTLM
>>> protocols.
>>> - Key length indicates the length of the generated session key. This
>>> will be 0 if no session key was requested.
>>> Event Xml:
>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event";>
>>> <System>
>>> <Provider Name="Microsoft-Windows-Security-Auditing"
>>> Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
>>> <EventID>4624</EventID>
>>> <Version>1</Version>
>>> <Level>0</Level>
>>> <Task>12544</Task>
>>> <Opcode>0</Opcode>
>>> <Keywords>0x8020000000000000</Keywords>
>>> <TimeCreated SystemTime="2016-10-28T16:50:35.912189700Z" />
>>> <EventRecordID>2087408</EventRecordID>
>>> <Correlation />
>>> <Execution ProcessID="492" ThreadID="7628" />
>>> <Channel>Security</Channel>
>>> <Computer>SCCM01.domain.com</Computer>
>>> <Security />
>>> </System>
>>> <EventData>
>>> <Data Name="SubjectUserSid">S-1-0-0</Data>
>>> <Data Name="SubjectUserName">-</Data>
>>> <Data Name="SubjectDomainName">-</Data>
>>> <Data Name="SubjectLogonId">0x0</Data>
>>> <Data Name="TargetUserSid">S-1-5-7</Data>
>>> <Data Name="TargetUserName">ANONYMOUS LOGON</Data>
>>> <Data Name="TargetDomainName">NT AUTHORITY</Data>
>>> <Data Name="TargetLogonId">0x614767f6</Data>
>>> <Data Name="LogonType">3</Data>
>>> <Data Name="LogonProcessName">NtLmSsp </Data>
>>> <Data Name="AuthenticationPackageName">NTLM</Data>
>>> <Data Name="WorkstationName">DC1.domain.com</Data>
>>> <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
>>> <Data Name="TransmittedServices">-</Data>
>>> <Data Name="LmPackageName">NTLM V1</Data>
>>> <Data Name="KeyLength">128</Data>
>>> <Data Name="ProcessId">0x0</Data>
>>> <Data Name="ProcessName">-</Data>
>>> <Data Name="IpAddress">x.x.x.x</Data>
>>> <Data Name="IpPort">59019</Data>
>>> <Data Name="ImpersonationLevel">%%1833</Data>
>>> </EventData>
>>> </Event>
>>>
>>>
>>>
>>>
>>> Log Name: Security
>>> Source: Microsoft-Windows-Security-Auditing
>>> Date: 10/28/2016 11:50:35 AM
>>> Event ID: 5140
>>> Task Category: File Share
>>> Level: Information
>>> Keywords: Audit Success
>>> User: N/A
>>> Computer: SCCM01.domain.com
>>> Description:
>>> A network share object was accessed.
>>> Subject:
>>> Security ID: ANONYMOUS LOGON
>>> Account Name: ANONYMOUS LOGON
>>> Account Domain: NT AUTHORITY
>>> Logon ID: 0x614767F6
>>>
>>> Network Information:
>>> Object Type: File
>>> Source Address: x.x.x.x
>>> Source Port: 59019
>>> Share Information:
>>> Share Name: \\*\IPC$
>>> Share Path:
>>>
>>> Access Request Information:
>>> Access Mask: 0x1
>>> Accesses: ReadData (or ListDirectory)
>>>
>>> Event Xml:
>>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event";>
>>> <System>
>>> <Provider Name="Microsoft-Windows-Security-Auditing"
>>> Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
>>> <EventID>5140</EventID>
>>> <Version>1</Version>
>>> <Level>0</Level>
>>> <Task>12808</Task>
>>> <Opcode>0</Opcode>
>>> <Keywords>0x8020000000000000</Keywords>
>>> <TimeCreated SystemTime="2016-10-28T16:50:35.912189700Z" />
>>> <EventRecordID>2087409</EventRecordID>
>>> <Correlation />
>>> <Execution ProcessID="4" ThreadID="9240" />
>>> <Channel>Security</Channel>
>>> <Computer>SCCM01.domain.com</Computer>
>>> <Security />
>>> </System>
>>> <EventData>
>>> <Data Name="SubjectUserSid">S-1-5-7</Data>
>>> <Data Name="SubjectUserName">ANONYMOUS LOGON</Data>
>>> <Data Name="SubjectDomainName">NT AUTHORITY</Data>
>>> <Data Name="SubjectLogonId">0x614767f6</Data>
>>> <Data Name="ObjectType">File</Data>
>>> <Data Name="IpAddress">x.x.x.x</Data>
>>> <Data Name="IpPort">59019</Data>
>>> <Data Name="ShareName">\\*\IPC$</Data>
>>> <Data Name="ShareLocalPath">
>>> </Data>
>>> <Data Name="AccessMask">0x1</Data>
>>> <Data Name="AccessList">%%4416
>>> </Data>
>>> </EventData>
>>> </Event>
>>>
>>>
>>>
>>> On Thursday, September 22, 2016 at 2:15:09 AM UTC-5, J Hawkesworth wrote:
>>>>
>>>> Have a look in the event logs. I suspect all you will see is 'Access
>>>> is denied'. Worth looking on the network share machine (if it is an
>>>> actual
>>>> windows box). If it isn't a windows box I guess there will be some kind
>>>> of
>>>> samba share logging that you could examine too.
>>>>
>>>> Make sure that you are using the same user when logged in via remote
>>>> desktop as the user that ansible is using.
>>>>
>>>> You could check for logon events in the event viewer and see what
>>>> privileges are assigned to your ansible.... user and see how these differ
>>>> when you login via RDP.
>>>>
>>>> My understanding is that the auth delegation changes the kerberos
>>>> ticket in some some way so you could try examining the kerberos ticket
>>>> using klist - unfortunately I can't try this myself at the moment.
>>>>
>>>> I wonder if it is possible for the domain controller to disallow
>>>> granting the necessary kerberos ticket for auth delegation. Perhaps ask
>>>> Active Directory administrators if they can do anything like this and
>>>> whether it it is in place.
>>>>
>>>> I still think that you are 'almost there' with solving this problem.
>>>>
>>>> Hope the above helps,
>>>>
>>>> Jon
>>>>
>>>>
>>>> On Tuesday, September 20, 2016 at 3:35:27 PM UTC+1, Surred wrote:
>>>>>
>>>>> JH,
>>>>>
>>>>> Do you know of any other tests/logging I could try/review to determine
>>>>> why the kerberos delegation is not working in my environment?
>>>>>
>>>>> On Friday, September 16, 2016 at 2:22:05 AM UTC-5, J Hawkesworth wrote:
>>>>>>
>>>>>> Sorry, I should have been clearer. 2.0.0.2 and 2.1.1 are ansible
>>>>>> versions.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thursday, September 15, 2016 at 4:11:02 PM UTC+1, Surred wrote:
>>>>>>>
>>>>>>> Thanks for the response JH. I've moved the winrm connection details
>>>>>>> to group_vars as you suggested, but am still not able to list the files
>>>>>>> of
>>>>>>> a network share. You said you are using "2.0.0.2 / 2.1.1" Can you
>>>>>>> please
>>>>>>> clarify those version numbers and what they are associated with?
>>>>>>>
>>>>>>> host file:
>>>>>>> user@ansible:~/ansible> cat inventories/domain
>>>>>>> [test]
>>>>>>> dc1.domain.com
>>>>>>>
>>>>>>>
>>>>>>> group_vars:
>>>>>>> user@ansible:~/ansible> cat inventories/group_vars/test.yml
>>>>>>> ---
>>>>>>>
>>>>>>> ansible_ssh_port: 5986
>>>>>>> ansible_connection: winrm
>>>>>>> ansible_winrm_transport: kerberos
>>>>>>> ansible_winrm_kerberos_delegation: yes
>>>>>>> ansible_ssh_user: [email protected]
>>>>>>> ansible_winrm_server_cert_validation: ignore
>>>>>>>
>>>>>>>
>>>>>>> output of playbook (i've added a debug task to dump the variables):
>>>>>>> user@ansible:~/ansible> ansible-playbook test.yml -i
>>>>>>> inventories/domain -vvvvv
>>>>>>> Using /home/user/ansible/ansible.cfg as config file
>>>>>>> Loaded callback default of type stdout, v2.0
>>>>>>>
>>>>>>> PLAYBOOK: test.yml
>>>>>>> *************************************************************
>>>>>>> 1 plays in test.yml
>>>>>>>
>>>>>>> PLAY [list unc]
>>>>>>> ****************************************************************
>>>>>>>
>>>>>>> TASK [display variables]
>>>>>>> *******************************************************
>>>>>>> task path: /home/user/ansible/test.yml:6
>>>>>>> ok: [dc1.domain.com] => {
>>>>>>> "hostvars[inventory_hostname]": {
>>>>>>> "ansible_check_mode": false,
>>>>>>> "ansible_connection": "winrm",
>>>>>>> "ansible_ssh_port": 5986,
>>>>>>> "ansible_ssh_user": "[email protected]",
>>>>>>> "ansible_version": {
>>>>>>> "full": "2.1.0.0",
>>>>>>> "major": 2,
>>>>>>> "minor": 1,
>>>>>>> "revision": 0,
>>>>>>> "string": "2.1.0.0"
>>>>>>> },
>>>>>>> "ansible_winrm_kerberos_delegation": true,
>>>>>>> "ansible_winrm_server_cert_validation": "ignore",
>>>>>>> "ansible_winrm_transport": "kerberos",
>>>>>>> "group_names": [
>>>>>>> "test"
>>>>>>> ],
>>>>>>> "groups": {
>>>>>>> "all": [
>>>>>>> "dc1.domain.com"
>>>>>>> ],
>>>>>>> "test": [
>>>>>>> "dc1.domain.com"
>>>>>>> ],
>>>>>>> "ungrouped": []
>>>>>>> },
>>>>>>> "inventory_dir": "/home/user/ansible/inventories",
>>>>>>> "inventory_file": "inventories/domain",
>>>>>>> "inventory_hostname": "dc1.domain.com",
>>>>>>> "inventory_hostname_short": "dc1",
>>>>>>> "omit":
>>>>>>> "__omit_place_holder__aefe246ae370864260078b474e205946a8274802",
>>>>>>> "playbook_dir": "/home/user/ansible"
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> TASK [list unc]
>>>>>>> ****************************************************************
>>>>>>> task path: /home/user/ansible/test.yml:9
>>>>>>> <dc1.domain.com> ESTABLISH WINRM CONNECTION FOR USER:
>>>>>>> [email protected] on PORT 5986 TO dc1.domain.com
>>>>>>> <dc1.domain.com> WINRM CONNECT: transport=kerberos endpoint=
>>>>>>> https://dc1.domain.com:5986/wsman
>>>>>>> <dc1.domain.com> WINRM OPEN SHELL:
>>>>>>> 33ADC923-1FA6-4D0D-B5AF-7A474202BD2E
>>>>>>> <dc1.domain.com> EXEC Set-StrictMode -Version Latest
>>>>>>> (New-Item -Type Directory -Path $env:temp -Name
>>>>>>> "ansible-tmp-1473950183.23-4669660185733").FullName | Write-Host
>>>>>>> -Separator
>>>>>>> '';
>>>>>>> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>>>>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>>>>>> u'-EncodedCommand',
>>>>>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOQA1ADAAMQA4ADMALgAyADMALQA0ADYANgA5ADYANgAwADEAOAA1ADcAMwAzACIAKQAuAEYAdQBsAGwATgBhAG0AZQAgAHwAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAALQBTAGUAcABhAHIAYQB0AG8AcgAgACcAJwA7AA==']
>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out
>>>>>>> "C:\\Users\\ansible_svc", err "">'
>>>>>>> <dc1.domain.com> PUT "/home/user/ansible/test.ps1" TO
>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1"
>>>>>>> <dc1.domain.com> WINRM PUT "/home/user/ansible/test.ps1" to
>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1"
>>>>>>>
>>>>>>> (offset=46 size=46)
>>>>>>> <dc1.domain.com> EXEC &
>>>>>>>
>>>>>>> 'C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733\test.ps1'
>>>>>>> <dc1.domain.com> WINRM EXEC 'PowerShell' ['-NoProfile',
>>>>>>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted',
>>>>>>> '-EncodedCommand',
>>>>>>> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABhAG4AcwBpAGIAbABlAF8AcwB2AGMAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOQA1ADAAMQA4ADMALgAyADMALQA0ADYANgA5ADYANgAwADEAOAA1ADcAMwAzAFwAdABlAHMAdAAuAHAAcwAxACcA']
>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "#<
>>>>>>> CLIXML\r\n<Objs Ver">'
>>>>>>> <dc1.domain.com> EXEC Set-StrictMode -Version Latest
>>>>>>> Remove-Item
>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473950183.23-4669660185733"
>>>>>>>
>>>>>>> -Force -Recurse;
>>>>>>> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>>>>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>>>>>> u'-EncodedCommand',
>>>>>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAGEAbgBzAGkAYgBsAGUAXwBzAHYAYwBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA5ADUAMAAxADgAMwAuADIAMwAtADQANgA2ADkANgA2ADAAMQA4ADUANwAzADMAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsA']
>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "">'
>>>>>>> <dc1.domain.com> WINRM CLOSE SHELL:
>>>>>>> 33ADC923-1FA6-4D0D-B5AF-7A474202BD2E
>>>>>>> changed: [dc1.domain.com] => {"changed": true, "invocation":
>>>>>>> {"module_args": {"_raw_params": "/home/user/ansible/test.ps1"},
>>>>>>> "module_name": "script"}, "rc": 0, "stderr": "Get-ChildItem : Access is
>>>>>>> denied\r\nAt
>>>>>>> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473950183.23-4669660185\r\n733\\test.ps1:1
>>>>>>>
>>>>>>> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+
>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo
>>>>>>> :
>>>>>>> PermissionDenied: (\\\\sccm01\\SMS_ABC\\Client \r\n:String)
>>>>>>> [Get-ChildItem], UnauthorizedAccessException\r\n+ FullyQualifiedErrorId
>>>>>>> :
>>>>>>> ItemExistsUnauthorizedAccessError,Microsoft.Powe
>>>>>>> \r\nrShell.Commands.GetChildItemCommand\r\n\r\nGet-ChildItem : Cannot
>>>>>>> find
>>>>>>> path '\\\\sccm01\\SMS_ABC\\Client' because it \r\ndoes not exist.\r\nAt
>>>>>>> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473950183.23-4669660185\r\n733\\test.ps1:1
>>>>>>>
>>>>>>> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+
>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo
>>>>>>> :
>>>>>>> ObjectNotFound: (\\\\sccm01\\SMS_ABC\\Client:S \r\ntring)
>>>>>>> [Get-ChildItem],
>>>>>>> ItemNotFoundException\r\n+ FullyQualifiedErrorId :
>>>>>>> PathNotFound,Microsoft.PowerShell.Commands.GetCh
>>>>>>> \r\nildItemCommand\r\n",
>>>>>>> "stdout": "", "stdout_lines": []}
>>>>>>>
>>>>>>> PLAY RECAP
>>>>>>> *********************************************************************
>>>>>>> dc1.domain.com : ok=2 changed=1 unreachable=0 failed=0
>>>>>>>
>>>>>>> user@ansible:~/ansible>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wednesday, September 14, 2016 at 12:52:13 PM UTC-5, Surred wrote:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I'm having issues getting the double hop scenario working. To test
>>>>>>>> kerberos delegation I have a simple PowerShell script that does a
>>>>>>>> Get-ChildItem on a UNC path. When running the command manually on the
>>>>>>>> host
>>>>>>>> it works, but when executing as playbook with Ansible I get "Access
>>>>>>>> Denied." Below is my configuration and the verbose output I receive.
>>>>>>>> Any
>>>>>>>> help or suggestions would be greatly appreciated.
>>>>>>>>
>>>>>>>>
>>>>>>>> Environment:
>>>>>>>> user@ansible:~/ansible> pip list 2>/dev/null | grep -i pywinrm
>>>>>>>> pywinrm (0.2.0)
>>>>>>>>
>>>>>>>> user@ansible:~/ansible> ansible --version
>>>>>>>> ansible 2.1.0.0
>>>>>>>> config file = /home/user/ansible/ansible.cfg
>>>>>>>> configured module search path = Default w/o overrides
>>>>>>>>
>>>>>>>> user@ansible:~/ansible> cat /etc/*-release
>>>>>>>> NAME="SLES"
>>>>>>>> VERSION="11.4"
>>>>>>>> VERSION_ID="11.4"
>>>>>>>> PRETTY_NAME="SUSE Linux Enterprise Server 11 SP4"
>>>>>>>> ID="sles"
>>>>>>>> ANSI_COLOR="0;32"
>>>>>>>> CPE_NAME="cpe:/o:suse:sles:11:4"
>>>>>>>> SUSE Linux Enterprise Server 11 (x86_64)
>>>>>>>> VERSION = 11
>>>>>>>> PATCHLEVEL = 4
>>>>>>>>
>>>>>>>>
>>>>>>>> Inventory excerpt:
>>>>>>>> [all:vars]
>>>>>>>> ansible_ssh_port=5986
>>>>>>>> ansible_connection=winrm
>>>>>>>> ansible_winrm_transport=kerberos
>>>>>>>> ansible_winrm_kerberos_delegation=yes
>>>>>>>> [email protected]
>>>>>>>> ansible_winrm_server_cert_validation=ignore
>>>>>>>>
>>>>>>>> Playbook output:
>>>>>>>> user@ansible:~/ansible> ansible-playbook test.yml -i
>>>>>>>> inventories/domain -vvvvv
>>>>>>>> Using /home/user/ansible/ansible.cfg as config file
>>>>>>>> Loaded callback default of type stdout, v2.0
>>>>>>>>
>>>>>>>> PLAYBOOK: test.yml
>>>>>>>> *************************************************************
>>>>>>>> 1 plays in test.yml
>>>>>>>>
>>>>>>>> PLAY [list unc]
>>>>>>>> ****************************************************************
>>>>>>>>
>>>>>>>> TASK [list unc]
>>>>>>>> ****************************************************************
>>>>>>>> task path: /home/user/ansible/test.yml:6
>>>>>>>> <dc1.domain.com> ESTABLISH WINRM CONNECTION FOR USER:
>>>>>>>> [email protected] on PORT 5986 TO dc1.domain.com
>>>>>>>> <dc1.domain.com> WINRM CONNECT: transport=kerberos endpoint=
>>>>>>>> https://dc1.domain.com:5986/wsman
>>>>>>>> <dc1.domain.com> WINRM OPEN SHELL:
>>>>>>>> 33CC652E-0DED-4C66-B898-2860580A29A8
>>>>>>>> <dc1.domain.com> EXEC Set-StrictMode -Version Latest
>>>>>>>> (New-Item -Type Directory -Path $env:temp -Name
>>>>>>>> "ansible-tmp-1473809521.62-137672088908702").FullName | Write-Host
>>>>>>>> -Separator '';
>>>>>>>> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>>>>>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>>>>>>> u'-EncodedCommand',
>>>>>>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAE4AZQB3AC0ASQB0AGUAbQAgAC0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABlAG4AdgA6AHQAZQBtAHAAIAAtAE4AYQBtAGUAIAAiAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOAAwADkANQAyADEALgA2ADIALQAxADMANwA2ADcAMgAwADgAOAA5ADAAOAA3ADAAMgAiACkALgBGAHUAbABsAE4AYQBtAGUAIAB8ACAAVwByAGkAdABlAC0ASABvAHMAdAAgAC0AUwBlAHAAYQByAGEAdABvAHIAIAAnACcAOwA=']
>>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out
>>>>>>>> "C:\\Users\\ansible_svc", err "">'
>>>>>>>> <dc1.domain.com> PUT "/home/user/ansible/test.ps1" TO
>>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1"
>>>>>>>> <dc1.domain.com> WINRM PUT "/home/user/ansible/test.ps1" to
>>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1"
>>>>>>>>
>>>>>>>> (offset=46 size=46)
>>>>>>>> <dc1.domain.com> EXEC &
>>>>>>>>
>>>>>>>> 'C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702\test.ps1'
>>>>>>>> <dc1.domain.com> WINRM EXEC 'PowerShell' ['-NoProfile',
>>>>>>>> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted',
>>>>>>>> '-EncodedCommand',
>>>>>>>> 'JgAgACAAJwBDADoAXABVAHMAZQByAHMAXABhAG4AcwBpAGIAbABlAF8AcwB2AGMAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANAA3ADMAOAAwADkANQAyADEALgA2ADIALQAxADMANwA2ADcAMgAwADgAOAA5ADAAOAA3ADAAMgBcAHQAZQBzAHQALgBwAHMAMQAnAA==']
>>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "#<
>>>>>>>> CLIXML\r\n<Objs Ver">'
>>>>>>>> <dc1.domain.com> EXEC Set-StrictMode -Version Latest
>>>>>>>> Remove-Item
>>>>>>>> "C:\Users\ansible_svc\AppData\Local\Temp\ansible-tmp-1473809521.62-137672088908702"
>>>>>>>>
>>>>>>>> -Force -Recurse;
>>>>>>>> <dc1.domain.com> WINRM EXEC u'PowerShell' [u'-NoProfile',
>>>>>>>> u'-NonInteractive', u'-ExecutionPolicy', u'Unrestricted',
>>>>>>>> u'-EncodedCommand',
>>>>>>>> u'UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAGEAbgBzAGkAYgBsAGUAXwBzAHYAYwBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADcAMwA4ADAAOQA1ADIAMQAuADYAMgAtADEAMwA3ADYANwAyADAAOAA4ADkAMAA4ADcAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AA==']
>>>>>>>> <dc1.domain.com> WINRM RESULT u'<Response code 0, out "", err "">'
>>>>>>>> <dc1.domain.com> WINRM CLOSE SHELL:
>>>>>>>> 33CC652E-0DED-4C66-B898-2860580A29A8
>>>>>>>> changed: [dc1.domain.com] => {"changed": true, "invocation":
>>>>>>>> {"module_args": {"_raw_params": "/home/user/ansible/test.ps1"},
>>>>>>>> "module_name": "script"}, "rc": 0, "stderr": "Get-ChildItem : Access
>>>>>>>> is
>>>>>>>> denied\r\nAt
>>>>>>>> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473809521.62-1376720889\r\n08702\\test.ps1:1
>>>>>>>>
>>>>>>>> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+
>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo
>>>>>>>> :
>>>>>>>> PermissionDenied: (\\\\sccm01\\SMS_ABC\\Client \r\n:String)
>>>>>>>> [Get-ChildItem], UnauthorizedAccessException\r\n+
>>>>>>>> FullyQualifiedErrorId :
>>>>>>>> ItemExistsUnauthorizedAccessError,Microsoft.Powe
>>>>>>>> \r\nrShell.Commands.GetChildItemCommand\r\n\r\nGet-ChildItem : Cannot
>>>>>>>> find
>>>>>>>> path '\\\\sccm01\\SMS_ABC\\Client' because it \r\ndoes not
>>>>>>>> exist.\r\nAt
>>>>>>>> C:\\Users\\ansible_svc\\AppData\\Local\\Temp\\ansible-tmp-1473809521.62-1376720889\r\n08702\\test.ps1:1
>>>>>>>>
>>>>>>>> char:1\r\n+ Get-ChildItem \"\\\\sccm01\\SMS_ABC\\Client\"\r\n+
>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo
>>>>>>>> :
>>>>>>>> ObjectNotFound: (\\\\sccm01\\SMS_ABC\\Client:S \r\ntring)
>>>>>>>> [Get-ChildItem],
>>>>>>>> ItemNotFoundException\r\n+ FullyQualifiedErrorId :
>>>>>>>> PathNotFound,Microsoft.PowerShell.Commands.GetCh
>>>>>>>> \r\nildItemCommand\r\n",
>>>>>>>> "stdout": "", "stdout_lines": []}
>>>>>>>>
>>>>>>>> PLAY RECAP
>>>>>>>> *********************************************************************
>>>>>>>> dc1.domain.com : ok=1 changed=1 unreachable=0 failed=0
>>>>>>>>
>>>>>>>> user@ansible:~/ansible>
>>>>>>>>
>>>>>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b436c4b2-11fe-4527-acc6-869c7f99b118%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
