Is the second domain "setup" either in AD as an alternate UPN suffix or via
a trust relationship with the forest? If it was, it would likely work.
Also, what auth are you using; local acct, domain acct; ntlm, kerberos, etc.
-cupcake
On Thursday, March 9, 2017 at 3:01:10 AM UTC-5, MKPhil wrote:
>
> Hi,
> I posted a similar question over on Stack Overflow but without any helpful
> replies so I thought I'd try this group too... I don't think it is an
> Ansible question per se but has arisen from our use of Ansible
>
> We have Windows servers with two NICs, two separate IPs and two FQDNs in
> DNS, e.g.
>
>> SERVER01.ADdomain.company.corp [10.0.0.1]
>
> SERVER01.management.company.corp [192.168.0.1]
>
>
> Both are configured in Windows and I can RDP, Telnet, HTTP or whatever to
> both names and both IPs (assuming firewalls & routing are configured
> correctly and there is something listening on the relevant ports). This
> set-up is primarily to enable our management traffic (e.g. Backups) to
> communicate over an alternative NIC to the primary traffic.
>
> WinRM has been configured (using the ConfigureRemotingForAnsible.ps1
> script) and I can prove that it works if I use Ansible or PowerShell on the
> AD name:
>
>> $ ansible -m win_ping SERVER01.ADdomain.company.corp
>> SERVER01.ADdomain.company.corp | SUCCESS => {
>> "changed": false,
>> "ping": "pong"
>> }
>
>
> PS> Invoke-Command -scriptblock{hostname} -ComputerName
>> SERVER01.ADdomain.company.corp
>
> SERVER01
>
>
>
> My problems come when I try to use the other FQDN. Ansible returns:
>
>> SERVER01.management.company.corp | UNREACHABLE! => {
>> "changed": false,
>> "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS
>> failure. Minor code may provide more information', 851968), ('Server not
>> found in Kerberos database', -1765328377)), ssl: the specified credentials
>> were rejected by the server",
>> "unreachable": true
>> }
>
>
> And PowerShell sayeth:
>
>> [SERVER01.management.company.corp] Connecting to remote server
>> SERVER01.management.company.corp failed with the following error message :
>> WinRM cannot process the request. The following error occurred while using
>> Kerberos authentication: Cannot find the computer
>> SERVER01.management.company.corp. Verify that the computer exists on the
>> network and that the name provided is spelled correctly. For more
>> information, see the about_Remote_Troubleshooting
>> Help topic.
>> + CategoryInfo : OpenError:
>> (SERVER01.management.company.corp:String) [], PSRemotingTransportException
>> + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionStateBroken
>
>
>
> From reading about this I think it is because the Kerberos Authentication
> that WinRM uses only works on the AD name but my question is this: Is there
> any way to get the Ansible/WinRM/PowerShell working using the second FQDN?
> If not, why not? Any documents (particularly from Ansible and/or Microsoft)
> to back this up would be appreciated.
>
> Cheers
> Phil
>
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/de9a83ab-ea94-4a7c-a959-3ba05ceab72f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
