The "connection refused" error doesn't have anything to do with Kerberos- WinRM is not answering on 5986. Have you run the ConfigureRemotingForAnsible.ps1 script on the target host (or taken manual steps) to set up an HTTPS WinRM listener? If so, I'd suspect a firewall or some other networking issue is part of the problem.
I'd also suggest that you get things working with a local account and Basic auth first, as Kerberos can be a complicated beast to debug, and it sounds like you've got other problems to solve first that aren't Kerb-related. -Matt On Thursday, April 20, 2017 at 7:29:47 AM UTC-7, Mark Allison wrote: > > I've set up a new CentOS 7 VM and installed ansible fine and the kerberos > components according to this guide > https://docs.ansible.com/ansible/intro_windows.html#kerberos > > I've done the following: > Added the ansible control server Computer account to AD. > Added a test windows machine into /etc/ansible/hosts (called > wisteria.duck.loc) > Created /etc/ansible/group_vars/windows.yml with this text: > > ansible_user: [email protected] > ansible_password: SecretPasswordGoesHere > ansible_port: 5986 > ansible_connection: winrm > # The following is necessary for Python 2.7.9+ (or any older Python that > has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default > WinRM self-signed certificates: > ansible_winrm_server_cert_validation: ignore > > Ran kinit and klist and it worked fine. > > [mark@carnation ansible]$ ansible --version > > ansible 2.2.1.0 > config file = /etc/ansible/ansible.cfg > configured module search path = Default w/o overrides > > > [mark@carnation ansible]$ ansible windows -m win_ping > wisteria.duck.loc | UNREACHABLE! => { > "changed": false, > "msg": "kerberos: HTTPSConnectionPool(host='wisteria.duck.loc', > port=5986): Max retries exceeded with url: /wsman (Caused by > NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection > > object at 0x27b8510>: Failed to establish a new connection: [Errno 111] > Connection refused',)), ssl: HTTPSConnectionPool(host='wisteria.duck.loc', > port=5986): Max retries exceeded with url: /wsman (Caused by > NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection > > object at 0x285d750>: Failed to establish a new connection: [Errno 111] > Connection refused',))", > "unreachable": true > } > [mark@carnation ansible]$ > > Any ideas on next steps to troubleshoot? > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/21037cb3-c44f-4073-b78c-b593a7550332%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
