Hey
Looks like you are trying to connect over port 5985 which is defaulting to
http://hostname:5985/wsman instead of https://hostname:5986/wsman and
Ansible by default doesn't allow you to talk through HTTP unless you have
disabled some security restrictions on the Windows host itself.
For a bit of background the default port for the HTTP listener is 5985
while HTTPS is 5986. You can see what your host is configured with by
running the following in powershell on your Windows box.
winrm enumerate winrm/config/Listener
This is the type of output you would expect from this command (note the
IP/Hostname/Certificate thumbprint would be different)
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = HOSTNAME
Enabled = true
URLPrefix = wsman
CertificateThumbprint = A377DD78797710B2E7185682BC32D9C9BE8E8B5D
ListeningOn = 192.168.1.2, 127.0.0.1
Listener [Source="GPO"]
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 192.168.1.2, 127.0.0.1
The above tells me I have a HTTP listener running and is over port 5985
while I also have a HTTPS listener running and is over port 5986. As I was
saying at the start you can get Ansible to talk over HTTP but you will have
to allow unencrypted messages to be received on the host. If you use HTTPS
you don't have to worry about encrypting the messages as it is done over
TLS and so Ansible should work with that.
Once you have verified the above and ensured you have a HTTPS listener
active you will also want to modify you configuration to be something like
ansible_user: username@MYDOMAIN
ansible_password: "{{ windows_password }}"
ansible_port: 5986 # Tell Ansible to use HTTPS
ansible_connection: winrm
ansible_winrm_transport: ntlm
ansible_winrm_server_cert_validation: ignore
There were a few entries in there that are not needed for NTLM which I've
removed. You should be able to specify the user using the UPN format
(usern...@realm.com) or Down Level login format (REALM\username), I usually
use the down level for NTLM and UPN for Kerberos but they should be
interchangable.
Hopefully this helps you to get it working and understand a bit more on the
transport side.
Thanks
Jordan
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0182e339-f5ad-4694-b51d-908f2432a926%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
