Yeah i know that is based on http.sys I checked also the http/https binding over netsh and compare them between a working and non working system. Realy no clue why this happening.
I put now 3 Days of work into that debugging, now i switch to ensure the dns records are prefilled priorer theh provisioning of the vms, so the issue don't come up... So looks like no one is using ADFS with Ansible :-). But this is not worth anymore time to debug i think... Am Samstag, 24. Juni 2017 11:32:27 UTC+2 schrieb Trond Hindenes: > > ADFS/WAP manipulates http.sys, which is the shared process taking care of > winRM, IIS and other http-related calls into the host. I've never tested it > but it kinda makes sense that there are issues there. > > On Friday, June 23, 2017 at 10:05:38 AM UTC+2, J Hawkesworth wrote: >> >> My guess would be that something about these windows server roles causes >> some kind of reset or restart of some part of the http stack (which WinRM >> depends on). >> >> I know kerberos needs DNS to work properly - the hostname is important >> for kerberos for reasons I forget, but it needs to be able to go from ip -> >> hostname and hostname -> ip in order to work fully. >> >> Is it difficult for you to make use of the hostname in your environment? >> >> There are modules now for configuring dns resolution ( >> https://docs.ansible.com/ansible/win_dns_client_module.html) and also a >> module for updating DNS >> https://docs.ansible.com/ansible/nsupdate_module.html >> >> So you might be able to configure things so you can use hostnames from >> the start. >> >> Hope this helps, >> >> Jon >> >> On Wednesday, June 21, 2017 at 5:29:57 PM UTC+1, David Baumann wrote: >>> >>> Hi i got a realy akward Problem with Ansible(devel) >>> >>> >>> Got Multiple Servers and all works fine with WinRM and Kerberos on >>> Ansible Side until i Install/Configure follow Windows Roles on hosts >>> >>> - Active Directory Federation Service >>> - WebapplicationProxy >>> >>> All Servers are based on the Same VM Template >>> >>> <https://gist.github.com/daBONDi/4f9a4f6f5feb49fdcb3f7451b92612e9#connection-over-winrm-first-with-basic-auth-for-provisioning-then-i-switch-on-the-fly-to-kerberos>Connection >>> >>> over WinRM first with SSL/Basic Auth for Provisioning then i Switch on the >>> Fly to SSL/Kerberos >>> >>> Basic ansible_user: username >>> Kerberos ansible_user: user...@domain.tld >>> >>> Got always requests.exceptions.ConnectionError: ('Connection aborted.', >>> error(104, 'Connection reset by peer')) >>> >>> What i found out if i use the FQDN it works both with Basic and Kerberos >>> over SSL on the Server with ADFS/WAP Installed >>> With an IP Address it only works on Server without ADFS or WAP Installed. >>> >>> *More Details and Debugging Writeout under * >>> >>> https://gist.github.com/daBONDi/4f9a4f6f5feb49fdcb3f7451b92612e9 >>> >>> Maybe a some of you find out the same with an ADFS / WAP Server and >>> could help me diagnose it >>> >>> Thanks in advance for you Time >>> >>> David Baumann(daBONDI@Github) >>> www.davidbaumann.at >>> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7ce8b5e5-b6b0-4598-a09b-3bf999a09ecf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
