Yeah i know that is based on http.sys

I checked also the http/https binding over netsh and compare them between a 
working and non working system. Realy no clue why this happening.

I put now 3 Days of work into that debugging, now i switch to ensure the 
dns records are prefilled priorer theh provisioning of the vms, so the 
issue don't come up...

So looks like no one is using ADFS with Ansible :-).

But this is not worth anymore time to debug i think...



Am Samstag, 24. Juni 2017 11:32:27 UTC+2 schrieb Trond Hindenes:
>
> ADFS/WAP manipulates http.sys, which is the shared process taking care of 
> winRM, IIS and other http-related calls into the host. I've never tested it 
> but it kinda makes sense that there are issues there.
>
> On Friday, June 23, 2017 at 10:05:38 AM UTC+2, J Hawkesworth wrote:
>>
>> My guess would be that something about these windows server roles causes 
>> some kind of reset or restart of some part of the http stack (which WinRM 
>> depends on).
>>
>> I know kerberos needs DNS to work properly - the hostname is important 
>> for kerberos for reasons I forget, but it needs to be able to go from ip -> 
>> hostname and hostname -> ip in order to work fully.
>>
>> Is it difficult for you to make use of the hostname in your environment?
>>
>> There are modules now for configuring dns resolution (
>> https://docs.ansible.com/ansible/win_dns_client_module.html) and also a 
>> module for updating DNS 
>> https://docs.ansible.com/ansible/nsupdate_module.html 
>>
>> So you might be able to configure things so you can use hostnames from 
>> the start.
>>
>> Hope this helps,
>>
>> Jon
>>
>> On Wednesday, June 21, 2017 at 5:29:57 PM UTC+1, David Baumann wrote:
>>>
>>> Hi i got a realy akward Problem with Ansible(devel)
>>>
>>>
>>> Got Multiple Servers and all works fine with WinRM and Kerberos on 
>>> Ansible Side until i Install/Configure follow Windows Roles on hosts
>>>
>>>  - Active Directory Federation Service
>>>  - WebapplicationProxy
>>>
>>> All Servers are based on the Same VM Template
>>>
>>> <https://gist.github.com/daBONDi/4f9a4f6f5feb49fdcb3f7451b92612e9#connection-over-winrm-first-with-basic-auth-for-provisioning-then-i-switch-on-the-fly-to-kerberos>Connection
>>>  
>>> over WinRM first with SSL/Basic Auth for Provisioning then i Switch on the 
>>> Fly to SSL/Kerberos
>>>
>>> Basic ansible_user: username
>>> Kerberos ansible_user: [email protected]
>>>
>>> Got always requests.exceptions.ConnectionError: ('Connection aborted.', 
>>> error(104, 'Connection reset by peer'))
>>>
>>> What i found out if i use the FQDN it works both with Basic and Kerberos 
>>> over SSL on the Server with ADFS/WAP Installed
>>> With an IP Address it only works on Server without ADFS or WAP Installed.
>>>
>>> *More Details and Debugging Writeout under *
>>>
>>> https://gist.github.com/daBONDi/4f9a4f6f5feb49fdcb3f7451b92612e9
>>>
>>> Maybe a some of you find out the same with an ADFS / WAP Server and 
>>> could help me diagnose it
>>>
>>> Thanks in advance for you Time
>>>
>>> David Baumann(daBONDI@Github)
>>> www.davidbaumann.at
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7ce8b5e5-b6b0-4598-a09b-3bf999a09ecf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to