Yeah i know that is based on http.sys I checked also the http/https binding over netsh and compare them between a working and non working system. Realy no clue why this happening.
I put now 3 Days of work into that debugging, now i switch to ensure the dns records are prefilled priorer theh provisioning of the vms, so the issue don't come up... So looks like no one is using ADFS with Ansible :-). But this is not worth anymore time to debug i think... Am Samstag, 24. Juni 2017 11:32:27 UTC+2 schrieb Trond Hindenes: > > ADFS/WAP manipulates http.sys, which is the shared process taking care of > winRM, IIS and other http-related calls into the host. I've never tested it > but it kinda makes sense that there are issues there. > > On Friday, June 23, 2017 at 10:05:38 AM UTC+2, J Hawkesworth wrote: >> >> My guess would be that something about these windows server roles causes >> some kind of reset or restart of some part of the http stack (which WinRM >> depends on). >> >> I know kerberos needs DNS to work properly - the hostname is important >> for kerberos for reasons I forget, but it needs to be able to go from ip -> >> hostname and hostname -> ip in order to work fully. >> >> Is it difficult for you to make use of the hostname in your environment? >> >> There are modules now for configuring dns resolution ( >> https://docs.ansible.com/ansible/win_dns_client_module.html) and also a >> module for updating DNS >> https://docs.ansible.com/ansible/nsupdate_module.html >> >> So you might be able to configure things so you can use hostnames from >> the start. >> >> Hope this helps, >> >> Jon >> >> On Wednesday, June 21, 2017 at 5:29:57 PM UTC+1, David Baumann wrote: >>> >>> Hi i got a realy akward Problem with Ansible(devel) >>> >>> >>> Got Multiple Servers and all works fine with WinRM and Kerberos on >>> Ansible Side until i Install/Configure follow Windows Roles on hosts >>> >>> - Active Directory Federation Service >>> - WebapplicationProxy >>> >>> All Servers are based on the Same VM Template >>> >>> <https://gist.github.com/daBONDi/4f9a4f6f5feb49fdcb3f7451b92612e9#connection-over-winrm-first-with-basic-auth-for-provisioning-then-i-switch-on-the-fly-to-kerberos>Connection >>> >>> over WinRM first with SSL/Basic Auth for Provisioning then i Switch on the >>> Fly to SSL/Kerberos >>> >>> Basic ansible_user: username >>> Kerberos ansible_user: [email protected] >>> >>> Got always requests.exceptions.ConnectionError: ('Connection aborted.', >>> error(104, 'Connection reset by peer')) >>> >>> What i found out if i use the FQDN it works both with Basic and Kerberos >>> over SSL on the Server with ADFS/WAP Installed >>> With an IP Address it only works on Server without ADFS or WAP Installed. >>> >>> *More Details and Debugging Writeout under * >>> >>> https://gist.github.com/daBONDi/4f9a4f6f5feb49fdcb3f7451b92612e9 >>> >>> Maybe a some of you find out the same with an ADFS / WAP Server and >>> could help me diagnose it >>> >>> Thanks in advance for you Time >>> >>> David Baumann(daBONDI@Github) >>> www.davidbaumann.at >>> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7ce8b5e5-b6b0-4598-a09b-3bf999a09ecf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
