try using ansible_user: [email protected]
as the user name. Without this ansible will expect 'automation' to be a local user, not a domain user. Also, if you are wanting to control remote resources (file shares on other machines) via ansible and a windows jump host, its worth setting ansible_winrm_kerberos_delegation: yes ... as well. If you are just getting started with ansible and windows, this page is well worth reading: http://docs.ansible.com/ansible/devel/user_guide/windows_usage.html Hope this helps, Jon On Monday, February 26, 2018 at 3:25:15 PM UTC, Dinesh Vashisht wrote: > > Hi All, > > We are using Ansible Version: 2.4.2.0. > > Power Shell remoting (WinRM trust) is not working when using Active > Directory even after establishing: > > *Successful Kerberos Authentication*: > > Default principal: [email protected] <javascript:> > > Valid starting Expires Service principal > 02/26/2018 09:23:25 02/26/2018 19:23:25 krbtgt/[email protected] > <javascript:> > renew until 03/05/2018 09:23:19 > [root@calam1 group_vars]# > > > *Following are test results:* > > [root@calam1 group_vars]# ansible windows-jump-servers -m win_ping > pcijmp1.itrnetwork.com | UNREACHABLE! => { > "changed": false, > "msg": "ssl: the specified credentials were rejected by the server", > "unreachable": true > } > > > *Contents of file /etc/ansible/group_vars/windows-jump-servers.yml:* > > ansible_user: automation > ansible_password: <my_password> > ansible_port: 5986 > ansible_connection: winrm > ansible_winrm_scheme: https > ansible_winrm_server_cert_validation: ignore > > > It works OK with a local user on the same domain joined Windows server. > > Can someone help to verify cause and advice how to resolve this? > > Thank you, > Dinesh Vashisht > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/aafbdf69-09ca-4e96-b878-cf9101154791%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
