[ansible-project] Windows: kerberos: the specified credentials were rejected by the server

[Subhi Andrews]

I am using the following ansible settings:

ansible_user: 'myuser'
ansible_password: 'mypass'
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
ansible_winrm_message_encryption: always
ansible_winrm_kerberos_delegation: true


ansible_user is a domain user - that has administrative rights on all the 
nodes. 

Then I run win_ping command.

 /usr/local/bin/ansible citrix_ch3 -m win_ping
ctx11 | UNREACHABLE! => {
    "changed": false,
    "msg": "kerberos: the specified credentials were rejected by the 
server",
    "unreachable": true
}
ctx12 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
ctx13 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
ctx14 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}


I get unreachable from just one host.  This is the WinRM config on the 
machine that's unreachable:


PS C:\> winrm get winrm/config
Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts
    Service
        RootSDDL = 
O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = true
        Auth
            Basic = true
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 2147483647
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 2147483647
        MaxMemoryPerShellMB = 2147483647
        MaxShellsPerUser = 2147483647

Any suggestions or help on how to potentially debug/resolve this problem?

Thank you all,
Subhi.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/eb35b30d-89f6-4489-b7b6-719fde4916d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.