[ansible-project] AnsibleAWX && WINRM returns "certificate: the specified credentials were rejected by the server"

[Robert Rozek]

I have setup Windows remote management as per guidelines from below for the 
certificate:
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#certificate
 

So what I have done. 

1. Enabled WINRM using the enableremote.....ps scirpt
2. enabled certificate use using "Set-Item -Path 
WSMan:\localhost\Service\Auth\Certificate -Value $true" 
3. Generated Certificate from AnsibleAWX using OpenSSL  using step from 
link above
4. copied over .pem an key.pem files from ansible to windows host
5. Imported .pem file to both locations Trusted root and Trusted people of 
local machine.
6. Mapped cert to account using windows creds. 


My playbook looks like so: 

--- - hosts:      - all   gather_facts: no   vars:     ansible_port: 5986     
#ansible_user: support     ansible_connection: winrm     
ansible_winrm_transport: certificate     ansible_winrm_cert_pem: 
/opt/cust-env/windows/windowscert.pem     ansible_winrm_cert_key_pem: 
/opt/cust-env/windows/windowscert_key.pem     
ansible_winrm_server_cert_validation: ignore   tasks:    - name: ping      
win_ping:






WinRM config: 


Service
    RootSDDL = 
O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = false
    Auth
        Basic = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = *
    IPv6Filter = *
    EnableCompatibilityHttpListener = false
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint
    AllowRemoteAccess = true




And lastly the error I am getting when running the play. 


<10.113.7.55> ESTABLISH WINRM CONNECTION FOR USER: root on PORT 5986 TO 
10.113.7.55
22
fatal: [10.113.7.55]: UNREACHABLE! => {
23
    "changed": false, 
24
    "msg": "certificate: the specified credentials were rejected by the 
server", 
25
    "unreachable": true
26
}
27
28
PLAY RECAP *********************************************************************
17:03:47
29
10.113.7.55                : ok=0    changed=0    unreachable=1    failed=0    
skipped=0    rescued=0    ignored=0   








Any help/advice would be appriciated. I am very desparate and spent some time 
on this already. 


Regards




-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/06c755be-5d51-4060-b3a4-b970b7c31c01%40googlegroups.com.