bump On Thursday, 12 December 2019 17:06:06 UTC, Robert Rozek wrote: > > I have setup Windows remote management as per guidelines from below for > the certificate: > > https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#certificate > > > So what I have done. > > 1. Enabled WINRM using the enableremote.....ps scirpt > 2. enabled certificate use using "Set-Item -Path > WSMan:\localhost\Service\Auth\Certificate -Value $true" > 3. Generated Certificate from AnsibleAWX using OpenSSL using step from > link above > 4. copied over .pem an key.pem files from ansible to windows host > 5. Imported .pem file to both locations Trusted root and Trusted people of > local machine. > 6. Mapped cert to account using windows creds. > > > My playbook looks like so: > > --- - hosts: - all gather_facts: no vars: ansible_port: 5986 > #ansible_user: support ansible_connection: winrm > ansible_winrm_transport: certificate ansible_winrm_cert_pem: > /opt/cust-env/windows/windowscert.pem ansible_winrm_cert_key_pem: > /opt/cust-env/windows/windowscert_key.pem > ansible_winrm_server_cert_validation: ignore tasks: - name: ping > win_ping: > > > > > > > WinRM config: > > > Service > RootSDDL = > O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD) > MaxConcurrentOperations = 4294967295 > MaxConcurrentOperationsPerUser = 1500 > EnumerationTimeoutms = 240000 > MaxConnections = 300 > MaxPacketRetrievalTimeSeconds = 120 > AllowUnencrypted = false > Auth > Basic = true > Kerberos = true > Negotiate = true > Certificate = true > CredSSP = false > CbtHardeningLevel = Relaxed > DefaultPorts > HTTP = 5985 > HTTPS = 5986 > IPv4Filter = * > IPv6Filter = * > EnableCompatibilityHttpListener = false > EnableCompatibilityHttpsListener = false > CertificateThumbprint > AllowRemoteAccess = true > > > > > And lastly the error I am getting when running the play. > > > <10.113.7.55> ESTABLISH WINRM CONNECTION FOR USER: root on PORT 5986 TO > 10.113.7.55 > 22 > fatal: [10.113.7.55]: UNREACHABLE! => { > 23 > "changed": false, > 24 > "msg": "certificate: the specified credentials were rejected by the > server", > 25 > "unreachable": true > 26 > } > 27 > 28 > PLAY RECAP > ********************************************************************* > 17:03:47 > 29 > 10.113.7.55 : ok=0 changed=0 unreachable=1 failed=0 > skipped=0 rescued=0 ignored=0 > > > > > > > > > Any help/advice would be appriciated. I am very desparate and spent some time > on this already. > > > Regards > > > > >
-- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e6e5192c-b79f-4229-8fc3-82edfbd90949%40googlegroups.com.
