I can't tell what changes, but while ansible is trying to connect, it
throws this error in the event log:
Log Name: System
Event ID: 10111
Level: Warning
Source: Microsoft-Windows-WinRM
Description:
User authentication using Basic Authentication scheme failed.
Unexpected error received from LogonUser 1326: %%1326
On Saturday, February 29, 2020 at 9:13:20 PM UTC-8, Dave York wrote:
>
> Further troubleshooting makes this seem like it has something to do with
> time (GPO applying maybe?)
>
> I can run another job with the same connection to staging_domain and
> eventually it starts working.
>
> I'm still trying to figure it out, ill post back here if I find anything
>
> On Saturday, February 29, 2020 at 7:33:38 PM UTC-8, Dave York wrote:
>>
>> Thanks Jordan, I think you kicked me in the right direction, but still
>> missing something. I'm following your guidance somewhat, but I'm adding
>> the inventory within the playbook instead of in the inventory:
>>
>> - name: add new host staging_domain to inventory
>> add_host:
>> name: staging_domain
>> ansible_host: serverA.internal.domain
>> ansible_user: '{{ ansible_user }}'
>> ansible_password: '{{ ansible_password }}'
>> ansible_connection: winrm
>> ansible_port: 5985
>>
>> - name: add new host staging_localadmin to inventory
>> add_host:
>> name: staging_localadmin
>> ansible_host: serverA.internal.domain
>> ansible_user: Administrator
>> ansible_password: '{{ randopass }}'
>> ansible_connection: winrm
>> ansible_port: 5985
>>
>> The above works when I connect to staging_localadmin, but does NOT when I
>> connect to staging_domain.
>>
>> When connecting to staging_domain, I get:
>>
>> plaintext: the specified credentials were rejected by the server
>>
>> I'm running this from tower, so the {{ ansible_user }} and {{
>> ansible_password }} I'm passing staging_domain should be the machine
>> credentials. I verified this with some debug statements.
>>
>>
>> On Friday, February 28, 2020 at 4:48:20 PM UTC-8, Jordan Borean wrote:
>>>
>>> What you have there is one way but by default WinRM only allows local
>>> administrators to connect to the host so you need to make sure you either
>>> the domain user is also a local admin or adjust the WinRM security to allow
>>> non-admins to connect.
>>>
>>> Another option is to define the host twice in your inventory like so
>>>
>>> [windows]
>>> serverA_local ansible_host=serverA.internal.domain
>>> ansible_user=administrator
>>> ansible_password=pass
>>> serverA_domain ansible_host=serverA.internal.domain ansible_user=DOMAIN
>>> \user ansible_password=pass
>>>
>>> [windows:vars]
>>> ansible_connection=winrm
>>> ansible_port=5985
>>>
>>> In your play you would set hosts: serverA_local for the local inventory
>>> entry and hosts: serverA_domain for the domain inventory.
>>>
>>> Thanks
>>>
>>> Jordan
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ad525c9b-def1-45a8-9f6f-5de733d8bc38%40googlegroups.com.
