The fact that you were able to get a Kerberos ticket showed that your host is set up to get the tickets correctly. Some things you should check
- The domain account is a local admin, non admins can technically connect through WinRM but not by default. In any case Ansible is very limited with what it can do when connecting as a non-admin account so it's not something we usually document - The time is synced between your Ansible controller and the Windows server - You aren't using message encryption. This should be done automatically but some older libraries that Ansible uses may not have it available. To check set 'ansible_winrm_message_encryption: always' just to double check message encryption is available and works Also you should set `ansible_winrm_transport: kerberos' to stop the fallback to Basic auth. Unfortunately this is also another backwards compatibility issue which we can't take away but isn't something that is really optimal. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f877f403-e265-485a-8164-cfd14f9b45fb%40googlegroups.com.
