Hi,
Goal : Use Linux centos 7.8 server with ansible version 2.9.7 to manage
windows 2019 server
Error : <ServerX> WINRM CONNECTION ERROR: function takes at most 2
arguments (3 given)
#######################################
Ansible Version :
ansible 2.9.7
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5
20150623 (Red Hat 4.8.5-39)]
#######################################
Linux OS
CentOS 7.8
#######################################
No linux Firewall
No network Firewall between Linux & Windows
#######################################
pip install "pywinrm>=0.3.0"
#######################################
cat /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
# dns_lookup_realm = false
ticket_lifetime = 2400h
renew_lifetime = 777d
forwardable = true
rdns = false
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
default_realm = TEST.COM
[realms]
TEST.COM = {
kdc = x2.TEST.COM
kdc = x1.TEST.COM
}
[domain_realm]
.TEST.COM = TEST.COM
TEST.COM = TEST.COM
#######################################
kinit -C us...@test.com
#######################################
ansible windows -m win_ping -vvvvvv
Shows :
Using module file
/usr/lib/python2.7/site-packages/ansible/modules/windows/win_ping.ps1
Pipelining is enabled.
<ServerX> ESTABLISH WINRM CONNECTION FOR USER: us...@test.com on PORT 5986
TO ServerX
<ServerX> WINRM CONNECT: transport=kerberos
endpoint=https://ServerX:5986/wsman
<ServerX> WINRM CONNECTION ERROR: function takes at most 2 arguments (3
given)
#######################################
Ansible host file
[windows]
ServerX
[windows:vars]
ansible_user=us...@test.com
ansible_passwordi='xx'
ansible_port=5986
ansible_connection=winrm
ansible_winrm_scheme=https
ansible_winrm_server_cert_validation=ignore
ansible_winrm_transport=kerberos
#######################################
Windows OS side :
Ran
https://github.com/jborean93/ansible-windows/blob/master/scripts/Upgrade-PowerShell.ps1
#######################################
#######################################
winrm works well ...
Invoke-Command -ComputerName ServerX -ScriptBlock { Get-ChildItem C:\ }
#######################################
So doc -
https://argonsys.com/microsoft-cloud/articles/configuring-ansible-manage-windows-servers-step-step/
was followed in short
I also went through some google links & did below
Windows Firewall : checked firewall port - was allowed - 5986 is secure
https winrm traffic
nc -zv ServerX 5986 - was ok
winrm configSDDL default - added the user
#######################################
Is it possible the account password has simply expired? No - Yeah but
checked the user account's properties... box is checked 'Password never
expires'
#######################################
tried below no luck :
In my case, a just add this line on [libdefaults] in my krb5.conf:
allow_weak_crypto = true
#######################################
pip list | grep -i kerberos
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020.
Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0
will drop support for Python 2.7 in January 2021. More details about Python
2 support in pip, can be found at
https://pip.pypa.io/en/latest/development/release-process/#python-2-support
kerberos 1.1
pykerberos 1.2.1
requests-kerberos 0.7.0
#######################################
python --version
Python 2.7.5
#######################################
just to be sure, please check you have a kerberos ticket which has not
expired before running - its is not
ie tried all things in github.com/ansible/ansible/issues/16478
#######################################
PS C:\WINDOWS\system32> winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32>
#######################################
PS C:\WINDOWS\system32> winrm get winrm/config/service
Service
RootSDDL =
O:NSG:BAD:P(A;;GXGR;;;...)(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
PS C:\WINDOWS\system32>
#######################################
Tried a local account as well on windows - no luck
#######################################
Thanks Please suggest
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/36185cd9-e403-49e6-bad5-a16c7e784453%40googlegroups.com.
