I ran into this. Upgrading the python modules *pykerberos* and *pywinrm* fixed it for me.
On Wednesday, September 29, 2021 at 6:26:23 AM UTC-7 gajendra....@gmail.com wrote: > Good evening All > > I am facing a small issue, could you please let me out > > This works if i allow unencrypted is true : Set-Item -Path > WSMan:\localhost\Service\AllowUnencrypted -Value true > > * Error: fatal: [win-client-01.adc1.com <http://win-client-01.adc1.com/>]: > UNREACHABLE! => {"changed": false, "msg": "kerberos: Bad HTTP response > returned from server. Code 500", "unreachable": true}* > > Note: I have not done any configuration on windows host node( default > winrm service is running and firewall is disabled) > > ======================== > yaml file: > ===================================== > --- > - name: TEst ping > hosts: all > vars: > ansible_user: terrafo...@adc1.com > ansible_password: ****** > ansible_connection: winrm > ansible_port: 5985 > ansible_winrm_transport: kerberos > ansible_winrm_server_cert_validation: ignore > ansible_winrm_kerberos_delegation: true > tasks: > - name: winping > win_ping: > register: out > ============================================= > kinit > =========================================== > ansible@ansible1:~$ kinit terrafo...@adc1.com > Password for terrafo...@adc1.com: > ansible@ansible1:~$ klist > Ticket cache: FILE:/tmp/krb5cc_1000 > Default principal: terrafo...@adc1.com > > Valid starting Expires Service principal > 09/29/21 12:52:55 09/29/21 22:52:55 krbtgt/adc1...@adc1.com > renew until 10/06/21 12:52:50 > > ============================================= > winrs-ouput > ============================================ > C:\Users\systemadmin>winrs -r:http://127.0.0.1:5985/wsman - > u:terrafor...@adc1.com -p:****** ipconfig > > Windows IP Configuration > > > Ethernet adapter Ethernet 2: > > Connection-specific DNS Suffix . : > jbtpdu1g0fpeddh5infylu3bjckbaug.gx.internal.cloudapp.net > Link-local IPv6 Address . . . . . : fe80::f8d7:1f58:8810:2e2f%5 > IPv4 Address. . . . . . . . . . . : 172.16.0.7 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 172.16.0.1 > > =================================================================================== > krb5-conf > > ============================================================================ > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = ADC1.COM <http://adc1.com/> > allow_weak_crypto = true > dns_lookup_realm = false > dns_lookup_kdc = false > rdns = false > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = true > > [realms] > ADC1.COM <http://adc1.com/> = { > kdc = testadc.adc1.com > admin_server = testadc.adc1.com > } > > ============================================================================== > packages > ================================ > ansible@ansible1:~$ pip list | grep kerb > pykerberos 1.1.14 > requests-kerberos 0.12.0 > ansible@ansible1:~$ pip list | grep ansible > ansible 4.6.0 > ansible-core 2.11.5 > ansible@ansible1:~$ > ============================================================= > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cbde19e9-7fe5-4ba0-8c26-a0e521e0f3c3n%40googlegroups.com.
