When you say 'it works' can you do more than a win_ping?
Server 2008 R2 comes with WMF 3.0 which had a bug when first released.
Worth at least checking that you have either upgraded to WMF 4.0 or have
installed hotfix (see blue box
here: http://docs.ansible.com/ansible/intro_windows.html#windows-system-prep)
Not convinced this is the cause of the problem as if I recall the symptoms
were different for me but worth ruling it out.
Jon
On Monday, August 31, 2015 at 2:51:50 PM UTC+1, Eyal Zarchi wrote:
>
> Hi everyone.
> i work with Amir who is the OP here.
> the issue is a bit more complicated than that:
>
> we have a few windows server 2008 R2 that we would like to use the winrm
> module.
> we have similar machines that some work and some dont. i compared the
> build of the machine, the build of the powershell and even local security
> policy. the result is still the same.
> we use kerberos and winbind on the controller machine and since the winrm
> module work for windows 2012 and some of the 2008 R2 machines with the
> domain username, i am guessing the issue is not on the controller.
>
> i though it was because it uses the ticket with the ldap user i logged
> into the controller machine but i am a member of the administrator group on
> the target machine and it still doesnt work.
> if i create a local username and put it in the administrator group, the
> winrm work.
>
> here is a machine that works:
>
> <rnpl-qa1-bes01> WINRM RESULT <Response code 0, out
> "C:\Users\deploy_rn\A", err "">
> <rnpl-qa1-bes01> PUT /tmp/tmpe8SQvn TO
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\win_ping
> <rnpl-qa1-bes01> WINRM PUT /tmp/tmpe8SQvn to
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\win_ping.ps1
>
> (offset=0 size=2035)
> <rnpl-qa1-bes01> WINRM PUT /tmp/tmpe8SQvn to
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\win_ping.ps1
>
> (offset=2035 size=2035)
> <rnpl-qa1-bes01> WINRM PUT /tmp/tmpe8SQvn to
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\win_ping.ps1
>
> (offset=4070 size=2035)
> <rnpl-qa1-bes01> WINRM PUT /tmp/tmpe8SQvn to
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\win_ping.ps1
>
> (offset=6105 size=602)
> <rnpl-qa1-bes01> PUT /tmp/tmpsiY4YG TO
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\arguments
> <rnpl-qa1-bes01> WINRM PUT /tmp/tmpsiY4YG to
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\arguments
>
> (offset=0 size=2)
> <rnpl-qa1-bes01> EXEC PowerShell -NoProfile -NonInteractive
> -ExecutionPolicy Unrestricted -File
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\win_ping.ps1
>
> C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\\arguments;
>
> Remove-Item
> "C:\Users\deploy_rn\AppData\Local\Temp\ansible-tmp-1441020926.8-178247757458762\"
>
> -Force -Recurse;
> <rnpl-qa1-bes01> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive',
> '-EncodedCommand',
> 'UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARgBpAGwAZQAgAEMAOgBcAFUAcwBlAHIAcwBcAGQAZQBwAGwAbwB5AF8AcgBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADQANAAxADAAMgAwADkAMgA2AC4AOAAtADEANwA4ADIANAA3ADcANQA3ADQANQA4ADcANgAyAFwAXAB3AGkAbgBfAHAAaQBuAGcALgBwAHMAMQAgAEMAOgBcAFUAcwBlAHIAcwBcAGQAZQBwAGwAbwB5AF8AcgBuAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXABhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADQANAAxADAAMgAwADkAMgA2AC4AOAAtADEANwA4ADIANAA3ADcANQA3ADQANQA4ADcANgAyAFwAXABhAHIAZwB1AG0AZQBuAHQAcwA7ACAAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAIgBDADoAXABVAHMAZQByAHMAXABkAGUAcABsAG8AeQBfAHIAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA0ADQAMQAwADIAMAA5ADIANgAuADgALQAxADcAOAAyADQANwA3ADUANwA0ADUAOAA3ADYAMgBcACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AA==']
> <rnpl-qa1-bes01> WINRM RESULT <Response code 0, out "{ "changed": f", err
> "">
> rnpl-qa1-bes01 | success >> {
> "changed": false,
> "ping": "pong"
> }
>
>
> here is one that doesnt work:
>
> <rnpl-qa1-sts01> ESTABLISH WINRM CONNECTION FOR USER: on PORT 5986 TO
> rnpl-qa1-sts01
> <rnpl-qa1-sts02> ESTABLISH WINRM CONNECTION FOR USER: on PORT 5986 TO
> rnpl-qa1-sts02
> <rnpl-qa1-sts01> WINRM CONNECT: transport=kerberos endpoint=
> https://rnpl-qa1-sts01:5986/wsman
> <rnpl-qa1-sts02> WINRM CONNECT: transport=kerberos endpoint=
> https://rnpl-qa1-sts02:5986/wsman
> rnpl-qa1-sts01 | FAILED => the username/password specified for this server
> was incorrect
> rnpl-qa1-sts02 | FAILED => the username/password specified for this server
> was incorrect
>
>
> as soon as i remove the @DOMAIN from the host file, and use a local
> username, the winrm works.
> i am probably missing a silly thing but i cant find it.
> thanks
>
>
>
>
> On Wednesday, August 19, 2015 at 11:19:46 AM UTC+3, Amir Luzon wrote:
>>
>> hi guys,
>>
>> our control machine is configured so that we can login to the machine
>> with our LDAP (windows) users. from there we run ansible playbooks.
>>
>> here are some of the configurations we use:
>>
>> [windows:vars]
>> ansible_ssh_user=[DeployUser]@[OurDomain]
>> ansible_ssh_pass=password
>> ansible_connection=winrm
>>
>> the [DeployUser] is not the same as the LDAP user to login to the ansible
>> control machine.
>>
>> yet when running powershell modules on a windows machine we noticed that
>> Ansible will use the LDAP user used to login to control machine and not the
>> user configured in the hosts file on ansible_ssh_user.
>>
>> from what i understand ansible should use the ansible_ssh_user on windows
>> machine to do whatever but for us it uses the LDAP user???
>>
>> anyone encounter this issue? please help!
>>
>>
>> thanks in advance
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2c48eda5-bd81-4798-9675-a75c791cf2d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
