Hi Hawkesworth, Thanks for your quick response.
Please find the responses below, What is the exact error message you are seeing? *ansible hostname.mydomain.com -m win_ping -vvvvvv* *<hostname.mydomain.com > ESTABLISH WINRM CONNECTION FOR USER: on PORT 5986 TO hostname.mydomain.com * *<hostname.mydomain.com > WINRM CONNECT: transport=kerberos endpoint=https://hostname.mydomain.com :5986/wsman* *hostname.mydomain.com | FAILED => the username/password specified for this server was incorrect* 1/ In Powershell, running as Administrator, run winrm get winrm/config *Both working and not working hosts are giving same out put* 2/ Check the machines you cannot connect to have a current trust relationship with your domain controller (ensure you can log in with the same domain username and password as ansible is using). *It is working, and the user name is already in the format as you suggested * *ansible_ssh_user: [email protected] <[email protected]>* 3/ use kinit -C [email protected] to acquire a kerberos ticket, and then use klist to examine the ticket. *I was able to acquire kerberos ticket and the klist is showing necessary data. * *Ticket cache: KEYRING:persistent:0:0* *Default principal: [email protected]* *Valid starting Expires Service principal* *03/07/2016 11:05:32 03/07/2016 21:05:32 krbtgt/[email protected]* * renew until 03/07/2016 21:05:32 * 4/ ensure the hosts you cannot connect to have clocks synchronized with your AD Domain controllers *Yes, It is since the machine in which i am able to connect to having the same time as in the machine i am not able to connect. * 5/ ensure the hosts you cannot connect to can be found using both hostname and ip address *Yes, we can found the machines with IP and host names. This was tested using RDP.* Please let me know if you want to have any other details. Thanks, Akash John On Monday, March 7, 2016 at 8:25:43 PM UTC+5:30, J Hawkesworth wrote: > > What is the exact error message you are seeing? > > Also try running ansible with -v or -vvvvvv to see connection debugging > information. > > Here are some more suggestions: > > 1/ In Powershell, running as Administrator, run > > winrm get winrm/config > > on a machine that can't be connected to, and compare the same from a > machine that can be connected to. > > 2/ Check the machines you cannot connect to have a current trust > relationship with your domain controller (ensure you can log in with the > same domain username and password as ansible is using). > > Ensure the ansible_ssh_user has fully qualified domain name, and the > domain part is in UPPER CASE LETTERS > > ansible_ssh_user: [email protected] <javascript:> > > Not > > ansible_ssh_user: testuser@MY > > or > ansible_ssh_user: [email protected] <javascript:> > > 3/ use kinit -C [email protected] <javascript:> to acquire a kerberos > ticket, and then use klist to examine the ticket. > > 4/ ensure the hosts you cannot connect to have clocks synchronized with > your AD Domain controllers > > 5/ ensure the hosts you cannot connect to can be found using both hostname > and ip address > > That is: if you ping hostname, the response gives you an ip address. If > you then use that ip address with nslookup, it must return the same > hostname, or kerberos will not be able to connect. > > For example > > C:\> ping windows-t1 > > Pinging windows-t1.my.domain.com [192.168.1.100] with 32 bytes of data: > Reply from 192.168.1.100:...... > Control-C > ^C > > C:\> nslookup 192.168.1.100 > Server: dc01.my.domain.com > Address: 192.168.1.50 > > Name: windows-t1.my.domain.com > Address: 192.168.1.100 > > C:\> > > Hope this helps, > > Jon > > On Monday, 7 March 2016 13:52:50 UTC, Akash John wrote: >> >> Hi Hawkesworth, >> >> What version of windows and service pack is on the hosts that won't >> respond to ping? >> >> *Windows server 2012 R2 Standard, *but all other responding hosts are >> having same operating system version. >> >> >> Are you using the win_ping module? win_ping will connect using the wirnm >> port, rather than the normal ping port. You might have firewall configured >> not to respond to the normal ping port on the machines which are not >> responding. >> >> *Yes, we are using win_ping module and the port which we are using is >> 5986. The firewall is configured to enable all port access from ansible >> server to remote host.* >> >> >> Please ensure >> https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 >> has >> been run on the machines that won't respond. >> >> We ran the script, even after that we are getting the same response. >> >> >> Please let us know if you need to have any other details about the infra. >> >> >> >> On Saturday, March 5, 2016 at 7:53:51 PM UTC+5:30, J Hawkesworth wrote: >>> >>> What version of windows and service pack is on the hosts that won't >>> respond to ping? >>> >>> Are you using the win_ping module? win_ping will connect using the >>> wirnm port, rather than the normal ping port. You might have firewall >>> configured not to respond to the normal ping port on the machines which are >>> not responding. >>> >>> Please ensure >>> https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 >>> >>> has been run on the machines that won't respond. >>> >>> Hope this helps, >>> >>> Jon >>> >>> >>> >>> On Friday, 4 March 2016 15:20:58 UTC, Akash John wrote: >>>> >>>> Hi Team, >>>> >>>> We have configured ansible to perform activities on windows hosts and >>>> all are under the same AD. But some how some of the hosts are not >>>> providing >>>> positive ping response. Please find the response which we are getting >>>> below, >>>> >>>> *myserver.data.log.doman.com <http://myserver.data.log.doman.com> | >>>> FAILED => the username/password specified for this server was incorrect* >>>> >>>> *Configurations on Ansible* >>>> >>>> - Host file containing FQDN for each hosts >>>> - /etc/ansible/group_vars/windows.yaml containing >>>> - >>>> - *ansible_ssh_user: [email protected]* >>>> - *ansible_ssh_pass: MYPassword* >>>> - *ansible_connection: winrm* >>>> - *ansible_ssh_port: 5986* >>>> - Authentication: AD Authentication >>>> >>>> I have seen >>>> https://groups.google.com/forum/#!msg/ansible-project/Vzrr-s4iuss/WEn4Gv1iLQAJ >>>> >>>> on this place and cannot find the proper solution for the issue. >>>> >>>> Could you please help us to resolve this issue? >>>> >>>> Please let us know if you need to have any other details about the >>>> configuration. >>>> >>>> Thanks, >>>> Akash John >>>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c68b8454-b1c6-473e-8ecf-9368750695da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
