Hi Hawkesworth, kinit -C giving an output as [email protected] and is prompting for inputting password. I have used the same as you suggested (ansible_ssh_user: [email protected]) and I cannot find any change while executing win_ping.
But, if it is the case how other servers are providing proper response to win_ping.. Do we need to check anything from Windows Server side? Thanks, Akash John On Tuesday, March 8, 2016 at 6:05:46 PM UTC+5:30, J Hawkesworth wrote: > > Looks like you have some parent/subdomain relationship going on. In my > experience you must use whatever domain name is returned by kinit -C. So > kinit -C returns CORP.MYDOMAIN.COM in your case - so that is what you > need to put in your kinit command line and ansible_ssh_user - if not the > domains don't match up and maybe that is why you are getting the 'the > username/password specified for this server is incorrect' message. > > Hope this helps, > > Jon > > > > > On Monday, 7 March 2016 16:14:55 UTC, Akash John wrote: >> >> Hi Hawkesworth, >> >> Thanks for your quick response. >> >> Please find the responses below, >> >> What is the exact error message you are seeing? >> >> *ansible hostname.mydomain.com <http://hostname.mydomain.com> -m win_ping >> -vvvvvv* >> *<hostname.mydomain.com <http://hostname.mydomain.com> > ESTABLISH WINRM >> CONNECTION FOR USER: on PORT 5986 TO hostname.mydomain.com >> <http://hostname.mydomain.com> * >> *<hostname.mydomain.com <http://hostname.mydomain.com> > WINRM CONNECT: >> transport=kerberos endpoint=https://hostname.mydomain.com >> <https://hostname.mydomain.com> :5986/wsman* >> *hostname.mydomain.com <http://hostname.mydomain.com> | FAILED => the >> username/password specified for this server was incorrect* >> >> >> 1/ In Powershell, running as Administrator, run winrm get winrm/config >> >> *Both working and not working hosts are giving same out put* >> >> >> >> 2/ Check the machines you cannot connect to have a current trust >> relationship with your domain controller (ensure you can log in with the >> same domain username and password as ansible is using). >> >> *It is working, and the user name is already in the format as you >> suggested * >> *ansible_ssh_user: [email protected]* >> >> >> 3/ use kinit -C [email protected] to acquire a kerberos ticket, and >> then use klist to examine the ticket. >> >> *I was able to acquire kerberos ticket and the klist is showing necessary >> data. * >> >> >> >> *Ticket cache: KEYRING:persistent:0:0* >> *Default principal: [email protected]* >> *Valid starting Expires Service principal* >> *03/07/2016 11:05:32 03/07/2016 21:05:32 >> krbtgt/[email protected]* >> * renew until 03/07/2016 21:05:32 * >> >> >> 4/ ensure the hosts you cannot connect to have clocks synchronized with >> your AD Domain controllers >> >> *Yes, It is since the machine in which i am able to connect to having the >> same time as in the machine i am not able to connect. * >> >> >> 5/ ensure the hosts you cannot connect to can be found using both >> hostname and ip address >> >> *Yes, we can found the machines with IP and host names. This was tested >> using RDP.* >> >> >> Please let me know if you want to have any other details. >> >> Thanks, >> Akash John >> >> >> >> >> >> On Monday, March 7, 2016 at 8:25:43 PM UTC+5:30, J Hawkesworth wrote: >>> >>> What is the exact error message you are seeing? >>> >>> Also try running ansible with -v or -vvvvvv to see connection debugging >>> information. >>> >>> Here are some more suggestions: >>> >>> 1/ In Powershell, running as Administrator, run >>> >>> winrm get winrm/config >>> >>> on a machine that can't be connected to, and compare the same from a >>> machine that can be connected to. >>> >>> 2/ Check the machines you cannot connect to have a current trust >>> relationship with your domain controller (ensure you can log in with the >>> same domain username and password as ansible is using). >>> >>> Ensure the ansible_ssh_user has fully qualified domain name, and the >>> domain part is in UPPER CASE LETTERS >>> >>> ansible_ssh_user: [email protected] >>> >>> Not >>> >>> ansible_ssh_user: testuser@MY >>> >>> or >>> ansible_ssh_user: [email protected] >>> >>> 3/ use kinit -C [email protected] to acquire a kerberos ticket, and >>> then use klist to examine the ticket. >>> >>> 4/ ensure the hosts you cannot connect to have clocks synchronized with >>> your AD Domain controllers >>> >>> 5/ ensure the hosts you cannot connect to can be found using both >>> hostname and ip address >>> >>> That is: if you ping hostname, the response gives you an ip address. >>> If you then use that ip address with nslookup, it must return the same >>> hostname, or kerberos will not be able to connect. >>> >>> For example >>> >>> C:\> ping windows-t1 >>> >>> Pinging windows-t1.my.domain.com [192.168.1.100] with 32 bytes of data: >>> Reply from 192.168.1.100:...... >>> Control-C >>> ^C >>> >>> C:\> nslookup 192.168.1.100 >>> Server: dc01.my.domain.com >>> Address: 192.168.1.50 >>> >>> Name: windows-t1.my.domain.com >>> Address: 192.168.1.100 >>> >>> C:\> >>> >>> Hope this helps, >>> >>> Jon >>> >>> On Monday, 7 March 2016 13:52:50 UTC, Akash John wrote: >>>> >>>> Hi Hawkesworth, >>>> >>>> What version of windows and service pack is on the hosts that won't >>>> respond to ping? >>>> >>>> *Windows server 2012 R2 Standard, *but all other responding hosts are >>>> having same operating system version. >>>> >>>> >>>> Are you using the win_ping module? win_ping will connect using the >>>> wirnm port, rather than the normal ping port. You might have firewall >>>> configured not to respond to the normal ping port on the machines which >>>> are >>>> not responding. >>>> >>>> *Yes, we are using win_ping module and the port which we are using is >>>> 5986. The firewall is configured to enable all port access from ansible >>>> server to remote host.* >>>> >>>> >>>> Please ensure >>>> https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 >>>> has >>>> been run on the machines that won't respond. >>>> >>>> We ran the script, even after that we are getting the same response. >>>> >>>> >>>> Please let us know if you need to have any other details about the >>>> infra. >>>> >>>> >>>> On Saturday, March 5, 2016 at 7:53:51 PM UTC+5:30, J Hawkesworth wrote: >>>>> >>>>> What version of windows and service pack is on the hosts that won't >>>>> respond to ping? >>>>> >>>>> Are you using the win_ping module? win_ping will connect using the >>>>> wirnm port, rather than the normal ping port. You might have firewall >>>>> configured not to respond to the normal ping port on the machines which >>>>> are >>>>> not responding. >>>>> >>>>> Please ensure >>>>> https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 >>>>> >>>>> has been run on the machines that won't respond. >>>>> >>>>> Hope this helps, >>>>> >>>>> Jon >>>>> >>>>> >>>>> >>>>> On Friday, 4 March 2016 15:20:58 UTC, Akash John wrote: >>>>>> >>>>>> Hi Team, >>>>>> >>>>>> We have configured ansible to perform activities on windows hosts and >>>>>> all are under the same AD. But some how some of the hosts are not >>>>>> providing >>>>>> positive ping response. Please find the response which we are getting >>>>>> below, >>>>>> >>>>>> *myserver.data.log.doman.com <http://myserver.data.log.doman.com> | >>>>>> FAILED => the username/password specified for this server was incorrect* >>>>>> >>>>>> *Configurations on Ansible* >>>>>> >>>>>> - Host file containing FQDN for each hosts >>>>>> - /etc/ansible/group_vars/windows.yaml containing >>>>>> - >>>>>> - *ansible_ssh_user: [email protected]* >>>>>> - *ansible_ssh_pass: MYPassword* >>>>>> - *ansible_connection: winrm* >>>>>> - *ansible_ssh_port: 5986* >>>>>> - Authentication: AD Authentication >>>>>> >>>>>> I have seen >>>>>> https://groups.google.com/forum/#!msg/ansible-project/Vzrr-s4iuss/WEn4Gv1iLQAJ >>>>>> >>>>>> on this place and cannot find the proper solution for the issue. >>>>>> >>>>>> Could you please help us to resolve this issue? >>>>>> >>>>>> Please let us know if you need to have any other details about the >>>>>> configuration. >>>>>> >>>>>> Thanks, >>>>>> Akash John >>>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5b706a57-ab4e-43c6-a4a1-69c3296eea4b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
