For testing locally I'm assuming you mean Test-WSMan -Authentication Basic -Credential <problem account> ? I am currently connecting on 5986 with ignore certificate validation turned on. So in that case I would add -UseSSL switch on the Test-WSMan. Currently running Test-WSMan -Authentication Basic -Credential <problem account> gives:
Test-WSMAN : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"; Code="2150858974" Machine="Server101"><f:Message>The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client configuration and try the request again. </f:Message></f:WSManFault> At line:1 char:1 Normally I would say that would mean mean configuring AllowUnencrypted on Winrm Client, however the other working systems do not have this configured. Running Test-WSMAN -Authentication Negotiate -Credential "<user>" -ComputerName localhost returns: wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor : Microsoft Corporation ProductVersion : OS: 6.3.9600 SP: 0.0 Stack: 3.0 I will try the Fiddler method shortly and return the results. On Friday, May 27, 2016 at 7:48:53 PM UTC+2, Matt Davis wrote: > > Hey Mike, > > Unfortunately pywinrm currently has *zero* logging/diagnostic capabilities > (something I'd like to correct for troubleshooting stuff like this). > Meantime... > > A couple of things to try: > - Does it work with Basic auth and a local user on that same box? > - Any chance you could run with Fiddler in the middle? Just run Fiddler on > some Windows box, configure it to capture/decrypt HTTPS and to allow > external connection, then on your Ansible controller, export > HTTPS_PROXY=http://(ip-of-fiddler-box):8888/ and go watch the fun. > > I'm mostly just curious where the connection reset is occurring, as there > are numerous round-trips involved here (eg, is it NTLM auth failure, > resource issue, or something else?). > > Thanks, > > -Matt > > > On Friday, May 27, 2016 at 7:26:32 AM UTC-7, Mike Fennemore wrote: >> >> I have a selected few workgroup Windows server 2012 R2 servers that give >> the following error: >> >> <10.128.44.37> ESTABLISH WINRM CONNECTION FOR USER: ansible_user on PORT >> 5986 TO 10.128.44.37 >> server_101 | UNREACHABLE! => { >> "changed": false, >> "msg": "ntlm: ('Connection aborted.', error(104, 'Connection reset by >> peer'))", >> "unreachable": true >> } >> >> I am using ntlm with Ansible 2.1.0.0 and pywinrm [kerberos] 2RC4. I have >> tested the port is open, recreated the listeners, run a curl to the server >> which delivers a successful 411 response. >> Any ideas on further troubleshooting? >> >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/668a141a-c7b6-40b9-b5ef-5767c19d1595%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
