Mayur, Make sure your Linux Control Machine is bound to the same domain as your target Windows VM. After much reading and debugging, I realized my Ubuntu server where I was running Ansible was not bound to the Domain.
*Another thing...* I had to run the kinit command with the below flags on the Control Machine to get past the auth failures (according to https://github.com/diyan/pywinrm/issues/36#issuecomment-60175388): kinit -l 7d -r 7d -pAf u...@my.domain.com *NOTE: I had run the kinit command before, but not with the flags. The forwarding flags of kinit is what got me over the hump.* On Friday, January 22, 2016 at 4:30:09 AM UTC-8, Mayur Barge wrote: > > Hi Jon, > > Thanks for your inputs > > If I manage windows machine using local administrator account then it > works. But for AD account following is the error. I can successfully do > kinit with domain user and klist displays appropriate ticket > > <win2k8r2-client> ESTABLISH WINRM CONNECTION FOR USER: on PORT 5986 TO > win2k8r2-client > > <win2k8r2-client> WINRM CONNECT: transport=kerberos endpoint= > https://win2k8r2-client:5986/wsman > > win2k8r2-client | FAILED => Traceback (most recent call last): > > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 586, in _executor > > exec_rc = self._executor_internal(host, new_stdin) > > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 789, in _executor_internal > > return self._executor_internal_inner(host, self.module_name, > self.module_args, inject, port, complex_args=complex_args) > > File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line > 968, in _executor_internal_inner > > conn = self.connector.connect(actual_host, actual_port, actual_user, > actual_pass, actual_transport, actual_private_key_file, delegate_host) > > File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line > 52, in connect > > self.active = conn.connect() > > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 140, in connect > > self.protocol = self._winrm_connect() > > File > "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", > > line 96, in _winrm_connect > > protocol.send_message('') > > File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in > send_message > > return self.transport.send_message(message) > > File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in > send_message > > krb_ticket = KerberosTicket(self.krb_service) > > File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in > __init__ > > kerberos.authGSSClientStep(krb_context, '') > > GSSError: (('Unspecified GSS failure. Minor code may provide more > information', 851968), ('Server not found in Kerberos database', > -1765328377)) > > > > > > > > > > On Monday, 18 January 2016 19:39:14 UTC+5:30, J Hawkesworth wrote: >> >> Hi Mayur, >> >> You usually get that message when kerberos is not configured properly on >> your ansible controller. >> >> Please ensure you have followed the setup instructions here: >> >> http://docs.ansible.com/ansible/intro_windows.html#configuring-kerberos >> >> Without this, the ansible controller does cannot connect to your windows >> domain, because it is unaware of the network location of your windows >> domain controllers. >> >> Hope this helps, >> >> Jon >> >> On Friday, January 15, 2016 at 6:54:39 PM UTC, Mayur Barge wrote: >>> >>> Hi I'm facing below issue while connecting to windows machine using AD >>> accounts >>> >>> >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line >>> 586, in _executor >>> exec_rc = self._executor_internal(host, new_stdin) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 789, in _executor_internal >>> return self._executor_internal_inner(host, self.module_name, >>> self.module_args, inject, port, complex_args=complex_args) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", >>> line 968, in _executor_internal_inner >>> conn = self.connector.connect(actual_host, actual_port, actual_user, >>> actual_pass, actual_transport, actual_private_key_file, delegate_host) >>> File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", >>> line 52, in connect >>> self.active = conn.connect() >>> File >>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>> >>> line 140, in connect >>> self.protocol = self._winrm_connect() >>> File >>> "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", >>> >>> line 96, in _winrm_connect >>> protocol.send_message('') >>> File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, >>> in send_message >>> return self.transport.send_message(message) >>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, >>> in send_message >>> krb_ticket = KerberosTicket(self.krb_service) >>> File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, >>> in __init__ >>> kerberos.authGSSClientStep(krb_context, '') >>> GSSError: (('Unspecified GSS failure. Minor code may provide more >>> information', 851968), ('Server not found in Kerberos database', >>> -1765328377)) >>> >>> >>> Please help >>> >>> Thanks, >>> Mayur >>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b2c843b7-701d-4b45-a00e-3f3ca8e47829%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
