try using ansible_user: automat...@itrnetwork.com
as the user name. Without this ansible will expect 'automation' to be a local user, not a domain user. Also, if you are wanting to control remote resources (file shares on other machines) via ansible and a windows jump host, its worth setting ansible_winrm_kerberos_delegation: yes ... as well. If you are just getting started with ansible and windows, this page is well worth reading: http://docs.ansible.com/ansible/devel/user_guide/windows_usage.html Hope this helps, Jon On Monday, February 26, 2018 at 3:25:15 PM UTC, Dinesh Vashisht wrote: > > Hi All, > > We are using Ansible Version: 2.4.2.0. > > Power Shell remoting (WinRM trust) is not working when using Active > Directory even after establishing: > > *Successful Kerberos Authentication*: > > Default principal: autom...@itrnetwork.com <javascript:> > > Valid starting Expires Service principal > 02/26/2018 09:23:25 02/26/2018 19:23:25 krbtgt/itrnetw...@itrnetwork.com > <javascript:> > renew until 03/05/2018 09:23:19 > [root@calam1 group_vars]# > > > *Following are test results:* > > [root@calam1 group_vars]# ansible windows-jump-servers -m win_ping > pcijmp1.itrnetwork.com | UNREACHABLE! => { > "changed": false, > "msg": "ssl: the specified credentials were rejected by the server", > "unreachable": true > } > > > *Contents of file /etc/ansible/group_vars/windows-jump-servers.yml:* > > ansible_user: automation > ansible_password: <my_password> > ansible_port: 5986 > ansible_connection: winrm > ansible_winrm_scheme: https > ansible_winrm_server_cert_validation: ignore > > > It works OK with a local user on the same domain joined Windows server. > > Can someone help to verify cause and advice how to resolve this? > > Thank you, > Dinesh Vashisht > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/aafbdf69-09ca-4e96-b878-cf9101154791%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
