Hello, I am trying to use Windows-2008-R2 AD domain authentication for my windows infrastructure playbooks however its failing with following error: Also tried just for win_ping and ping but still everything fails.
ERROR: --------------------------- "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))", [0m --------------------------- WinRM is configured correctly and working fine from other windows server. Ansible server is pinging DNS/AD server fine. Kerberos Ticket is successfully getting generated with "kinit" commands on Ansible control node DNS resolution is tested with hostname from Ansible controller node and working fine. /etc/hosts and resolv.conf files updated appropriately. Verbose output, inventory file, library version, krb5.conf all these outputs and files are mentioned in below sections of this email. Pre-requisite libraries, and configuration files are all configured fine as per following link: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html Here is the version details: Ansible: 2.8.5 (also tried with 2.7.13 ansible version in LAB but still no success) Python: 3.6.6 requests-kerberos 0.12.0 pykerberos 1.2.1 pywinrm 0.3.0 kerberos 1.3.0 Inventory File: ------------------- [win_infra] win2k121.MYLAB.COM [win_infra:vars] ansible_connection=winrm ansible_winrm_transport=kerberos ansible_user=ansi...@mylab.com ansible_password=xxxxxxxx ansible_port=5986 ------------------- krb5.conf file: -------------------------- # Configuration snippets may be placed in this directory as well includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 8h renew_lifetime = 7d forwardable = true rdns = false pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt default_realm = MYLAB.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] MYLAB.COM = { kdc = win2k8r2.mylab.com admin_server = win2k8r2.mylab.com } [domain_realm] .mylab.com = MYLAB.COM mylab.com = MYLAB.com -------------------------- VERBOSE OUTPUT: ------------------------- [root@ansible_centos ~]# ansible win_infra -m ping -vvvvvv ansible 2.8.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.6/site-packages/ansible executable location = /usr/local/bin/ansible python version = 3.6.6 (default, Aug 13 2018, 18:24:23) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] Using /etc/ansible/ansible.cfg as config file setting up inventory plugins host_list declined parsing /etc/ansible/hosts as it did not pass it's verify_file() method script declined parsing /etc/ansible/hosts as it did not pass it's verify_file() method auto declined parsing /etc/ansible/hosts as it did not pass it's verify_file() method Parsed /etc/ansible/hosts inventory source with ini plugin Loading callback plugin minimal of type stdout, v2.0 from /usr/local/lib/python3.6/site-packages/ansible/plugins/callback/minimal.py META: ran handlers Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/basic.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/process.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/text/__init__.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/pycompat24.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/_utils.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/_json_compat.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/_collections_compat.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/text/formatters.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/parsing/__init__.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/__init__.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/six/__init__.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/file.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/_text.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/text/converters.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/parsing/convert_bool.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/validation.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/parameters.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/sys_info.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/common/collections.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/distro/__init__.py Using module_utils file /usr/local/lib/python3.6/site-packages/ansible/module_utils/distro/_distro.py <win2k121> Attempting python interpreter discovery <192.168.169.131> ESTABLISH WINRM CONNECTION FOR USER: ansi...@mylab.com on PORT 5986 TO 192.168.169.131 creating Kerberos CC at /tmp/tmpjzmms99z calling kinit with subprocess for principal ansi...@mylab.com kinit succeeded for principal ansi...@mylab.com <192.168.169.131> WINRM CONNECT: transport=kerberos endpoint= https://192.168.169.131:5986/wsman <192.168.169.131> WINRM CONNECTION ERROR: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)) Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/ansible/plugins/action/__init__.py", line 203, in _configure_module environment=final_environment) File "/usr/local/lib/python3.6/site-packages/ansible/executor/module_common.py", line 1023, in modify_module environment=environment) File "/usr/local/lib/python3.6/site-packages/ansible/executor/module_common.py", line 894, in _find_module_utils shebang, interpreter = _get_shebang(u'/usr/bin/python', task_vars, templar) File "/usr/local/lib/python3.6/site-packages/ansible/executor/module_common.py", line 527, in _get_shebang discovery_mode=interpreter_out) ansible.executor.interpreter_discovery.InterpreterDiscoveryRequiredError: <unprintable InterpreterDiscoveryRequiredError object> During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/requests_kerberos/kerberos_.py", line 229, in generate_request_header negotiate_resp_value) kerberos.GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/ansible/plugins/connection/winrm.py", line 400, in _winrm_connect self.shell_id = protocol.open_shell(codepage=65001) # UTF-8 File "/usr/local/lib/python3.6/site-packages/winrm/protocol.py", line 157, in open_shell res = self.send_message(xmltodict.unparse(req)) File "/usr/local/lib/python3.6/site-packages/winrm/protocol.py", line 234, in send_message resp = self.transport.send_message(message) File "/usr/local/lib/python3.6/site-packages/winrm/transport.py", line 254, in send_message prepared_request = self.session.prepare_request(request) File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 462, in prepare_request hooks=merge_hooks(request.hooks, self.hooks), File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 317, in prepare self.prepare_auth(auth, url) File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 548, in prepare_auth r = auth(self) File "/usr/local/lib/python3.6/site-packages/requests_kerberos/kerberos_.py", line 438, in __call__ auth_header = self.generate_request_header(None, host, is_preemptive=True) File "/usr/local/lib/python3.6/site-packages/requests_kerberos/kerberos_.py", line 245, in generate_request_header raise KerberosExchangeError("%s failed: %s" % (kerb_stage, str(error.args))) requests_kerberos.exceptions.KerberosExchangeError: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)) [WARNING]: Unhandled error in Python interpreter discovery for host win2k121: kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)) Using module file /usr/local/lib/python3.6/site-packages/ansible/modules/system/ping.py Pipelining is enabled. <192.168.169.131> ESTABLISH WINRM CONNECTION FOR USER: ansi...@mylab.com on PORT 5986 TO 192.168.169.131 creating Kerberos CC at /tmp/tmpro863qha calling kinit with subprocess for principal ansi...@mylab.com kinit succeeded for principal ansi...@mylab.com <192.168.169.131> WINRM CONNECT: transport=kerberos endpoint= https://192.168.169.131:5986/wsman self context is ::::::::: {'192.168.169.131': <capsule object NULL at 0x7fdd6598a4e0>} <192.168.169.131> WINRM CONNECTION ERROR: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)) Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/requests_kerberos/kerberos_.py", line 229, in generate_request_header negotiate_resp_value) kerberos.GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/ansible/plugins/connection/winrm.py", line 400, in _winrm_connect self.shell_id = protocol.open_shell(codepage=65001) # UTF-8 File "/usr/local/lib/python3.6/site-packages/winrm/protocol.py", line 157, in open_shell res = self.send_message(xmltodict.unparse(req)) File "/usr/local/lib/python3.6/site-packages/winrm/protocol.py", line 234, in send_message resp = self.transport.send_message(message) File "/usr/local/lib/python3.6/site-packages/winrm/transport.py", line 254, in send_message prepared_request = self.session.prepare_request(request) File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 462, in prepare_request hooks=merge_hooks(request.hooks, self.hooks), File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 317, in prepare self.prepare_auth(auth, url) File "/usr/local/lib/python3.6/site-packages/requests/models.py", line 548, in prepare_auth r = auth(self) File "/usr/local/lib/python3.6/site-packages/requests_kerberos/kerberos_.py", line 438, in __call__ auth_header = self.generate_request_header(None, host, is_preemptive=True) File "/usr/local/lib/python3.6/site-packages/requests_kerberos/kerberos_.py", line 245, in generate_request_header raise KerberosExchangeError("%s failed: %s" % (kerb_stage, str(error.args))) requests_kerberos.exceptions.KerberosExchangeError: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)) win2k121 | UNREACHABLE! => { "changed": false, "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))", "unreachable": true } [root@ansible_centos ~]# [root@ansible_centos ~]# [root@ansible_centos ~]# [root@ansible_centos ~]# ------------------------- Thanks, Piyush bansalpiyush.198...@gmail.com -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BLLie4Ak5KHmod%2B2AhpGzOot-5eL2GdVJUaUgbeA8nhVNW-4Q%40mail.gmail.com.