So courtesy of a few colleagues we have a solution. By specifying the fqdn in
the inventory rather than the ip, and making sure the Ansible control machine
could resolve the fqdn to the ip, the connection is now successful.
--
You received this message because you are subscribed to the Google
It might also help to add that all the servers it seems to be failing on
are Windows Server 2012 R2 with IIS installed and a few sites with
different SSL Certificates installed.
On Friday, June 24, 2016 at 2:48:18 PM UTC+2, Mike Fennemore wrote:
>
> 09:12:58:4855 fiddler.network.https> HTTPS
09:12:58:4855 fiddler.network.https> HTTPS handshake to 10.128.44.38 (for
#2) failed. System.ComponentModel.Win32Exception The client and server
cannot communicate, because they do not possess a common algorithm
09:13:34:4067 fiddler.network.https> HTTPS handshake to 10.128.44.38 (for
#3)
I would troubleshoot the windows side first. Are you able to psremote from
a windows node to the "problem" node using 5986 (ssl)?
On Tuesday, June 7, 2016 at 7:03:03 PM UTC+2, Matt Davis wrote:
>
> Seriously- best thing you could do is figure out why Fiddler isn't working
> for you and get a
Sorry, I don't have a specific suggestion where to look. Sometimes I toss
all the event logs and then poke things rather than filter for a specific
event category.
One of my colleagues tells me there's an rc6 for pywinrm 0.2 - might be
worth trying that if you aren't on it already.
On
Yes have seen the articles but this was a properly sysprepped template.
Have recreated listeners, changed self-signed cert and still seems to yield
the same result.
Jon any particular logs I should focus on? The Windows Remote Management
and security logs don't seem to show anything out of the
If you are referring to cloning a Windows machine without proper sysprep
usage then that's very well possible. I remember seeing some WinRM blogs
where people had problems due to duplicate SIDs ... not 100% sure though.
On Monday, June 6, 2016 at 10:20:21 PM UTC+10, Mike Fennemore wrote:
>
>
Anything in the event logs? Since it seems to be a connection reset, I'd
hope there might be a message on the windows machine to say why.
On Monday, June 6, 2016 at 1:48:11 PM UTC+1, Mike Fennemore wrote:
>
> Thanks Jon, good to see it's being well maintained. Had already gone down
> the route
Thanks Jon, good to see it's being well maintained. Had already gone down
the route of the self-signed cert via Powershell unfortunately.
I ran the ConfigureForAnsible.ps1 just in case I had missed something.
Seems like the same issue though:
ESTABLISH WINRM CONNECTION FOR USER:
Interesting.
This change was recently added so you can force the
ConfigureRemotingForAnsible.ps1 to generate a new self-signed cert by
running like this:
.\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert true
https://github.com/ansible/ansible/pull/15275
As its says in the PR 'This is
I'm beginning to think this might be as a result of the problem servers
being templated in VMWare perhaps?
On Wednesday, June 1, 2016 at 7:41:50 PM UTC+2, Matt Davis wrote:
>
> Sorry, by "local user" I just meant using a non-domain user via
> pywinrm/Ansible. But yeah, for Basic to work, you'd
You can also try to run the below PS script on the hosts to ensure all the
WinRm options have been taken care of to allow Ansible to connect to it.
https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
On Wednesday, June 1, 2016 at 6:43:50 PM UTC-4,
Actually I had to type
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
before it would work for me.
On Friday, May 27, 2016 at 9:26:32 AM UTC-5, Mike Fennemore wrote:
>
> I have a selected few workgroup Windows server 2012 R2 servers that give
> the following error:
>
>
Sorry, by "local user" I just meant using a non-domain user via
pywinrm/Ansible. But yeah, for Basic to work, you'd have to (temporarily)
enable unencrypted auth with something like:
Set-Item WSMan:\localhost\Service\AllowUnencrypted $true
The HTTPS_PROXY not working seems odd- I use it dozens
Seems a little odd but having set the HTTPS_PROXY to the fiddler box, when
I run a win_ping to the problem server it does not register any connection
in fiddler.
On Monday, May 30, 2016 at 9:45:48 AM UTC+2, Mike Fennemore wrote:
>
> For testing locally I'm assuming you mean Test-WSMan
For testing locally I'm assuming you mean Test-WSMan -Authentication Basic
-Credential ? I am currently connecting on 5986 with
ignore certificate validation turned on.
So in that case I would add -UseSSL switch on the Test-WSMan. Currently
running Test-WSMan -Authentication Basic -Credential
Hey Mike,
Unfortunately pywinrm currently has *zero* logging/diagnostic capabilities
(something I'd like to correct for troubleshooting stuff like this).
Meantime...
A couple of things to try:
- Does it work with Basic auth and a local user on that same box?
- Any chance you could run with
17 matches
Mail list logo