Most likely there is no common cipher support between the Ansible host and
the remote Windows host. Server 2008 is quite old and only supports a very
limited set of cipher suites. This is an issue because newer hosts and
OpenSSL they ship with now define a more retrictive set of protocols and
cipher suites they support. Another problem is that the ephemeral
certificate that Windows creates for CredSSP uses an older signature
algorithm that may not be supported by newer OpenSSL hosts. The issue
https://github.com/jborean93/requests-credssp/issues/27 goes over this
problem in a lot more detail but the end result is you should:
- Generate a new certificate with a stronger signature algorithm and set
WinRM to use that, or
- Relax the security settings on the OpenSSL policy (really you
shouldn't do this)
Thanks
Jordan
On Tuesday, January 24, 2023 at 3:35:30 AM UTC+10 laxma...@gmail.com wrote:
> We are facing below error on Windows 2008 servers in Ansible report .
>
>
> credssp: ('Connection aborted.'; ConnectionResetError(104; 'Connection
> reset by peer'))
>
>
> --> 2008 server upgraded to PS ver 5.1
> --> WinRM is Enabled with CredSSP - true
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4ee13ab6-b556-406a-a45d-1e125b737781n%40googlegroups.com.
