'Ansible Windows Kerberos Authentification Bad HTTP response returned from server Code 500
After configuring winRM on a windows server and filling all needed information to connect :
---
### winrm / win connection ###
ansible_winrm_realm: *My AD Domain*
ansible_connection: winrm
ansible_winrm_kerberos_delegation: yes
ansible_port: 5985
ansible_winrm_transport: kerberos
I got an
fatal: [MyServer]: UNREACHABLE! => {"changed": false, "msg": "kerberos: ('http', 'Bad HTTP response returned from server. Code 500')", "unreachable": true}
I have tried a lot of things including changing my configuration and checking if the WinRm is reachable and it was all good :
C:\Users\ME>winrs -r :http://myserver:5985/wsman -u:My_User -p:Password ipconfig
My WinRM Config :
PS C:\Users\XXXX> winrm get winrm/config/Service
Service
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
PS C:\Users\XXXX> winrm get winrm/config/Winrs
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
Solution 1:[1]
Since i'm trying to use HTTP instead of HTTPS, the solution is to change the WinRm service config to allow encrypted connections by running the following command :
Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
Solution 2:[2]
I ran into this exception and the solution for me was to install the python-kerberos wrapper.
pip3 install pywinrm[kerberos]
Solution 3:[3]
Finally solved by upgrading pykerberos to 1.2.1 version
pip3 install pykerberos --upgrade
As workaround you can use python2 to run this playbook:
/usr/bin/python2 /usr/bin/ansible-playbook WindowsTest.yml
Solution 4:[4]
Below command on host node resolved the issue. We need to accept unencrypted traffic.
Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Omar BISTAMI |
Solution 2 | Mohnish |
Solution 3 | Artem Brodetskiy |
Solution 4 | β.εηοιτ.βε |