Ansible Automation Platform unable to connect to windows servers and throws `CredSSP` error.
Environment
- Red Hat Ansible Automation Platform 2.x
Issue
-
While connecting to windows servers thro' winrm credssp, it fails with UNREACHABLE error:
fatal: [win_server]: UNREACHABLE! => { "changed": false, "msg": "credssp: Server did not response with a CredSSP token after step Credential exchange - actual ''", "unreachable": true
Resolution
-
Remove the service certificate thumbprint with the command below and retry running a
win_pingto the windows host either from cli or GUI:winrm set winrm/config/service '@{CertificateThumbprint=""}' -
Also, from the connection variables, change the
ansible_portvariable from 5986 -> 5985. -
Check the connection varibles. The following can be used as a reference.
vars: ansible_user: "ansible@domain.local" ansible_password: !vault | $ANSIBLE_VAULT;1.1;AES256 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ansible_connection: "winrm" ansible_winrm_transport: credssp ansible_port: 5985 ansible_winrm_scheme: https ansible_winrm_proxy: ~ ansible_winrm_server_cert_validation: "ignore" ansible_winrm_operation_timeout_sec: 900 ansible_winrm_read_timeout_sec: 990 -
Follow the doc for detailed steps for Ansible Windows server Remote Management.
Diagnostic Steps
-
The following debug error can be observed during connecting to windows server:
<win_server> ESTABLISH WINRM CONNECTION FOR USER: ansible@domain.local on PORT 5986 TO win_server <win_server> WINRM CONNECT: transport=credssp endpoint=https://win_server:5986/wsman <win_server> WINRM CONNECTION ERROR: Server did not response with a CredSSP token after step Credential exchange - actual '' Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/ansible/plugins/connection/winrm.py", line 474, in _winrm_connect self.shell_id = protocol.open_shell(codepage=65001) # UTF-8 File "/usr/local/lib/python3.9/site-packages/winrm/protocol.py", line 166, in open_shell res = self.send_message(xmltodict.unparse(req)) File "/usr/local/lib/python3.9/site-packages/winrm/protocol.py", line 243, in send_message resp = self.transport.send_message(message) File "/usr/local/lib/python3.9/site-packages/winrm/transport.py", line 323, in send_message response = self._send_message_request(prepared_request, message) File "/usr/local/lib/python3.9/site-packages/winrm/transport.py", line 328, in _send_message_request fatal: [win_server]: UNREACHABLE! => { "changed": false, "msg": "credssp: Server did not response with a CredSSP token after step Credential exchange - actual ''", "unreachable": true
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments