Solvedansible pywinrm fails to authenticate from centos 7 host to windows 2012 R2 client

ISSUE TYPE
  • Bug Report
COMPONENT NAME

winrm

ANSIBLE VERSION
ansible 2.3.0.0
  config file = /home/mmercer/projects/packer/ansible/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
CONFIGURATION

Nothing specific.

OS / ENVIRONMENT
Ansible Host: CentOS Linux release 7.3.1611 (Core)
Windows Client: Windows Server 2012 R2 configured via ansible remoting ps1 + CredSSP flag

Pip Information:
ansible (2.3.0.0)
boto (2.46.1)
boto3 (1.4.4)
botocore (1.5.42)
pywinrm (0.2.2)
requests-credssp (0.0.2)
SUMMARY

CredSSP authentication from CentOS7 to Windows Server 2012 R2 fails authentication with TLS error

STEPS TO REPRODUCE

Install clean CentOS 7 machine
Install clean Windows S2012R2 machine

Ansible Host: pip install above packages
Windows Host: Execute AnsibleRemoting.ps1 -EnableCredSSP

Configure ansible to use winrm + credssp, also set ignorecert in config

Test:

ansible -i inventoryfile all -m win_ping
EXPECTED RESULTS

It works.

ACTUAL RESULTS
10.99.3.164 | UNREACHABLE! => {
    "changed": false, 
    "msg": "credssp: 'module' object has no attribute 'TLSv1_2_METHOD'", 
    "unreachable": true
}
16 Answers

✔️Accepted Answer

0-d
21

Had the same issue. Fixed by uninstalling pyOpenSSL completely (cleaning folders like @darioems suggested), then instead of installing pyOpenSSL itself I did pip install pywinrm pywinrm[credssp] requests-credssp and it installed pyOpenSSL as well.

Now I have different error: "credssp: the specified credentials were rejected by the server" >_<
Fixed here, broken there 🤣

Related Issues:

143
ansible module_stdout: "/bin/sh: 1: /usr/bin/python: not found\r\n",
Just use ansible_python_interpreter=/usr/bin/python3 in ur inventory file ansible -m ping -u ubuntu ...
88
ansible error in cryptography setup command: Invalid environment marker: python_version < '3'
I had the same problem in Debian Jessie This is what I did to get it working for me: After this I wa...
88
ansible OSX crash complaining of operation in progress in another thread when fork() was called
This is apparently due to some new security changes made in High Sierra that are breaking lots of Py...
72
ansible Failed to connect to the host via ssh: Permission denied (publickey,password)
Good It's a bit hard to debug when you specify all in your command I have this error I use Debian St...
71
ansible Describe how to use "postgresql_user" properly with ansible >= 2.1.0.0
I managed to get this temporarily working with pipelining per task and becoming postgres user: Hopef...
54
ansible ansible unable to find boto: boto required for this module
@stevenscg still working me with this in my inventory file: Let me know if that does anything for yo...
43
ansible why is ansible's default output not more human readable... stilll?
Ansible 2.4+ has built-in support for human-readable results: Temporarily by setting ANSIBLE_STDOUT_...
37
ansible Reboot and Wait for
An update of the docs and/or the support article to use the preferred full YAML format for tasks wou...
37
ansible ERROR! Timeout (12s) waiting for privilege escalation prompt:
Just as a note I switched the connection over to paramiko and the issue went away and the playbook r...
33
ansible Failed to import docker-py for docker_container module
docker-py is just the name of the project It installs a python package named docker ...
32
ansible json_query filter fails when using the functions "contains", "starts_with", others
The problem is related to the fact that Ansible uses own types for strings: AnsibleUnicode and Ansib...
31
ansible feature: controlling ignore-errors output
From a UX perspective it seems reasonable to give visual distinction between explicitly ignored erro...
30
ansible Support specifying collections in git repositories in requirements.yml
This has become much more frustrating lately SUMMARY When I develop collections I like to store them...
29
ansible SSH works, but ansible throws unreachable error
This happende all of a sudden when I upgraded Ansible ISSUE TYPE Bug Report ANSIBLE VERSION CONFIGUR...
29
ansible Ansible evaluates with_items for tasks in blocks skipped by the block when condition
For anyone who finds this in future the way to have this work without the warning is to use with_ite...
29
ansible "template error while templating string: Missing end of comment tag" error
EDIT: When unsafe characters are defined in vars follow @inossidabile's recommendation to use !unsaf...
24
ansible ansible-galaxy should download dependencies in meta/main.yml
I heavily work with dependencies and meta/main.yml and it would be great to spare the necessity to m...
24
ansible Add an option lock_wait to the apt module
This should integrate with systemd ISSUE TYPE Feature Idea This is a copy of the issue on the old re...
23
ansible Windows 10/WSL: Ansible cannot read ansible.cfg from NTFS mounts
I think I found a solution for 2.6.1 and so on.. SUMMARY Ansible 2.6.1 added #42070 which makes Ansi...
20
ansible Anisble does not allow handling of "host unreachable" errors
Does anyone else agree we need to revisit how we are handling unreachable errors? We have a use case...
20
ansible delegate_to not propagated to include_role
I would say this is a huge issue If Ansible would have raised an error for combination of delegate_t...
18
ansible shared connection closed
Same for me on macOS: ISSUE TYPE Bug Report COMPONENT NAME Script module ANSIBLE VERSION CONFIGURATI...
16
ansible Handle omit value in task attributes (like environment or become_user)
I too am interested in something similar to this In my use case we use the same playbook for multipl...
15
ansible FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}
This happened to me after my internet connect dropped while running a playbook I fixed it by running...
14
ansible apt_key module ignores the proxy environment
I'm using this as a workaround: ISSUE TYPE Bug Report COMPONENT NAME apt_key ANSIBLE VERSION SUMMARY...
13
ansible Failure in apt. "Please install python-apt", but it is installed
I ran into this issue using the local connection mode -c local using ansible from a virtualenv ...
12
ansible [mac os x] ansible-galaxy: "unexpected Exception: name must be a byte string" when installing from requirements file
Upgrading urllib3 solved this problem for me: sudo pip install --upgrade urllib3 ...
12
ansible Support apt-mark hold
Full working example for reference from Ubuntu 16.04 and docker: From @scottnonnenberg on September ...
12
ansible Single Vault Encrypted value not decrypted in jinja2 pipeline
It still not work for password_hash It need to add string before using password_hash ...
12
ansible file touch always 'changed' - [was: need a separate touch module]
FYI: In Ansible 2.7 was added access_time and modification_time so you can use that to avoid change ...
12
ansible podman support (podman_container)
I am working on the following modules for inclusion in TripleO: podman_image podman_container I also...
11
ansible Inventory script does not work with assumed roles from the command line
For me the fix was to set AWS_SECURITY_TOKEN to the same value as AWS_SESSION_TOKEN ...
11
ansible failed to transfer file to ~/.ansible/tmp/ansible-tmp-xxx/setup.py: [Errno 2] No such file or directory
Same issue here with 2.2.1 (ok with 2.2.0) ISSUE TYPE Bug Report COMPONENT NAME ansible-playbook set...
11
ansible mysql_user broken in 2.7.1 when using /root/.my.cnf
Ok I found it It was a discussion on #ansible-devel on October 2nd SUMMARY When upgrading from 2.7.0...
8
ansible k8s module throwing 'This module requires the OpenShift Python client. Try pip install openshift'
So in my case it was an annoying Requests-related exception (actually just a RequestsDependencyWarni...
6
ansible synchronize: rsync_opts broken/changed in ansible 2.3.0
rsync cmd: BAD (ansible 2.3.0) GOOD (ansible 2.2.2.0) ISSUE TYPE Bug Report COMPONENT NAME synchroni...
5
ansible Issues in template module
Maybe you can add -K option for ansible-playbook command I fixed this problem in my case. ...
4
ansible (P1) nxos* modules timeout sending long running command for transport == cli
@mikewiebe One possible way is: provider: {{ connection | combine({'timeout': 400}) }} ...
3
ansible windows 8.1 .net 3.5 installation: raw, win_chocolatey, win_webpicmd
I ran into this on Server 2012 The easiest solution I found was this: Per this MSDN page Edited for ...
3
ansible pywinrm fails to authenticate from centos 7 host to windows 2012 R2 client
Had the same issue Fixed by uninstalling pyOpenSSL completely (cleaning folders like @darioems sugge...
3
ansible HaProxy drain mode 'bool' object is not callable error
@alikins I looked into the issue today ISSUE TYPE Bug Report COMPONENT NAME HaProxy Module ANSIBLE V...
3
ansible Add possibility to set up several ips for hostname in module ipa_dnsrecord
Are you thinking a format something like: ISSUE TYPE Feature Idea COMPONENT NAME ipa_dnsrecord ANSIB...
82
drupal vm Composer install fails without proper swap
or you can create a swap file sudo fallocate -l 2G /swapfile sudo chmod 600 /swapfile sudo mkswap /s...
77
kubespray After the certificate expires how use kubespray to renew certificate
@kerOssinas you are right the upgrade-cluster.yml of Kubespray will also rotate the certificates ...
32
kubespray Current install documentation is incorrect and does not work due to inventory script changes
@elfiii good luck. The install/usage documentation here: https://github.com/kubernetes-sigs/kubespra...
31
ansible elasticsearch Permissions on elasticsearch.keystore prevent Elasticsearch from starting
This entire problem is being caused by an incorrect mixing of static read-only configuration (elasti...
29
drupal vm Failing to install Drupal on macOS High Sierra - NFS filesystem issues
@ajhoddinott OMG That works thank you! For explicit instructions on Mac OS High Sierra open the app ...
28
kubespray etcd cluster is unavailable or misconfigured: connection refused
Run on master nodes: Run no all nodes: btw SELinux is working fine i did not had to do any adjustmen...
22
kubespray Unable to add new master/etcd node to cluster
You should be able to In the past we managed to replace all nodes in the cluster: master etcd and wo...
21
ansible lint Re-evaluate E0010 - Package installs should not use latest
The official Ansible yum module docs prominently recommend using state=latest with name=* to update ...