You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm having a problem with the plugin on some windows host on my domain, they all have the same winrm setup and I've done extensive troubleshooting WinRM from windows hosts and confirmed my settings work if manipulated from windows machines with the same credentials and connection methods.
WinRm 1.1 or greater - check
Windows firewall - check
WS-Man service configuration - check
Windows Versions 10/7 - Working using 'Test-WSMan -ComputerName ..... ' on domain controllers to hosts
Spn's - Valid
rundeck storing windows domain credentials & credentials are valid - check
Hi, may be my issue #230 applies also to your servers.
You can easliy check it by downgrading to 5.0.1 or comparing the DNS names with your used values.
Hi!
I'm having a problem with the plugin on some windows host on my domain, they all have the same winrm setup and I've done extensive troubleshooting WinRM from windows hosts and confirmed my settings work if manipulated from windows machines with the same credentials and connection methods.
WinRm 1.1 or greater - check
Windows firewall - check
WS-Man service configuration - check
Windows Versions 10/7 - Working using 'Test-WSMan -ComputerName ..... ' on domain controllers to hosts
Spn's - Valid
rundeck storing windows domain credentials & credentials are valid - check
Example setup
setspn -L host-01
Winrm config
PS C:\Windows\system32> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true [Source="GPO"]
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = * [Source="GPO"]
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;G
XGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter = * [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 1024
MaxShellsPerUser = 2147483647
Rundeck config
<node name="host-01.domain.com"
node-executor="overthere-winrm"
description="host-01.domain.com"
osName="windows"
tags="practice"
hostname="host-01.domain.com"
username="someuser@domain.com"
winrm-password-storage-path="keys/somepassword"
winrm-protocol="http"
rundeck debug output
08:37:24 host-01.domain.com Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
08:37:24 Refreshing Kerberos configuration
08:37:24 [Krb5LoginModule] user entered username: someuser@domain.com
08:37:24
08:37:25 principal is someuser@domain.com
08:37:25 Commit Succeeded
08:37:25
08:37:25 [overthere-winrm:host-01.domain.com] failed: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401)
08:37:25 Failed: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401)
08:37:25 localhost Execution failed: 15 in project test: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [host-01.domain.com: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, Node failures: {host-01.domain.com=[WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, status: failed]
consoleoutput
2018-08-01 07:37:24,861 [qtp537548559-18] INFO grails.app.services.rundeck.services.ScheduledExecutionService - scheduling temp job: TEMP:admin:15
2018-08-01 07:37:25,377 [pool-45-thread-1] WARN org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication scheme Basic not supported
2018-08-01 07:37:25,639 [pool-45-thread-1] WARN org.apache.http.impl.auth.HttpAuthenticator - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials pr ovided (Mechanism level: Server not found in Kerberos database (7)))
2018-08-01 07:37:25,643 [pool-45-thread-1] WARN org.apache.http.impl.auth.HttpAuthenticator - KERBEROS authentication error: No valid credentials provided (Mechanism level: Server not found in Kerb eros database (7))
2018-08-01 07:37:25,739 [quartzScheduler_Worker-6] ERROR grails.app.services.rundeck.services.ExecutionUtilService - Execution failed: 15 in project test: [Workflow result: , step failures: {1=Dispa tch failed on 1 nodes: [host-01.domain.com: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataC ontextImpl(map={}, base=null)} ]}, Node failures: {host-01.domain.com=[WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401 ) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, status: failed]
Any assistance is welcome, thankyou in advance
The text was updated successfully, but these errors were encountered: