Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WinRM Error: Unexpected HTTP response on some windows machines #229

Open
Noukdutypaid opened this issue Aug 1, 2018 · 1 comment
Open

Comments

@Noukdutypaid
Copy link

Noukdutypaid commented Aug 1, 2018

Hi!

I'm having a problem with the plugin on some windows host on my domain, they all have the same winrm setup and I've done extensive troubleshooting WinRM from windows hosts and confirmed my settings work if manipulated from windows machines with the same credentials and connection methods.

WinRm 1.1 or greater - check
Windows firewall - check
WS-Man service configuration - check
Windows Versions 10/7 - Working using 'Test-WSMan -ComputerName ..... ' on domain controllers to hosts
Spn's - Valid
rundeck storing windows domain credentials & credentials are valid - check

Example setup

setspn -L host-01

    WSMAN/host-01
    WSMAN/host-01.domain.com
    TERMSRV/host-01.domain.com
    RestrictedKrbHost/host-01.domain.com
    HOST/host-01.domain.com
    TERMSRV/host-01
    RestrictedKrbHost/host-01

Winrm config
PS C:\Windows\system32> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true [Source="GPO"]
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = * [Source="GPO"]
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;G
XGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter = * [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 1024
MaxShellsPerUser = 2147483647

Rundeck config
<node name="host-01.domain.com"
node-executor="overthere-winrm"
description="host-01.domain.com"
osName="windows"
tags="practice"
hostname="host-01.domain.com"
username="someuser@domain.com"
winrm-password-storage-path="keys/somepassword"
winrm-protocol="http"

      winrm-kerberos-debug="true"
      winrm-cert-trust="all"
      winrm-hostname-trust="all"
/>

rundeck debug output
08:37:24 host-01.domain.com Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
08:37:24 Refreshing Kerberos configuration
08:37:24 [Krb5LoginModule] user entered username: someuser@domain.com
08:37:24
08:37:25 principal is someuser@domain.com
08:37:25 Commit Succeeded
08:37:25
08:37:25 [overthere-winrm:host-01.domain.com] failed: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401)
08:37:25 Failed: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401)
08:37:25 localhost Execution failed: 15 in project test: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [host-01.domain.com: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, Node failures: {host-01.domain.com=[WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, status: failed]

consoleoutput
2018-08-01 07:37:24,861 [qtp537548559-18] INFO grails.app.services.rundeck.services.ScheduledExecutionService - scheduling temp job: TEMP:admin:15
2018-08-01 07:37:25,377 [pool-45-thread-1] WARN org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication scheme Basic not supported
2018-08-01 07:37:25,639 [pool-45-thread-1] WARN org.apache.http.impl.auth.HttpAuthenticator - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials pr ovided (Mechanism level: Server not found in Kerberos database (7)))
2018-08-01 07:37:25,643 [pool-45-thread-1] WARN org.apache.http.impl.auth.HttpAuthenticator - KERBEROS authentication error: No valid credentials provided (Mechanism level: Server not found in Kerb eros database (7))
2018-08-01 07:37:25,739 [quartzScheduler_Worker-6] ERROR grails.app.services.rundeck.services.ExecutionUtilService - Execution failed: 15 in project test: [Workflow result: , step failures: {1=Dispa tch failed on 1 nodes: [host-01.domain.com: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataC ontextImpl(map={}, base=null)} ]}, Node failures: {host-01.domain.com=[WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401 ) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, status: failed]

Any assistance is welcome, thankyou in advance

@TheUltimateDeployer
Copy link
Contributor

Hi, may be my issue #230 applies also to your servers.
You can easliy check it by downgrading to 5.0.1 or comparing the DNS names with your used values.

Hope it helps!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants