Need help Securing WinRM for Ansible with Certificates. Ive followed a couple tutorial on setting it up but Im getting an error when testing with ansible web -m win_ping -vvv.
I get the error:
[server ip address] | UNREACHABLE! => {
"changed": false,
"msg": "certificate: the specified credentials were rejected by the server",
"unreachable": true
}
when i run the command nc -vz [ip-address] 5986 it says the connection succeeded. So the port is reachable.
winrm e winrm/config/Listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 128.149.127.170, ::1, fe80::f94:6d4a:dffe:aa66%12
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = [hostname]
Enabled = true
URLPrefix = wsman
CertificateThumbprint = E80477462AD9398D6859FE9070693334BCEFBBD6
ListeningOn = 127.0.0.1, 128.149.127.170, ::1, fe80::f94:6d4a:dffe:aa66%12
winrm get winrm/config/client/auth
Auth
Basic = false [Source="GPO"]
Digest = false [Source="GPO"]
Kerberos = false
Negotiate = true
Certificate = true
CredSSP = false
PS C:\> winrm get winrm/config/service/auth
Auth
Basic = false [Source="GPO"]
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
host file
[web]
[server ip address]
[web:vars]
ansible_user=[user]
ansible_password=[password]
ansible_connection=winrm
ansible_winrm_transport=certificate
ansible_winrm_cert_pem=/home/user/.ssh/client_cert.pem
ansible_winrm_cert_key_pem=/home/user/.ssh/client_key.pem
ansible_port=5986
ansible_winrm_scheme=https
ansible_winrm_server_cert_validation=ignore
I confirmed that my user is local user and admin on the windows server.