I'm not going to lie, this video is brilliant. It's so incredibly helpful, thank you for taking the time to create and share it. Topics like this don't have enough online support to help the tech industry become knowledgeable of these topics. This is very precise, and looks to cover all the steps needed. Great Job!
Thank You very much for this video.I like it. But while working I am facing one error while running create_ansible_user.ps1. it says New-Item : The WINRM certificate mapping configuration operation cannot be completed because the user credentials could not be verified. Please check the username and password used for mapping this certificate and verify that it is a non-domain account and try again. Can you help?
@@totallynotkevin4466 to get it to work I had to move line 25: Get-LocalUser -Name $ansibleRunnerUsername | Add-LocalGroupMember -Group 'Administrators' to the end of the script. Not sure if that is the cause for your error but might be worth a shot. By any chance did you get this working?
Hello I have done all the step successfully but somehow i am able to connect getting ""msg": "certificate: the specified credentials were rejected by the server", "unreachable": true " please help.
Sometimes it is a permissions issue with the user that you have created to connect. To validate, add the user on the server to admin and try to connect again. If not, let me know if you have more logs and ill try to help
@@devopslab3942 Followed the scripts in your github with change in username as ansible instead of ansiblerunner. Changed everywhere in script I got below error "changed": false, "msg": "certificate: the specified credentials were rejected by the server", "unreachable": true Below variables used ansible_user=ansible ansible_connection=winrm ansible_winrm_transport=certificate ansible_winrm_cert_pem=path/cert.pem ansible_winrm_cert_key_pem=path/cert_key.pem ansible_port=5986 ansible_winrm_scheme=https ansible_winrm_server_cert_validation=ignore
@@devopslab3942 Hi Sir, thanks for the reply. I renamed the scripts and path and user user from ansiblerunner just to ansible but here is my setup: alll other scripts work fine -windows2012R2, clean install and fully updated -powershell: Major Minor Build Revision ----- ----- ----- -------- 5 1 14409 1005 New-WSManInstance : Object reference not set to an instance of an object. At C:\ansible_winrm_cert\5_create_winrm_listener.ps1:34 char:9 + $null = New-WSManInstance @newWsmanParams + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [New-WSManInstance], NullReferenceException + FullyQualifiedErrorId : System.NullReferenceException,Microsoft.WSMan.Management.NewWSManInstanceCommand Side note: ive noticed the script from git is missing the "Write-Host $serverCert" showing on the video, so i just added it on my side.
@@ariprince7993 I debugged it and found that there was an error in my script for the location of the server cert. I have updated the script in the git repo and it should be good. Also while working on windows 2012, I discovered that you might need to install the Microsoft.Powershell.LocalAccounts module that comes as part of the Windows Management Framework (WMF) v5.1 that can be downloaded from : www.microsoft.com/en-us/download/details.aspx?id=54616. The package required is Win8.1AndW2K12R2-KB3191564-x64. Let me know if everything works for you!
@@devopslab3942 Hi Sir i hope your doing well, few notes here. All the scripts works fine, but need to do a small update on the "generate_client_cert.sh" or "import_client_cert.ps1". The generate_client_cert.sh will create "client_cert.pem" and "client_key.pem" but on the "import_client_cert.ps1" will look for "cert.pem" After running the scripts i did the checks like on the video at 6:40, but your results were "Connection to host_ip_x 5986 port [tcp/wsmans] succeeded!" mine are "Connection to host_ip_x 5986 port [tcp/*] succeeded! i dont think this one is a show stopper, but am just wondering why. And last thing am getting this error on the ping test. host_ip_x | UNREACHABLE! => { "changed": false, "msg": "certificate: the specified credentials were rejected by the server", "unreachable": true } My PS Version: Name Value ---- ----- PSVersion 5.1.14409.1018 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.14409.1018 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1
Is it possible to use only 1 certificate for all my windows servers? That way I do not have to generate and signed each one of them. I have about 100+ servers so it can be a bit difficult to maintain.
Yes it is possible. You should comment out the code in the script to generate the windows cert and instead just place the cert with the same name and location required by the others.
Hey bro, can you help me ? Why I have an issue at step 6 ? Error: the winrm client cannot process the request. the certificate structure was incomplete Thanks a lot
Hey Tai. I can't really tell the issue just from that error. Its pretty generic. However, i ran into a similar issue twice. First, when the certificates i generated were of the incorrect type. And second, when the thumbprint being used was incorrect. I suggest you edit the script to use the exact cert you want to use just to be sure. The find operation sometimes can cause issues
Thanks for excellent article and video . what could be the reason of this error ?the server is pingable . fatal: [chq-dsctest.abcd..com]: UNREACHABLE! => {"changed": false, "msg": "certificate: HTTPSConnectionPool(host='chq-dsctest.abcd..com', port=5986): Max retries exceeded with url: /wsman (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',)))", "unreachable": true}
Hi Farid. Appreciate the feedback. As for the error, I have seen that when I have using an http proxy. There are settings to be done in pywinrm for making ansible proxy aware or you could work on the winrm side to configure it. Since I'm not aware of you exact setup, I can't be more specific. Hope this helps!
