search

xebialabs / overthere

Runs something "Over there"
http://www.xebialabs.com
Other
192 stars 66 forks source link

WinRM Error: Unexpected HTTP response on some windows machines #229

Open Noukdutypaid opened 5 years ago

Noukdutypaid commented 5 years ago

Hi!

I'm having a problem with the plugin on some windows host on my domain, they all have the same winrm setup and I've done extensive troubleshooting WinRM from windows hosts and confirmed my settings work if manipulated from windows machines with the same credentials and connection methods.

WinRm 1.1 or greater - check Windows firewall - check WS-Man service configuration - check Windows Versions 10/7 - Working using 'Test-WSMan -ComputerName ..... ' on domain controllers to hosts Spn's - Valid rundeck storing windows domain credentials & credentials are valid - check

Example setup

setspn -L host-01

    WSMAN/host-01
    WSMAN/host-01.domain.com
    TERMSRV/host-01.domain.com
    RestrictedKrbHost/host-01.domain.com
    HOST/host-01.domain.com
    TERMSRV/host-01
    RestrictedKrbHost/host-01

Winrm config PS C:\Windows\system32> winrm get winrm/config Config MaxEnvelopeSizekb = 500 MaxTimeoutms = 60000 MaxBatchItems = 32000 MaxProviderRequests = 4294967295 Client NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = true [Source="GPO"] Auth Basic = true [Source="GPO"] Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = true [Source="GPO"] DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHosts = [Source="GPO"] Service RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;G XGW;;;WD) MaxConcurrentOperations = 4294967295 MaxConcurrentOperationsPerUser = 1500 EnumerationTimeoutms = 240000 MaxConnections = 300 MaxPacketRetrievalTimeSeconds = 120 AllowUnencrypted = true [Source="GPO"] Auth Basic = true [Source="GPO"] Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed DefaultPorts HTTP = 5985 HTTPS = 5986 IPv4Filter = [Source="GPO"] IPv6Filter = * [Source="GPO"] EnableCompatibilityHttpListener = false EnableCompatibilityHttpsListener = false CertificateThumbprint AllowRemoteAccess = true [Source="GPO"] Winrs AllowRemoteShellAccess = true IdleTimeout = 7200000 MaxConcurrentUsers = 2147483647 MaxShellRunTime = 2147483647 MaxProcessesPerShell = 2147483647 MaxMemoryPerShellMB = 1024 MaxShellsPerUser = 2147483647

Rundeck config <node name="host-01.domain.com" node-executor="overthere-winrm" description="host-01.domain.com" osName="windows" tags="practice" hostname="host-01.domain.com" username="someuser@domain.com" winrm-password-storage-path="keys/somepassword" winrm-protocol="http"

      winrm-kerberos-debug="true"
      winrm-cert-trust="all"
      winrm-hostname-trust="all"
/>

rundeck debug output 08:37:24 host-01.domain.com Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false 08:37:24 Refreshing Kerberos configuration 08:37:24 [Krb5LoginModule] user entered username: someuser@domain.com 08:37:24
08:37:25 principal is someuser@domain.com 08:37:25 Commit Succeeded 08:37:25
08:37:25 [overthere-winrm:host-01.domain.com] failed: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) 08:37:25 Failed: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) 08:37:25 localhost Execution failed: 15 in project test: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [host-01.domain.com: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, Node failures: {host-01.domain.com=[WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, status: failed]

consoleoutput 2018-08-01 07:37:24,861 [qtp537548559-18] INFO grails.app.services.rundeck.services.ScheduledExecutionService - scheduling temp job: TEMP:admin:15 2018-08-01 07:37:25,377 [pool-45-thread-1] WARN org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication scheme Basic not supported 2018-08-01 07:37:25,639 [pool-45-thread-1] WARN org.apache.http.impl.auth.HttpAuthenticator - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials pr ovided (Mechanism level: Server not found in Kerberos database (7))) 2018-08-01 07:37:25,643 [pool-45-thread-1] WARN org.apache.http.impl.auth.HttpAuthenticator - KERBEROS authentication error: No valid credentials provided (Mechanism level: Server not found in Kerb eros database (7)) 2018-08-01 07:37:25,739 [quartzScheduler_Worker-6] ERROR grails.app.services.rundeck.services.ExecutionUtilService - Execution failed: 15 in project test: [Workflow result: , step failures: {1=Dispa tch failed on 1 nodes: [host-01.domain.com: WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401) + {dataContext=MultiDataC ontextImpl(map={}, base=null)} ]}, Node failures: {host-01.domain.com=[WinRMProtocolError: WinRM Error: Unexpected HTTP response on http://host-01.domain.com:5985/wsman: (401 ) + {dataContext=MultiDataContextImpl(map={}, base=null)} ]}, status: failed]

Any assistance is welcome, thankyou in advance

TheUltimateDeployer commented 5 years ago

Hi, may be my issue #230 applies also to your servers. You can easliy check it by downgrading to 5.0.1 or comparing the DNS names with your used values.

Hope it helps!