Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

winrm_https_listener_parent_path command causes failure #10878

Closed
ngourley opened this issue Apr 29, 2015 · 8 comments
Closed

winrm_https_listener_parent_path command causes failure #10878

ngourley opened this issue Apr 29, 2015 · 8 comments
Labels
bug This issue/PR relates to a bug. windows Windows community

Comments

@ngourley
Copy link

The running of this PS command:
https://github.com/ansible/ansible-modules-core/blob/devel/windows/setup.ps1#L72
causes error on JSON conversion:
https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/powershell.ps1#L68

Its a bit confusing since it doesn't appear that $winrm_https_listener_parent_path is used for anything but getting a substring and in fact, the error persists if you run the command and do not assign the output to a variable leaving $winrm_https_listener_parent_path undefined.

failed: [remote_host] => {"failed": true, "parsed": false}
ConvertTo-Json : An error occurred creating the configuration section handler
for system.web/httpRuntime: The type initializer for
'System.Web.Configuration.HttpRuntimeSection' threw an exception.
At C:\Temp\ansible-tmp-1430330194.46-227165649139089\setup.ps1:86 char:17
+     echo $obj | ConvertTo-Json -Depth 99
+                 ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ConvertTo-Json], Configuratio
   nErrorsException
    + FullyQualifiedErrorId : System.Configuration.ConfigurationErrorsExceptio
   n,Microsoft.PowerShell.Commands.ConvertToJsonCommand
@cchurch cchurch added bug_report windows Windows community labels Apr 29, 2015
@cchurch
Copy link
Contributor

cchurch commented Apr 29, 2015

Could you provide more information on your version of Windows and PowerShell? Are you connecting to Windows over HTTPS or just HTTP?

@ngourley
Copy link
Author

Remote host is running Windows 2008 Server R2 Enterprise, SP1, Powershell 3 & Ansible prep were run on this host. Connection is using local account, and connection is over HTTPS. If I comment out that Powershell command the fact collection is successful:

ok: [remote_host] => {"ansible_facts": {"ansible_distribution": "Microsoft Windows NT 6.1.7601 Service Pack 1", "ansible_distribution_version": "6.1.7601.65536", "ansible_fqdn": "cnwxws02.cernerasp.com", "ansible_hostname": "CNWXWS02", "ansible_interfaces": [{"default_gateway": "7.40.2.1", "dns_domain": null, "interface_index": 11, "interface_name": "vmxnet3 Ethernet Adapter #3"}], "ansible_ip_addresses": ["7.40.2.98"], "ansible_os_family": "Windows", "ansible_powershell_version": 3, "ansible_system": "Win32NT", "ansible_totalmem": 4294967296}, "changed": false}

@jhawkesworth
Copy link
Contributor

Does the user you are connecting as have Administrator permissions, or is it a member of the
WinRMRemoteWMIUsers__ group?

(see https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx )

If not I think this is likely to fail (I just tried locally on a windows 7 box and found I had to be running as Administrator to get just this part of the command to run):

get-childitem -Path WSMan:\localhost\

Could you try this out with and without the group membership? If it fixes it then I think I need to
1/ fix up the code so the permission denied doesn't cause ConvertTo-Json to fail and 2/ create a documentation update PR as, looking at http://docs.ansible.com/intro_windows.html#windows-system-prep, there's no mention of WinRMRemoteWMIUsers__ group in the windows setup instructions

@ngourley
Copy link
Author

No luck @jhawkesworth . I tried with the account as a member of both Administrators and WinRMRemoteWMIUsers__ and each group individually. When I tried WinRMRemoteWMIUsers__ only, the connection failed.

@jhawkesworth
Copy link
Contributor

Ok let's try a few other ideas.

First, is the windows box fully up to date with windows updates? I had trouble with a fresh Windows Server 2008 install which were fixed by http://support.microsoft.com/kb/2842230.

My guess about the exception is that there's something unexpected about the winrm configuration itself.

Can you run

Get-PSProvider

in powershell on the affected machine and see if WSMan is listed?

Also, can you share the machine's winrm configuration (from memory this command will display)?

winrm get winrm/config

@ngourley
Copy link
Author

ngourley commented May 1, 2015

I confirmed that the host is up-to date on Windows updates, here is the output you requested:

PS C:\Users\cern_ops> Get-PSProvider

Name                 Capabilities                                      Drives
----                 ------------                                      ------
Alias                ShouldProcess                                     {Alias}
Environment          ShouldProcess                                     {Env}
FileSystem           Filter, ShouldProcess, Credentials                {C, A, R}
Function             ShouldProcess                                     {Function}
Registry             ShouldProcess, Transactions                       {HKLM, HKCU}
Variable             ShouldProcess                                     {Variable}
WSMan                Credentials                                       {WSMan}

PS C:\Users\cern_ops> winrm get winrm/config
Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = false
        Auth
            Basic = true
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 10
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 25
        MaxMemoryPerShellMB = 1024
        MaxShellsPerUser = 30

@ngourley
Copy link
Author

ngourley commented May 1, 2015

I stopped running the command in verbose mode "-vvvv" and started seeing out of memory errors. Adjusting MaxMemoryPerShellMB didn't help. Applying the hotfix mentioned here and in #8345 (comment) worked however, http://support.microsoft.com/kb/2842230 @jhawkesworth thanks for the tip.

@jhawkesworth
Copy link
Contributor

Ah glad it's working. Was about to try and spin up a 2008 machine to try
it for myself.

On Fri, May 1, 2015 at 8:00 PM, Nathan Gourley notifications@github.com
wrote:

I stopped running the command in verbose mode "-vvvv" and started seeing
out of memory errors. Adjusting MaxMemoryPerShellMB didn't help. Applying
the hotfix mentioned here and in #8345 (comment)
#8345 (comment)
worked however, http://support.microsoft.com/kb/2842230 @jhawkesworth
https://github.com/jhawkesworth thanks for the tip.


Reply to this email directly or view it on GitHub
#10878 (comment).

@ngourley ngourley closed this as completed May 4, 2015
jhawkesworth added a commit to jhawkesworth/ansible that referenced this issue May 6, 2015
@jhawkesworth
Add advice about using unpatched Windows Management Framework 3.0.
9d572af 
Hopefully this should reduce bug reports like ansible#10878 and ansible#10825
@jhawkesworth jhawkesworth mentioned this issue May 6, 2015
Merged
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 6, 2018
@ansible ansible locked and limited conversation to collaborators Apr 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug. windows Windows community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cchurch @ngourley @ansibot @jhawkesworth