-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ntlm: unsupported hash type md4 #13519
Comments
We recently merged this PR into awx-ee: ansible/awx-ee#160 Prior to this we were using the unmaintained Maybe try using quay.io/ansible/awx-ee:21.11.0 and see if that fixes it. If it's does, it means something has changed in either ansible-core or one of our dependencies. |
IIRC either the underlying OS libs or a newer Python stdlib removed the builtin md4 impl, which pywinrm's NTLM impl requires. @jborean93 fixed it in pypsrp (really the |
OK, digging around some more the details are coming back. pywinrm currently relies on Ideally, we'd just get that PR merged and all is well (well, downstream would also have to pick up the new deps, but I think we already have pyspnego anyway for |
same issue here with our instances |
So regardless of how we address this going forward for |
hopefully this can be helpful to somebody else: I had the exact same issue, but with @nitzmahone suggestion I was able to make my jobs work again. my winrm configuration was:
my working psrp configuration is now:
|
Thanks for the help @nitzmahone @lucapxl @shanemcd. Using 21.11.0 execution environment works with winrm and changing to psrp configuration works with latest AWX EE. Problem solved! |
We're still talking through the best way to get things working again in pywinrm on newer OpenSSL, but I think we'll have a solution in place upstream for that soonish. |
OK, Jordan dusted off an open PR on requests-ntlm to convert it to use pyspnego internally, which should Just Fix the NTLM missing hash issues on newer OpenSSL. @shanemcd @AlanCoding if we pick up |
I can confirm the latest EE has this.
Anything left to do here? |
I`m facing the same error. |
modify /etc/ssl/openssl.cnf "# List of providers to load" "# problems including inability to remotely access the system." |
Please confirm the following
Bug Summary
AWX can suddenly not connect to Windows hosts showing the error "ntlm: unsupported hash type md4".
Nothing has been changed on AWX.
AWX version
21.2.0
Select the relevant components
Installation method
kubernetes
Modifications
no
Ansible version
quay.io/ansible/awx-ee:latest
Operating system
Ubuntu 22.04 LTS
Web browser
No response
Steps to reproduce
Using VMware Inventory:
Ansible Powershell WinRM script has been executed again. Also tested the credential login which also works.
Expected results
Should work as usual.
Actual results
Additional information
No response
The text was updated successfully, but these errors were encountered: