Rundeck to Windows: 401 HTTP response on HTTPS
theharleyquin opened this issue · comments
My team is working on a Rundeck communicating to windows implementation and we are running into HTTP mismatch/401 error:
failed: Unexpected HTTP response on https://myserver.domain.com:5986/wsman: (401)
We know that the server is up and configured correctly because if we winrm from a Windows command line the connection has no issue.
$ knife winrm myserver.domain.com -m dir -x rundeck -P NOTREALPASS -t ssl -p 5986
.
myserver.domain.com Volume in drive C is SYSTEM
myserver.domain.com Volume Serial Number is 16C0-A08B
myserver.domain.com
myserver.domain.com Directory of C:\Users\RunDeck
myserver.domain.com
myserver.domain.com 12/09/2016 03:23 PM
myserver.domain.com 12/09/2016 03:23 PM ..
myserver.domain.com 08/22/2013 10:39 AM Desktop
myserver.domain.com 12/09/2016 03:23 PM Documents
myserver.domain.com 08/22/2013 10:39 AM Downloads
myserver.domain.com 08/22/2013 10:39 AM Favorites
myserver.domain.com 08/22/2013 10:39 AM Links
myserver.domain.com 08/22/2013 10:39 AM Music
myserver.domain.com 08/22/2013 10:39 AM Pictures
myserver.domain.com 08/22/2013 10:39 AM Saved Games
myserver.domain.com 08/22/2013 10:39 AM Videos
myserver.domain.com 0 File(s) 0 bytes
myserver.domain.com 11 Dir(s) 73,239,502,848 bytes free
If there are any suggestions please let me know. Added is also the WinRM config:
C:\Windows\system32>winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;G
XGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter = * [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 10
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 25
MaxMemoryPerShellMB = 1024
MaxShellsPerUser = 30
C:\Windows\system32>winrm e winrm/config/listener
Listener [Source="GPO"]
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = IPADD_, 127.0.0.1, ::1
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = myserver.domain.com
Enabled = true
URLPrefix = wsman
CertificateThumbprint = CERT_THUMB
ListeningOn = IPADD_, 127.0.0.1, ::1
C:\Windows\system32>
Please have a look at the troubleshooting tips in the README.md file:
https://github.com/xebialabs/overthere#smb_cifs_troubleshooting
Yes this can be closed. Even though we are using SSL/HTTPS we still need the UnEncrypted=True from the troubleshooting guide.