|
|
| Subject: | issue with WinRM : kerberos authGSSClientStep failed (None) |
| Author: | [Not Specified] |
| Posted: | 2014-09-10 07:35 |
Error message :
2014-09-10 08:29:22,718 ERROR zen.PythonClient: Error on 192.168.1.20: kerberos authGSSClientStep failed (None).
2014-09-10 08:29:22,718 INFO zen.PythonClient: Python client finished collection for 192.168.1.20
2014-09-10 08:29:22,719 WARNING zen.ZenModeler: The plugin zenoss.winrm.CPUs returned no results.
I've followed the steps on the wiki for setting up winRM
zWinKDC = server.domain.local (I've also tried IP address)
zWinRMServerName = 192.168.1.20 (I've also tried name.domain.local)
zWinRMPort = 5985
zWinRMUser = user@domain.local (confirmed that lower case is how it is displayed in A/D)
zWinScheme = http
I believe I've got the WinRM Settings set properly :
Config
MaxEnvelopeSizekb = 150
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 15
EnumerationTimeoutms = 60000
MaxConnections = 25
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Kerberos = true [Source="GPO"]
Negotiate = true [Source="GPO"]
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
Winrs
AllowRemoteShellAccess = true [Source="GPO"]
IdleTimeout = 7200000
MaxConcurrentUsers = 5
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647 [Source="GPO"]
MaxMemoryPerShellMB = 150
MaxShellsPerUser = 2147483647 [Source="GPO"]
I'm at a loss here and don't know which direction I should be troubleshooting. Halp
| Subject: | For posterity : I couldn't |
| Author: | [Not Specified] |
| Posted: | 2014-09-15 18:45 |
For posterity : I couldn't get this working with CentOS despite my attempts. I installed Zenoss on ubuntu server and WinRM functioned without issue.
| Subject: | Followed the Wiki |
| Author: | [Not Specified] |
| Posted: | 2014-09-18 11:57 |
Followed the Wiki
Make sure the listener is configured to http://* on the remote machine
Also, I used the local administrator user account in the zWinRMUser. Using the domain admin account didn't work, which puts a big damper on this. It might be related to how the service authentication is run but i'm working on that now.
On the local machine, there are winrm commands to help you troubleshoot
Hope that helps
| < |
Previous need file zenfixit.py.txt.zip |
Next UTF-8 / international chars in Locations |
> |