Connection Timeout between Ansible and Windows Server

I'm starting my studies with Ansible and wanted to apply it to a real situation of my work. I am implementing Ansible from Ubuntu to manage a Windows Nano Server 2016. I'm configuring to use a certificate mapped to a user account. I based this tutorial here https://adamtheautomator.com/winrm-https-ansible/

---

The Error

I tested the connection using the win_ping module and I received this output:

**ansible windows -vvvv -i hosts -m win_ping** NanoServer | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for *debug1: auto-mux: Trying existing master debug1: Control socket \"/home/woliveira/.ansible/cp/6df2d837bc\" does not exist debug2: resolving \"nanoserver\" port 5986 debug2: ssh_connect_direct debug1: Connecting to nanoserver [10.11.39.250] port 5986. debug2: fd 3 setting O_NONBLOCK debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug3: timeout: 25000 ms remain after connect debug1: identity file /home/woliveira/.ssh/id_rsa type -1 debug1: identity file /home/woliveira/.ssh/id_rsa-cert type -1 debug1: identity file /home/woliveira/.ssh/id_dsa type -1 debug1: identity file /home/woliveira/.ssh/id_dsa-cert type -1 debug1: identity file /home/woliveira/.ssh/id_ecdsa type -1 debug1: identity file /home/woliveira/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/woliveira/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/woliveira/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/woliveira/.ssh/id_ed25519 type -1 debug1: identity file /home/woliveira/.ssh/id_ed25519-cert type -1 debug1: identity file /home/woliveira/.ssh/id_ed25519_sk type -1 debug1: identity file /home/woliveira/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/woliveira/.ssh/id_xmss type -1 debug1: identity file /home/woliveira/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 **Connection timed out during banner exchange", "unreachable": true** } 

Next, I tried to increase the timeout in the ansible config file and I receive a Connection reset by peer.

NanoServer | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for *debug1: auto-mux: Trying existing master debug1: Control socket \"/home/woliveira/.ansible/cp/6df2d837bc\" does not exist debug2: resolving \"nanoserver\" port 5986 debug2: ssh_connect_direct debug1: Connecting to nanoserver [10.11.39.250] port 5986. debug2: fd 3 setting O_NONBLOCK debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug3: timeout: 3600000 ms remain after connect debug1: identity file /home/woliveira/.ssh/id_rsa type -1 debug1: identity file /home/woliveira/.ssh/id_rsa-cert type -1 debug1: identity file /home/woliveira/.ssh/id_dsa type -1 debug1: identity file /home/woliveira/.ssh/id_dsa-cert type -1 debug1: identity file /home/woliveira/.ssh/id_ecdsa type -1 debug1: identity file /home/woliveira/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/woliveira/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/woliveira/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/woliveira/.ssh/id_ed25519 type -1 debug1: identity file /home/woliveira/.ssh/id_ed25519-cert type -1 debug1: identity file /home/woliveira/.ssh/id_ed25519_sk type -1 debug1: identity file /home/woliveira/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/woliveira/.ssh/id_xmss type -1 debug1: identity file /home/woliveira/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 kex_exchange_identification: read: **Connection reset by peer", "unreachable": true** } 

The Environment Setup.

The Ansible 2.9.6 is installed in a Ubuntu 20.04.1 LTS VM

My windows server is the following: OS Name: Microsoft Windows Server 2016 Standard Evaluation OS Version: 10.0.14393 N/A Build 14393

Both VMs have Static Ip and are not in a domain. I follow this tutorial: https://vnuggets.com/2019/08/08/ansible-certificate-authentication-to-windows/

I created a Windows local user called ansibleoperator and I added this user in Local Admi Group. This is my Ansible hosts file:

[windows] NanoServer [windows:vars] ansible_user=ansibleoperator ansible_password=********* ansble_connection=winrm ansible_winrm_cert_pem=/home/woliveira/cert.pem ansible_winrm_cert_key_pem=/home/woliveira/cert_key.pem ansible_port=5986 ansible_winrm_scheme=https ansible_winrm_server_cert_validation=ignore 

The windows firewall is disabled TrustedHosts is configured for any host (vallue=*)

What I've checked

If Another Windows host is able to connect using winrm: PS C:> Test-WSMan -ComputerName "NanoServer" -UseSSL

wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor : Microsoft Corporation ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0 

From the Linux side I'm able to use Netcat to test the connection in the 5986 port using the following command:

 nc -z -w1 NanoServer 5986;echo $? 

The output is 0 (Command succeded)

I'm already tried to connect from other Windows, but this time using pywinrm script since is the same lib that Ansible use. I run this Script:

import winrm cert_pem = 'C:/Users/woliveira.adm/Desktop/CertificadoAnsible/cert.pem' cert_key_pem = 'C:/Users/woliveira.adm/Desktop/CertificadoAnsible/cert_key.pem' session = winrm.Session('NanoServer:5986', auth=('ansibleoperator', '********'), transport='certificate', cert_pem=cert_pem, cert_key_pem=cert_key_pem, server_cert_validation='ignore', ) session.run_cmd('ipconfig') 

And receive this:

Traceback (most recent call last): File "<ipython-input-56-b902c730fb9c>", line 1, in <module> runfile('C:/Users/woliveira.adm/Desktop/testewinrm.py', wdir='C:/Users/woliveira.adm/Desktop') File "C:\ProgramData\Anaconda3\lib\site-packages\spyder_kernels\customize\spydercustomize.py", line 786, in runfile execfile(filename, namespace) File "C:\ProgramData\Anaconda3\lib\site-packages\spyder_kernels\customize\spydercustomize.py", line 110, in execfile exec(compile(f.read(), filename, 'exec'), namespace) File "C:/Users/woliveira.adm/Desktop/testewinrm.py", line 19, in <module> session.run_cmd('ipconfig') File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\__init__.py", line 39, in run_cmd shell_id = self.protocol.open_shell() File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\protocol.py", line 166, in open_shell res = self.send_message(xmltodict.unparse(req)) File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\protocol.py", line 243, in send_message resp = self.transport.send_message(message) File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\transport.py", line 323, in send_message response = self._send_message_request(prepared_request, message) File "C:\ProgramData\Anaconda3\lib\site-packages\winrm\transport.py", line 328, in _send_message_request response = self.session.send(prepared_request, timeout=self.read_timeout_sec) File "C:\ProgramData\Anaconda3\lib\site-packages\requests\sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "C:\ProgramData\Anaconda3\lib\site-packages\requests\adapters.py", line 529, in send raise ReadTimeout(e, request=request) ReadTimeout: HTTPConnectionPool(host='10.11.39.250', port=5986): Read timed out. (read timeout=30) 

I don't know how I could debug this. What could I check?

Sorry about my English. If there is something that is not clear enough, please let me know.