0

Here is what I have done so far.

  1. Installed AWX 2.9 using docker on CentOS.
  2. Successfully managing Windows nodes (8,10) through AWX and WinRM using certificate authentication. (No problem here)
  3. Recently got a windows 11 node and certificate authentication through AWX is failing. The error is

"msg": "certificate: ('Connection aborted.', OSError("(104, 'ECONNRESET')",))"

  1. The same script is used to enable PS remoting in the Windows 11 system as with other other versions of Windows.

  2. Also note that basic authentication works on the Windows 11 system. So I am suspecting some issue with certificate authentication.

  3. Also the ansible controller's certificate is in the Trusted People and Trusted Root stores of the Windows client. This certificate is self signed.

  4. Have spent 2 days on the internet. Clueless even where to begin.

Any help is greatly appreciated.

Abhisek Dash
  • 1
  • 2
  • `the ansible controller's certificate is in the Trusted People and Trusted Root stores of the Windows client.` And does it appears as trusted when opened in the MMC? Are there any errors in the CAPI event log? – Greg Askew Aug 11 '22 at 11:16
  • Thank you for your comment. The controller certificate appears trusted in MMC. The CAPI2 log was disabled. I have enabled it now. There are some error entries by the names of "Call_CryptSvcCatDBEnumCatalogs_NotFound" and "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.. ". What should I look for in CAPI2 log ? – Abhisek Dash Aug 11 '22 at 11:51

1 Answers1

0

Ok, I finally figured out the issue.

Windows 11 (Windows Server 2022) defaults to TLS 1.3 in Schannel protocol. The Ansible controller supports TLS 1.2. Due to this mismatch the connection was reset. After enforcing TLS 1.2 in the Windows host through registry, the certificate authentication was successful.

Abhisek Dash
  • 1
  • 2