Le 2014-04-09 17:10, Deprez, Tom a écrit :
Hi,
I’ve been bootstrapping Windows servers in a lab environment using local admin accounts and this has worked fine (bootstrap command is run from a Windows server). However, we’re now trying to integrate this into production and would like to use an AD account when bootstrapping the server. This is failing with the following error:
D:\chef-repo>knife bootstrap windows winrm 10.175.1.21 --winrm-user="domain\build_chef" --winrm-password="password"
Bootstrapping Chef on 10.175.1.21
ERROR: Failed to authenticate to ["10.175.1.21"] as domain\build_chef
Response: Bad HTTP response returned from server (401).
ERROR: Batch render command returned
On the server I am trying to bootstrap, I get this error in the security logs:
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Build_Chef
Account Domain: BMGUK
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC000005E
Sub Status: 0x0
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Any ideas on why this is failing? And why is it trying to use NTLM rather than Kerberos?
NtLmSsp is the auth service under windows, it doen't really tell if it is authenticating with kerberos or NTLM scheme.
Try using or escape the backslah to avoid escaping the B of Build_chef: domain\\Build_hef.
If the domain\Build_chef is only a mail typo, try the @ form for the username which should works.
Regards,
Tensibai
Archive powered by MHonArc 2.6.16.