Ansible WinRM Error when collecting winrm facts: You cannot call a method on a null-valued expression message
I have a lab resident in a vCenter server, the lab includes 5 windows servers and 3 windows 10 Each time I running a playbook (any playbook) against this lab, 2 errors are appeared in TASK [Gathering Facts]:
[WARNING]: Error when collecting winrm facts: You cannot call a method on a null-valued expression. At line:15 char:17 + ...
$ansibleFacts.ansible_win_rm_certificate_expires = $_.Not ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo :
InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull at <ScriptBlock>, <No file>: line 15 at <ScriptBlock>, <No file>: line
13
[WARNING]: Error when collecting facter facts: Test-Path : Access is denied At line:10 char:17 + Test-Path -LiteralPath $facterPath +
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (\\Domain.com\Sys...rtup\facter.exe:String) [Test-Path], UnauthorizedAccessException
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.TestPathCommand at <ScriptBlock>, <No file>: line 10 at <ScriptBlock>, <No
file>: line 3
The full log:
TASK [Gathering Facts] ****************************************************************************************************************************************************task path: /ansible/playbooks/copy_r10_files.yml:2
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /root/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<vm1.domain.com> ESTABLISH WINRM CONNECTION FOR USER: Domain\hiddai on PORT 5985 TO vm1.domain.com
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /root/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<vm2.domain.com> ESTABLISH WINRM CONNECTION FOR USER: DOMAIN\hiddai on PORT 5985 TO vm1.domain.com
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
EXEC (via pipeline wrapper)
Using module file /root/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<vm3.domain.com> ESTABLISH WINRM CONNECTION FOR USER: DOMAIN\hiddai on PORT 5985 TO srraalabjhqdb.r10.local
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /root/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
<vm4.domain.com> ESTABLISH WINRM CONNECTION FOR USER: DOMAIN\hiddai on PORT 5985 TO vm4.domain.com
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
EXEC (via pipeline wrapper)
Using module file /root/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<vm5.domain.com> ESTABLISH WINRM CONNECTION FOR USER: DOMAIN\hiddai on PORT 5985 TO vm5.domain.com
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
[WARNING]: Error when collecting winrm facts: You cannot call a method on a null-valued expression. At line:15 char:17 + ...
$ansibleFacts.ansible_win_rm_certificate_expires = $_.Not ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo :
InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull at <ScriptBlock>, <No file>: line 15 at <ScriptBlock>, <No file>: line
13
ok: [vm3.domain.com]
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /root/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<vm7.domain.com> ESTABLISH WINRM CONNECTION FOR USER: DOMAIN\hiddai on PORT 5985 TO vm7.domain.com
ok: [vm4.domain.com]
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /root/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<vm6.domain.com> ESTABLISH WINRM CONNECTION FOR USER: DOMAIN\hiddai on PORT 5985 TO vm6.domain.com
EXEC (via pipeline wrapper)
ok: [vm1.domain.com]
ok: [vm2.domain.com]
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /root/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<vm8.domain.com> ESTABLISH WINRM CONNECTION FOR USER: DOMAIN\hiddai on PORT 5985 TO vm8.domain.com
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
ok: [vm5.domain.com]
ok: [vm7.domain.com]
[WARNING]: Error when collecting facter facts: Test-Path : Access is denied At line:10 char:17 + Test-Path -LiteralPath $facterPath +
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (\\R10.local\Sys...rtup\facter.exe:String) [Test-Path], UnauthorizedAccessException
+ FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.PowerShell.Commands.TestPathCommand at <ScriptBlock>, <No file>: line 10 at <ScriptBlock>, <No
file>: line 3
ok: [vm8.domain.com]
ok: [vm6.domain.com]
META: ran handlers
My Dockerfile is
FROM centos:8
USER root
RUN yum check-update -y; \
yum update -y; \
yum install -y epel-release; \
yum install -y gcc; \
yum install -y libffi-devel; \
yum install -y wget; \
yum install -y git; \
yum install -y python3; \
dnf install -y python3-setuptools; \
pip3 install --upgrade setuptools; \
yum install -y python3-pip; \
pip3 install --upgrade pip; \
pip3 install pywinrm; \
pip3 install PyVmomi; \
# Ansible 2.11.x
pip3 install ansible; \
# Azure
wget -q https://raw.githubusercontent.com/ansible-collections/azure/dev/requirements-azure.txt; \
pip3 install -r requirements-azure.txt; \
rm requirements-azure.txt; \
ansible-galaxy collection install azure.azcollection; \
# The collection includes the VMware modules and plugins supported by
# Ansible VMware community to help the management of VMware infrastructure
pip3 install -r ~/.ansible/collections/ansible_collections/community/vmware/requirements.txt; \
ansible-galaxy collection install community.vmware; \
# Downloads file from HTTP, HTTPS, or FTP to node
ansible-galaxy collection install ansible.windows;
# chmod -R o-w /ansible;
CMD [ "/usr/sbin/init" ]
My all.yml file includes winrm details
---
# WinRM Protocol Details
ansible_user: DOMAIN\hiddai
ansible_password: F01o3O4
ansible_connection: winrm
ansible_port: 5985
ansible_winrm_scheme: http
ansible_winrm_server_cert_validation: ignore
ansible_winrm_transport: ntlm
ansible_winrm_read_timeout_sec: 60
ansible_winrm_operation_timeout_sec: 58
regard ERROR 1: checking winrm in one of the machine in the domain shows:
C:\Users\qa>winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true [Source="GPO"]
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts [Source="GPO"]
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = true [Source="GPO"]
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter = * [Source="GPO"]
EnableCompatibilityHttpListener = true [Source="GPO"]
EnableCompatibilityHttpsListener = true [Source="GPO"]
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
My ansible container version is:
[root@ansible ansible]# ansible --version
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.6.8 (default, Mar 19 2021, 05:13:41) [GCC
8.4.1 20200928 (Red Hat 8.4.1-1)]. This feature will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
ansible [core 2.11.3]
config file = /ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.6.8 (default, Mar 19 2021, 05:13:41) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
jinja version = 3.0.1
libyaml = True
How can I resolve those errors?
First error: do you have a winrm https (tcp port 5986) listener configured with a certificate? My guess is that it is unable to call that method because it cannot find any certificates.
Second error: you look to be getting an access denied error when attempting to double-hop to a UNC path. Either 1) Don't do this, or 2) if required, you'll need to configure credential delegation (either per-task, per-play, or in the connection). You can delegate either CredSSP or Kerberos credentials (by the looks of it, you'll definitely be needing more python modules if going with Kerberos.
Read up on ansible, windows and kerberos here: https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html