credssp: Bad HTTP response returned from server. Code 502

Question

Seeing error credssp: Bad HTTP response returned from server. Code 502

Ansible is installed on Linux machine & I am trying to establish connection to Windows client machine

Have set below variables as per : https://docs.ansible.com/ansible/latest/os_guide/windows_winrm.html

ansible_user: <uname>
ansible_password: <pass>
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_winrm_transport: credssp

Running playbook is resulting in below error. Could you give any pointers to check this further to get resolution on it?.

fatal: [<hostname>]: UNREACHABLE! => {"changed": false, "msg": "credssp: Bad HTTP response returned from server. Code 502", "unreachable": true}

Adding details on client setup, which looks ok, following along : https://docs.ansible.com/ansible/latest/os_guide/windows_setup.html#winrm-listener

PS C:\Windows\system32> (Get-Service "WinRM").Status
Running

Below indicates : HTTP: Enabled

PS C:\Temp\Ansible> .\ConfigureRemotingForAnsible.ps1 -Verbose
VERBOSE: Verifying WinRM service.
VERBOSE: PS Remoting is already enabled.
VERBOSE: SSL listener is already active.
VERBOSE: Basic auth is already enabled.
VERBOSE: Firewall rule already exists to allow WinRM HTTPS.
VERBOSE: HTTP: Enabled | HTTPS: Disabled
VERBOSE: PS Remoting has been successfully configured for Ansible.

Exec policy set to Unrestricted as well.

PS C:\Temp\Ansible> Get-ExecutionPolicy -List

        Scope ExecutionPolicy
        ----- ---------------
MachinePolicy       Undefined
   UserPolicy       Undefined
      Process       Undefined
  CurrentUser       Undefined
 LocalMachine    Unrestricted

Powershell version looks ok : 5.x :

PSVersion                      5.1.19041.1682

And quick check on http link per below is working on windows client as well. Issue I am seeing only from Linux machine from which I am trying to connect/run playbook.

winrs -r:http://<hostname>:5985/wsman -u:<user> -p:<pass> ipconfig

Answer 1

I assume upon the chosen authentication method

ansible_winrm_transport: credssp

and the missing info about the CredSSP on the Windows side in the question and the 502 error, that this might be caused, because CredSSP ist not enabled.

As stated in the Ansible WinRM Module Documentation, if the selected authentication method is CredSSP, it needs to be enabled:

CredSSP authentication is not enabled by default on a Windows host, but can be enabled by running the following in PowerShell:

Enable-WSManCredSSP -Role Server -Force

According to the WSMAN Documentation the state of the CredSSP can be checked with:

Get-WSManCredSSP

Possible results:

If the computer is configured for CredSSP, this is the output:

 The machine is configured to allow delegating fresh credentials to the
 following target(s): wsman/server02.accounting.fabrikam.com

If the computer is not configured for CredSSP, this is the output:

The machine is not configured to allow delegating fresh credentials.

Answer 2

first make sure that the user you are trying to connect with has admin rights on the remote computer. If the user does, maybe it's a problem with the proxy. I once had a similar problem and simply running this command on the remote server fixed it:

netsh winhttp reset proxy

you can read more about netsh here:

WINHTTP - netsh

Hope that helps, good luck !