Has anyone solved the double-hop issue with Ansible and Windows clients?Useful Command-line Commands on Windowsansible: why is the file module skipping?How to encrypt binary files in Ansible?How to fetch multiple files from remote machine to local with AnsibleBest practice for creating Ansible usersWhere does ansible package module search for given package name?Deploying a windows machine with ansible and sysprepIssue with Ansible wait_for module - how to reliably check if the VM is up and running?How to copy a 1 GB file using ansible to remote machine as different remote user and passwordWhat does Ansible push to the remote host?

What is the olden name for sideburns?

Do we or do we not observe (measure) superpositions all the time?

How to convert object fill in to fine lines?

Can a US President have someone sent to prison?

Does the UK have a written constitution?

How should I behave to assure my friends that I am not after their money?

In F1 classification, what is ON?

can’t run a function against EXEC

How was film developed in the late 1920s?

Do I have to roll to maintain concentration if a target other than me who is affected by my concentration spell takes damage?

How can I check type T is among parameter pack Ts... in C++?

Can I use the PWM pins as regular digital input/output pins?

Drawing game tree - Tikz or Forest?

Transitive action of a discrete group on a compact space

Bash echo $-1 prints hb1. Why?

In the context of a differentiator circuit, what is a “current-sensing resistor”?

Math PhD in US vs Master + PhD in Europe

When is it ok to add filler to a story?

How would a order of Monks that renounce their names communicate effectively?

Generate and graph the Recamán Sequence

Why is Madam Hooch not a professor?

Does a centaur PC also count as being mounted?

How do accents of a whole town drift?

How well known and how commonly used was Huffman coding in 1979?



Has anyone solved the double-hop issue with Ansible and Windows clients?


Useful Command-line Commands on Windowsansible: why is the file module skipping?How to encrypt binary files in Ansible?How to fetch multiple files from remote machine to local with AnsibleBest practice for creating Ansible usersWhere does ansible package module search for given package name?Deploying a windows machine with ansible and sysprepIssue with Ansible wait_for module - how to reliably check if the VM is up and running?How to copy a 1 GB file using ansible to remote machine as different remote user and passwordWhat does Ansible push to the remote host?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















My situation: I have an Ansible server, a Tower server, a Windows file server, and a Windows client. Through Ansible, I want to tell the Windows client to copy some files from the Windows file server. After having trouble finding a playbook module that would allow me to copy files from a remote host to a client machine, I decided to try a series of different Powershell scripts and cmdlets to perform the simple file copy.



I appear to be running into the double hop problem and since an Ansible / Linux server is the originating machine in this scenario- and I don't have control of that machine- I was wondering if anyone has solved this problem and managed to get scripts to get past the double hop. Alternatively, if anyone knows of an Ansible module that can copy files from a remote host to a client host, that would be of interest, too. If I need to submit a ticket for the Ansible owners to do something, or if I need to do something, or if I should give up, whatever the case, thanks for your time!






windows powershell ansible winrm







share|improve this question






















  • have you tried enabling kerberos delegation on the windows client computer? is everyone a domain joined machine? what about ansible...do you use kerberos or password authentication to winrm?

    – Jacob Evans
    Mar 22 '17 at 0:11











  • Why don't you mount the a file share from the file server on the target system and use win_copy?

    – Henrik Pingel
    Mar 22 '17 at 6:58











  • @JacobEvans, I knew I left out an important detail: In this scenario, I don't have any AD member machines; only workgroup machines. The file share mount idea... I will definitely try right now.

    – DrewJenseric
    Mar 22 '17 at 17:33












  • Looks like attempting to mount a share still requires that credentials be provided.

    – DrewJenseric
    Mar 22 '17 at 17:57











  • You don't have to mount the share to use it in PowerShell. You can access it directly through UNC path. copy-item \serversharefile.ext $destination However, the account doing the copying needs permissions. Not sure if this helps, so that's why it's a comment instead of an answer.

    – Xalorous
    Apr 28 '17 at 22:37

















1















My situation: I have an Ansible server, a Tower server, a Windows file server, and a Windows client. Through Ansible, I want to tell the Windows client to copy some files from the Windows file server. After having trouble finding a playbook module that would allow me to copy files from a remote host to a client machine, I decided to try a series of different Powershell scripts and cmdlets to perform the simple file copy.



I appear to be running into the double hop problem and since an Ansible / Linux server is the originating machine in this scenario- and I don't have control of that machine- I was wondering if anyone has solved this problem and managed to get scripts to get past the double hop. Alternatively, if anyone knows of an Ansible module that can copy files from a remote host to a client host, that would be of interest, too. If I need to submit a ticket for the Ansible owners to do something, or if I need to do something, or if I should give up, whatever the case, thanks for your time!






windows powershell ansible winrm







share|improve this question






















  • have you tried enabling kerberos delegation on the windows client computer? is everyone a domain joined machine? what about ansible...do you use kerberos or password authentication to winrm?

    – Jacob Evans
    Mar 22 '17 at 0:11











  • Why don't you mount the a file share from the file server on the target system and use win_copy?

    – Henrik Pingel
    Mar 22 '17 at 6:58











  • @JacobEvans, I knew I left out an important detail: In this scenario, I don't have any AD member machines; only workgroup machines. The file share mount idea... I will definitely try right now.

    – DrewJenseric
    Mar 22 '17 at 17:33












  • Looks like attempting to mount a share still requires that credentials be provided.

    – DrewJenseric
    Mar 22 '17 at 17:57











  • You don't have to mount the share to use it in PowerShell. You can access it directly through UNC path. copy-item \serversharefile.ext $destination However, the account doing the copying needs permissions. Not sure if this helps, so that's why it's a comment instead of an answer.

    – Xalorous
    Apr 28 '17 at 22:37













1












1








1








My situation: I have an Ansible server, a Tower server, a Windows file server, and a Windows client. Through Ansible, I want to tell the Windows client to copy some files from the Windows file server. After having trouble finding a playbook module that would allow me to copy files from a remote host to a client machine, I decided to try a series of different Powershell scripts and cmdlets to perform the simple file copy.



I appear to be running into the double hop problem and since an Ansible / Linux server is the originating machine in this scenario- and I don't have control of that machine- I was wondering if anyone has solved this problem and managed to get scripts to get past the double hop. Alternatively, if anyone knows of an Ansible module that can copy files from a remote host to a client host, that would be of interest, too. If I need to submit a ticket for the Ansible owners to do something, or if I need to do something, or if I should give up, whatever the case, thanks for your time!






windows powershell ansible winrm







share|improve this question














My situation: I have an Ansible server, a Tower server, a Windows file server, and a Windows client. Through Ansible, I want to tell the Windows client to copy some files from the Windows file server. After having trouble finding a playbook module that would allow me to copy files from a remote host to a client machine, I decided to try a series of different Powershell scripts and cmdlets to perform the simple file copy.



I appear to be running into the double hop problem and since an Ansible / Linux server is the originating machine in this scenario- and I don't have control of that machine- I was wondering if anyone has solved this problem and managed to get scripts to get past the double hop. Alternatively, if anyone knows of an Ansible module that can copy files from a remote host to a client host, that would be of interest, too. If I need to submit a ticket for the Ansible owners to do something, or if I need to do something, or if I should give up, whatever the case, thanks for your time!






windows powershell ansible winrm




windows powershell ansible winrm






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 21 '17 at 21:53









DrewJensericDrewJenseric

83 bronze badges




83 bronze badges












  • have you tried enabling kerberos delegation on the windows client computer? is everyone a domain joined machine? what about ansible...do you use kerberos or password authentication to winrm?

    – Jacob Evans
    Mar 22 '17 at 0:11











  • Why don't you mount the a file share from the file server on the target system and use win_copy?

    – Henrik Pingel
    Mar 22 '17 at 6:58











  • @JacobEvans, I knew I left out an important detail: In this scenario, I don't have any AD member machines; only workgroup machines. The file share mount idea... I will definitely try right now.

    – DrewJenseric
    Mar 22 '17 at 17:33












  • Looks like attempting to mount a share still requires that credentials be provided.

    – DrewJenseric
    Mar 22 '17 at 17:57











  • You don't have to mount the share to use it in PowerShell. You can access it directly through UNC path. copy-item \serversharefile.ext $destination However, the account doing the copying needs permissions. Not sure if this helps, so that's why it's a comment instead of an answer.

    – Xalorous
    Apr 28 '17 at 22:37

















  • have you tried enabling kerberos delegation on the windows client computer? is everyone a domain joined machine? what about ansible...do you use kerberos or password authentication to winrm?

    – Jacob Evans
    Mar 22 '17 at 0:11











  • Why don't you mount the a file share from the file server on the target system and use win_copy?

    – Henrik Pingel
    Mar 22 '17 at 6:58











  • @JacobEvans, I knew I left out an important detail: In this scenario, I don't have any AD member machines; only workgroup machines. The file share mount idea... I will definitely try right now.

    – DrewJenseric
    Mar 22 '17 at 17:33












  • Looks like attempting to mount a share still requires that credentials be provided.

    – DrewJenseric
    Mar 22 '17 at 17:57











  • You don't have to mount the share to use it in PowerShell. You can access it directly through UNC path. copy-item \serversharefile.ext $destination However, the account doing the copying needs permissions. Not sure if this helps, so that's why it's a comment instead of an answer.

    – Xalorous
    Apr 28 '17 at 22:37
















have you tried enabling kerberos delegation on the windows client computer? is everyone a domain joined machine? what about ansible...do you use kerberos or password authentication to winrm?

– Jacob Evans
Mar 22 '17 at 0:11





have you tried enabling kerberos delegation on the windows client computer? is everyone a domain joined machine? what about ansible...do you use kerberos or password authentication to winrm?

– Jacob Evans
Mar 22 '17 at 0:11













Why don't you mount the a file share from the file server on the target system and use win_copy?

– Henrik Pingel
Mar 22 '17 at 6:58





Why don't you mount the a file share from the file server on the target system and use win_copy?

– Henrik Pingel
Mar 22 '17 at 6:58













@JacobEvans, I knew I left out an important detail: In this scenario, I don't have any AD member machines; only workgroup machines. The file share mount idea... I will definitely try right now.

– DrewJenseric
Mar 22 '17 at 17:33






@JacobEvans, I knew I left out an important detail: In this scenario, I don't have any AD member machines; only workgroup machines. The file share mount idea... I will definitely try right now.

– DrewJenseric
Mar 22 '17 at 17:33














Looks like attempting to mount a share still requires that credentials be provided.

– DrewJenseric
Mar 22 '17 at 17:57





Looks like attempting to mount a share still requires that credentials be provided.

– DrewJenseric
Mar 22 '17 at 17:57













You don't have to mount the share to use it in PowerShell. You can access it directly through UNC path. copy-item \serversharefile.ext $destination However, the account doing the copying needs permissions. Not sure if this helps, so that's why it's a comment instead of an answer.

– Xalorous
Apr 28 '17 at 22:37





You don't have to mount the share to use it in PowerShell. You can access it directly through UNC path. copy-item \serversharefile.ext $destination However, the account doing the copying needs permissions. Not sure if this helps, so that's why it's a comment instead of an answer.

– Xalorous
Apr 28 '17 at 22:37










2 Answers
2






active

oldest

votes


















1














While this is an absolute hack, and I'm sure you've already moved on from this problem, one workaround is to create a scheduled task (using the Windows schtasks command) and execute it immediately to perform the copy. The scheduled task will run in the proper context and be able to copy from the server without encountering the double-hop issue, because it originates from the client machine. I'm sure there's an actual Ansible-level solution to this problem, but this is my current workaround.



Your higher level script can use psutil or something similar to monitor the task and not return until the scheduled task has completed.



Here's an helper script I wrote in Python for accomplishing this:



# run_as_scheduled_task.py
import psutil
import subprocess
import time
import sys

to_match = sys.argv[1]
to_run = ' '.join(sys.argv[2:])
print("Running the following command as immediate scheduled task:")
print(to_run)
print("Will return only once process matching wildcard "0" is no longer found".format(to_match))

subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /create /tn "QUICKSCHTASK" /tr "0" /sc ONCE /st 00:00'.format(to_run), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /run /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
time.sleep(0.1)

def processDead(proc):
 print("Process is now dead - 0".format(proc))
 subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

process = None
for proc in psutil.process_iter():
 if to_match in proc.name():
 gone, still_alive = psutil.wait_procs([proc], None, processDead)
 break


You can call this from a higher level script to perform operations and circumvent the double hop. Very hacky, but it works. Example usage of script would be:



start /wait py -3 run_as_scheduled_task.py 'robocopy' 'robocopy SOURCE DEST'


An alternative method is to call psexec on the target machine with the -s flag to use the System account. More information on that here: https://stackoverflow.com/questions/15242248/double-hop-access-to-copy-files-without-credssp






share|improve this answer




















  • 1





    I have indeed moved on- turns out the server admin team found they can enable CredSSP on the Ansible server- but this solution is brilliant. Thank you.

    – DrewJenseric
    Apr 26 '17 at 22:58


















0














system account will access only resource inside local system with highest privileges. How can it access another server in UNC.



And if we create Sch taks with a different user and run it from ansible....it is creating with ansible account and sch tasks doesn't run as "the option selected by default is RUN only when user logged in"






share|improve this answer























  • I tried with the above options in my case and noe of them worked...I think only Credssp at ansible config level is the solution.

    – srinivas
    Jun 10 at 7:41











  • Can you please let me know if I am miossing anything

    – srinivas
    Jun 10 at 7:42











  • it's not clear what you answered here. Please put more effort into making it clear.

    – asdmin
    Jun 10 at 11:54













Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f839761%2fhas-anyone-solved-the-double-hop-issue-with-ansible-and-windows-clients%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














While this is an absolute hack, and I'm sure you've already moved on from this problem, one workaround is to create a scheduled task (using the Windows schtasks command) and execute it immediately to perform the copy. The scheduled task will run in the proper context and be able to copy from the server without encountering the double-hop issue, because it originates from the client machine. I'm sure there's an actual Ansible-level solution to this problem, but this is my current workaround.



Your higher level script can use psutil or something similar to monitor the task and not return until the scheduled task has completed.



Here's an helper script I wrote in Python for accomplishing this:



# run_as_scheduled_task.py
import psutil
import subprocess
import time
import sys

to_match = sys.argv[1]
to_run = ' '.join(sys.argv[2:])
print("Running the following command as immediate scheduled task:")
print(to_run)
print("Will return only once process matching wildcard "0" is no longer found".format(to_match))

subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /create /tn "QUICKSCHTASK" /tr "0" /sc ONCE /st 00:00'.format(to_run), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /run /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
time.sleep(0.1)

def processDead(proc):
 print("Process is now dead - 0".format(proc))
 subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

process = None
for proc in psutil.process_iter():
 if to_match in proc.name():
 gone, still_alive = psutil.wait_procs([proc], None, processDead)
 break


You can call this from a higher level script to perform operations and circumvent the double hop. Very hacky, but it works. Example usage of script would be:



start /wait py -3 run_as_scheduled_task.py 'robocopy' 'robocopy SOURCE DEST'


An alternative method is to call psexec on the target machine with the -s flag to use the System account. More information on that here: https://stackoverflow.com/questions/15242248/double-hop-access-to-copy-files-without-credssp






share|improve this answer




















  • 1





    I have indeed moved on- turns out the server admin team found they can enable CredSSP on the Ansible server- but this solution is brilliant. Thank you.

    – DrewJenseric
    Apr 26 '17 at 22:58















1














While this is an absolute hack, and I'm sure you've already moved on from this problem, one workaround is to create a scheduled task (using the Windows schtasks command) and execute it immediately to perform the copy. The scheduled task will run in the proper context and be able to copy from the server without encountering the double-hop issue, because it originates from the client machine. I'm sure there's an actual Ansible-level solution to this problem, but this is my current workaround.



Your higher level script can use psutil or something similar to monitor the task and not return until the scheduled task has completed.



Here's an helper script I wrote in Python for accomplishing this:



# run_as_scheduled_task.py
import psutil
import subprocess
import time
import sys

to_match = sys.argv[1]
to_run = ' '.join(sys.argv[2:])
print("Running the following command as immediate scheduled task:")
print(to_run)
print("Will return only once process matching wildcard "0" is no longer found".format(to_match))

subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /create /tn "QUICKSCHTASK" /tr "0" /sc ONCE /st 00:00'.format(to_run), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /run /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
time.sleep(0.1)

def processDead(proc):
 print("Process is now dead - 0".format(proc))
 subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

process = None
for proc in psutil.process_iter():
 if to_match in proc.name():
 gone, still_alive = psutil.wait_procs([proc], None, processDead)
 break


You can call this from a higher level script to perform operations and circumvent the double hop. Very hacky, but it works. Example usage of script would be:



start /wait py -3 run_as_scheduled_task.py 'robocopy' 'robocopy SOURCE DEST'


An alternative method is to call psexec on the target machine with the -s flag to use the System account. More information on that here: https://stackoverflow.com/questions/15242248/double-hop-access-to-copy-files-without-credssp






share|improve this answer




















  • 1





    I have indeed moved on- turns out the server admin team found they can enable CredSSP on the Ansible server- but this solution is brilliant. Thank you.

    – DrewJenseric
    Apr 26 '17 at 22:58













1












1








1







While this is an absolute hack, and I'm sure you've already moved on from this problem, one workaround is to create a scheduled task (using the Windows schtasks command) and execute it immediately to perform the copy. The scheduled task will run in the proper context and be able to copy from the server without encountering the double-hop issue, because it originates from the client machine. I'm sure there's an actual Ansible-level solution to this problem, but this is my current workaround.



Your higher level script can use psutil or something similar to monitor the task and not return until the scheduled task has completed.



Here's an helper script I wrote in Python for accomplishing this:



# run_as_scheduled_task.py
import psutil
import subprocess
import time
import sys

to_match = sys.argv[1]
to_run = ' '.join(sys.argv[2:])
print("Running the following command as immediate scheduled task:")
print(to_run)
print("Will return only once process matching wildcard "0" is no longer found".format(to_match))

subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /create /tn "QUICKSCHTASK" /tr "0" /sc ONCE /st 00:00'.format(to_run), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /run /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
time.sleep(0.1)

def processDead(proc):
 print("Process is now dead - 0".format(proc))
 subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

process = None
for proc in psutil.process_iter():
 if to_match in proc.name():
 gone, still_alive = psutil.wait_procs([proc], None, processDead)
 break


You can call this from a higher level script to perform operations and circumvent the double hop. Very hacky, but it works. Example usage of script would be:



start /wait py -3 run_as_scheduled_task.py 'robocopy' 'robocopy SOURCE DEST'


An alternative method is to call psexec on the target machine with the -s flag to use the System account. More information on that here: https://stackoverflow.com/questions/15242248/double-hop-access-to-copy-files-without-credssp






share|improve this answer















While this is an absolute hack, and I'm sure you've already moved on from this problem, one workaround is to create a scheduled task (using the Windows schtasks command) and execute it immediately to perform the copy. The scheduled task will run in the proper context and be able to copy from the server without encountering the double-hop issue, because it originates from the client machine. I'm sure there's an actual Ansible-level solution to this problem, but this is my current workaround.



Your higher level script can use psutil or something similar to monitor the task and not return until the scheduled task has completed.



Here's an helper script I wrote in Python for accomplishing this:



# run_as_scheduled_task.py
import psutil
import subprocess
import time
import sys

to_match = sys.argv[1]
to_run = ' '.join(sys.argv[2:])
print("Running the following command as immediate scheduled task:")
print(to_run)
print("Will return only once process matching wildcard "0" is no longer found".format(to_match))

subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /create /tn "QUICKSCHTASK" /tr "0" /sc ONCE /st 00:00'.format(to_run), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.call('C:\Windows\System32\schtasks /run /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
time.sleep(0.1)

def processDead(proc):
 print("Process is now dead - 0".format(proc))
 subprocess.call('C:\Windows\System32\schtasks /delete /f /tn "QUICKSCHTASK"', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

process = None
for proc in psutil.process_iter():
 if to_match in proc.name():
 gone, still_alive = psutil.wait_procs([proc], None, processDead)
 break


You can call this from a higher level script to perform operations and circumvent the double hop. Very hacky, but it works. Example usage of script would be:



start /wait py -3 run_as_scheduled_task.py 'robocopy' 'robocopy SOURCE DEST'


An alternative method is to call psexec on the target machine with the -s flag to use the System account. More information on that here: https://stackoverflow.com/questions/15242248/double-hop-access-to-copy-files-without-credssp







share|improve this answer














share|improve this answer



share|improve this answer








edited May 23 '17 at 12:41









Community

1




1










answered Apr 26 '17 at 19:08









Robert KellyRobert Kelly

1262 bronze badges




1262 bronze badges







  • 1





    I have indeed moved on- turns out the server admin team found they can enable CredSSP on the Ansible server- but this solution is brilliant. Thank you.

    – DrewJenseric
    Apr 26 '17 at 22:58












  • 1





    I have indeed moved on- turns out the server admin team found they can enable CredSSP on the Ansible server- but this solution is brilliant. Thank you.

    – DrewJenseric
    Apr 26 '17 at 22:58







1




1





I have indeed moved on- turns out the server admin team found they can enable CredSSP on the Ansible server- but this solution is brilliant. Thank you.

– DrewJenseric
Apr 26 '17 at 22:58





I have indeed moved on- turns out the server admin team found they can enable CredSSP on the Ansible server- but this solution is brilliant. Thank you.

– DrewJenseric
Apr 26 '17 at 22:58













0














system account will access only resource inside local system with highest privileges. How can it access another server in UNC.



And if we create Sch taks with a different user and run it from ansible....it is creating with ansible account and sch tasks doesn't run as "the option selected by default is RUN only when user logged in"






share|improve this answer























  • I tried with the above options in my case and noe of them worked...I think only Credssp at ansible config level is the solution.

    – srinivas
    Jun 10 at 7:41











  • Can you please let me know if I am miossing anything

    – srinivas
    Jun 10 at 7:42











  • it's not clear what you answered here. Please put more effort into making it clear.

    – asdmin
    Jun 10 at 11:54















0














system account will access only resource inside local system with highest privileges. How can it access another server in UNC.



And if we create Sch taks with a different user and run it from ansible....it is creating with ansible account and sch tasks doesn't run as "the option selected by default is RUN only when user logged in"






share|improve this answer























  • I tried with the above options in my case and noe of them worked...I think only Credssp at ansible config level is the solution.

    – srinivas
    Jun 10 at 7:41











  • Can you please let me know if I am miossing anything

    – srinivas
    Jun 10 at 7:42











  • it's not clear what you answered here. Please put more effort into making it clear.

    – asdmin
    Jun 10 at 11:54













0












0








0







system account will access only resource inside local system with highest privileges. How can it access another server in UNC.



And if we create Sch taks with a different user and run it from ansible....it is creating with ansible account and sch tasks doesn't run as "the option selected by default is RUN only when user logged in"






share|improve this answer













system account will access only resource inside local system with highest privileges. How can it access another server in UNC.



And if we create Sch taks with a different user and run it from ansible....it is creating with ansible account and sch tasks doesn't run as "the option selected by default is RUN only when user logged in"







share|improve this answer












share|improve this answer



share|improve this answer










answered Jun 10 at 7:41









srinivassrinivas

1




1












  • I tried with the above options in my case and noe of them worked...I think only Credssp at ansible config level is the solution.

    – srinivas
    Jun 10 at 7:41











  • Can you please let me know if I am miossing anything

    – srinivas
    Jun 10 at 7:42











  • it's not clear what you answered here. Please put more effort into making it clear.

    – asdmin
    Jun 10 at 11:54

















  • I tried with the above options in my case and noe of them worked...I think only Credssp at ansible config level is the solution.

    – srinivas
    Jun 10 at 7:41











  • Can you please let me know if I am miossing anything

    – srinivas
    Jun 10 at 7:42











  • it's not clear what you answered here. Please put more effort into making it clear.

    – asdmin
    Jun 10 at 11:54
















I tried with the above options in my case and noe of them worked...I think only Credssp at ansible config level is the solution.

– srinivas
Jun 10 at 7:41





I tried with the above options in my case and noe of them worked...I think only Credssp at ansible config level is the solution.

– srinivas
Jun 10 at 7:41













Can you please let me know if I am miossing anything

– srinivas
Jun 10 at 7:42





Can you please let me know if I am miossing anything

– srinivas
Jun 10 at 7:42













it's not clear what you answered here. Please put more effort into making it clear.

– asdmin
Jun 10 at 11:54





it's not clear what you answered here. Please put more effort into making it clear.

– asdmin
Jun 10 at 11:54

















draft saved

draft discarded
















































Thanks for contributing an answer to Server Fault!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f839761%2fhas-anyone-solved-the-double-hop-issue-with-ansible-and-windows-clients%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to write a 12-bar blues melodyI-IV-V blues progressionHow to play the bridges in a standard blues progressionHow does Gdim7 fit in C# minor?question on a certain chord progressionMusicology of Melody12 bar blues, spread rhythm: alternative to 6th chord to avoid finger stretchChord progressions/ Root key/ MelodiesHow to put chords (POP-EDM) under a given lead vocal melody (starting from a good knowledge in music theory)Are there “rules” for improvising with the minor pentatonic scale over 12-bar shuffle?Confusion about blues scale and chords

Image
Why is a set not a partition of itself? Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Labeling matrices/rectangles and drawing Sigma inside rectangle Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Missouri raptors have wild hairdos Can someone explain homicide-related death rates? Why is tomato paste so cheap? What are the implications of the new alleged key recovery attack preprint on SIMON? Effects of ~10atm pressure on engine design Is taking modulus on both sides of an equation valid? Jumping frame contents with beamer and pgfplots Are there any established rules for splitting books into parts, chapters, sections etc? Anatomically Correct Carnivorous Tree Why do I get two different answers when solvi...
Read more

Esgonzo ibérico Índice Descrición Distribución Hábitat Ameazas Notas Véxase tamén "Acerca dos nomes dos anfibios e réptiles galegos""Chalcides bedriagai"Chalcides bedriagai en Carrascal, L. M. Salvador, A. (Eds). Enciclopedia virtual de los vertebrados españoles. Museo Nacional de Ciencias Naturales, Madrid. España.Fotos

Image
escíncidospenínsula Ibéricaesgonzo comúnJacques von Bedriagaesgonzo comúndimorfismo sexualovovivíparaendémicaPenínsula IbéricaCordilleira CantábricaAsturiasPaís VascoGaliciaRías BaixasMurosCarnotaillas CíesOnsAtlánticoIllas CíesIlla de Onsilla do PesegueiroIlla de Sancti PetriMediterráneoMar MenorIlla de TabarcaGaliciaCantabriaBurgossolosdestrución do hábitatIUCN Abrir o menú principal Procurar Esgonzo ibérico Ler noutra lingua Vixiar esta páxina Editar function mfTempOpenSection(id)var block=document.getElementById("mf-section-"+id);block.className+=" open-block";block.previousSibling.className+=" open-block"; Esgonzo ibérico Estado de conservación Case ameazada Clasificaci...
Read more

Why did Thanos need his ship to help him in the battle scene?Which actor plays Thanos in the Avengers mid-credits scene?Are there economic implications portrayed in comics where the buildings and cities are ruined almost daily?Old X-Men comic where team travels to alien world with a ring-like sun that needs recharging?Why does Ego need help sleeping?Is there an objective answer to who “the strongest Avenger” is?How did Banner get unstuck?Why did Thanos get hit?How did Thanos (or anyone) know the Infinity Stones would give him this power?Did Thanos leave Eitri alive for his after-sales service?In Avengers 1, why does Thanos need Loki?

Image
German characters on US-International keyboard layout Why is tomato paste so cheap? what does a native speaker say when he wanted to leave his work? Can a tourist shoot a gun in the USA? Extracting sublists that contain similar elements Why does the headset man not get on the tractor? What kind of SATA connector is this? Help in identifying a mystery wall socket Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? Anatomically Correct Carnivorous Tree declared variable inside void setup is forgotten in void loop What is the largest number of identical satellites launched together? Automatically anti-predictably assemble an alliterative aria What information do scammers need to withdraw money from an account? Rounding a number extracted by jq to limit the decimal points Tikz draw contour without some edges, and fill What should a student do when they are the victim of a FERPA violation? How exactly does artific...
Read more