Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users with % in Password Encounter 500 Errors #74

Closed
eagle-rr opened this issue Mar 19, 2021 · 2 comments
Closed

Users with % in Password Encounter 500 Errors #74

eagle-rr opened this issue Mar 19, 2021 · 2 comments

Comments

@eagle-rr
Copy link

When some users would run a job that winrm into a Windows server; they would receive:

[DEBUG ] handle_other(): Handling: 500 (kerberos_.py:315)[winrm.vendor.requests_kerberos.kerberos_]
[ERROR ] handle_other(): Mutual authentication unavailable on 500 response (kerberos_.py:339)[winrm.vendor.requests_kerberos.kerberos_]
[DEBUG ] handle_response(): returning <Response [500]> (kerberos_.py:428)[winrm.vendor.requests_kerberos.kerberos_]
[ERROR ] Execution finished with the following exit code: -1 (winrm-exec.py:316)[root]
[ERROR ] -1 (winrm-exec.py:317)[root]
[ERROR ] The parameter is incorrect. (extended fault data: {'transport_message': 'Bad HTTP response returned from server. Code 500', 'http_status_code': 500, 'wsmanfault_code': '87', 'fault_code': 's:Sender', 'fault_subcode': 'w:InvalidParameter'}) (winrm-exec.py:318)[root]
[WinRMPython]: result code: 255, success: false
Failed: NonZeroResultCode: [WinRMPython] Result code: 255

Project settings for the plugin are defined as:

project.plugin.NodeExecutor.WinRMPython.authtype=kerberos
project.plugin.NodeExecutor.WinRMPython.exitbehaviour=exitcode
project.plugin.NodeExecutor.WinRMPython.interpreter=/usr/bin/python3
project.plugin.NodeExecutor.WinRMPython.nossl=true
project.plugin.NodeExecutor.WinRMPython.operationtimeout=14400
project.plugin.NodeExecutor.WinRMPython.readtimeout=15400
project.plugin.NodeExecutor.WinRMPython.shell=cmd
project.plugin.NodeExecutor.WinRMPython.winrmport=5986
project.plugin.NodeExecutor.WinRMPython.winrmtransport=https
project.plugin.NodeExecutor.WinRMPython.interpreter=/usr/bin/python3

When testing a python script similar to:

import winrm 

s = winrm.Session('yourdomain ', 'transport='kerberos', auth=('user', 'password'), server_cert_validation='ignore')
r = s.run_cmd('ipconfig', ['/all'])

The user's connection (using same password and server as the Rundeck job) worked just fine.

Based on another person's suggestion that they ran into issues when the payload contained % character; I asked the user which special characters were they using in their password. They were indeed using % in their password. I asked them to change their password to not containing % character. After changing their password to not contain % character; they were able to successfully run the Rundeck job.

More details in the discussion here.
@MegaDrive68k
Copy link

Maybe related.

@ltamaster
Copy link
Contributor

fix with #77

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ltamaster @eagle-rr @MegaDrive68k