ansible win_command fails but works when command run manually

Question

I'm trying to run New-WdsClient PowerShell cmdlet or wdsutil /add-device, I don't really care which one gets used in the end, so long as it works.

When I run 'wdsutil.exe /add-device /device:new_client /id:aabbccddeeff /BootImagePath:"Boot\x64\Images\boot-(6).wim" ' it works, when I run the same from Ansible I get "stdout_lines": [ "", "Windows Deployment Services Management Utility [Version 10.0.14393.0]", "© 2016 Microsoft Corporation. All rights reserved.", "", "", "An error occurred while trying to execute the command.", "Error Code: 0xC103013A", "Error Description: The specified server name is invalid or does not exist in the directory service.", ""

I'm completely stumped.

The Ansible role is just: - name: Pre Stage WDS Client win_command: powershell.exe - args: stdin: 'wdsutil.exe /add-device /device:{{ var_wds_client_name }} /id:{{ var_wds_client_mac }} /BootImagePath:"Boot\x64\Images\boot-(6).wim"'

Using New-WdsClient I don't even get this far...

Any ideas?

-- EDIT 1 --

When I run the win_whoami as adhoc it works: ansible wds-server --become --become-method runas --become-user DOMAIN\Administrator --module-name win_whoami 2> /dev/null| egrep "SeDebug|High" "account_name": "High Mandatory Level", "account_name": "High Mandatory Level", "SeDebugPrivilege": "enabled"

When I run wdsutil as adhoc like: ansible wds-server --become --become-method runas --become-user DOMAIN\Administrator --module-name win_command -a "wdsutil.exe /add-device /device:client /id:0001a5a0c267 /BootImagePath:Boot\x64\Images\boot-(6).wim" I get:

Windows Deployment Services Management Utility [Version 10.0.14393.0] © 2016 Microsoft Corporation. All rights reserved.

An error occurred while trying to execute the command. Error Code: 0xC103013A Error Description: The specified server name is invalid or does not exist in the directory service.

non-zero return code

Answer 1

This is a guess, as I don't have a Windows WDS deployment handy to perform tests.

I believe the task is not running via Ansible due to lack of elevated privileges that wdsutil requires, according to Microsoft Docs. You may need to use the become keyword for the task to work:

- name: Pre Stage WDS Client
  win_command: powershell.exe -
  args:
    stdin: 'wdsutil.exe /add-device /device:{{ var_wds_client_name }} /id:{{ var_wds_client_mac }} /BootImagePath:"Boot\x64\Images\boot-(6).wim"'
  become: yes
  become_method: runas

Or, alternatively, invoking wdsutil directly:

- name: Pre Stage WDS Client
  win_command: 'wdsutil.exe /add-device /device:{{ var_wds_client_name }} /id:{{ var_wds_client_mac }} /BootImagePath:"Boot\x64\Images\boot-(6).wim"'
  become: yes
  become_method: runas

---

Check whether administrative rights are granted to Ansible by using the ad-hoc call below:

$ ansible windows_wds_server --become --become-method runas --module-name win_whoami 

The return JSON object should have privileges.SeDebugPrivilege attribute set to enabled.

Reference: https://docs.ansible.com/ansible/latest/user_guide/become.html#administrative-rights

Answer 2

First up, apologies all.

The Ansible serve is a RHEL box and it is actually talking to an intermediate Windows box which then talks to the WDS server.

One of my collegues found this link which solved this problem for us.

Thanks all for the suggestions.