Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

winrm.exceptions.InvalidCredentialsError: the specified credentials were rejected by the server

See original GitHub issue

Hi, I tried many different approaches but still can’t login to my VM with extension:

Traceback (most recent call last):
  File "fast_deploy.py", line 57, in <module>
    r = win_session.run_cmd('ipconfig', ['/all'])
  File "/Users/yanik/workspace/safeqa/env-deploy/lib/python3.5/site-packages/winrm/__init__.py", line 37, in run_cmd
    shell_id = self.protocol.open_shell()
  File "/Users/yanik/workspace/safeqa/env-deploy/lib/python3.5/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/Users/yanik/workspace/safeqa/env-deploy/lib/python3.5/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/Users/yanik/workspace/safeqa/env-deploy/lib/python3.5/site-packages/winrm/transport.py", line 190, in send_message
    raise InvalidCredentialsError("the specified credentials were rejected by the server")
winrm.exceptions.InvalidCredentialsError: the specified credentials were rejected by the server

My command is very simple:

# windows session
win_session = winrm.Session(CML_IP, auth=(r'QA13S104\administartor', '111111'))
r = win_session.run_cmd('ipconfig', ['/all'])

But I also tried different approaches, from similar issue titles, nothing is working for me.

I have permission to execute commands on the machine for this user and my winrm config:

Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts = 10.0.*
    Service
        RootSDDL = O:NSG:BAD:P(A;;GAGX;;;BA)(A;;GXGR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = false
        Auth
            Basic = false
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 10
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 25
        MaxMemoryPerShellMB = 1024
        MaxShellsPerUser = 30

Issue Analytics

State:
Created 7 years ago
Comments:8

Top GitHub Comments

15reactions

yanik-aicommented, Feb 6, 2017

SOLVED

Not sure which config command worked, but it may be this one: winrm set winrm/config/service @{AllowUnencrypted="true"} (from cmd, not powershell)

And now I’m able to connect and execute commands like:

from winrm.protocol import Protocol

p = Protocol(
    endpoint='http://10.0.13.104:5985/wsman',
    transport='ntlm',
    username=r'administrator',
    password='secret',
    server_cert_validation='ignore')
shell_id = p.open_shell()
command_id = p.run_command(shell_id, 'ipconfig', ['/all'])
std_out, std_err, status_code = p.get_command_output(shell_id, command_id)
p.cleanup_command(shell_id, command_id)
print(std_out, status_code)
p.close_shell(shell_id)

Take care 😃

2reactions

jborean93commented, Feb 19, 2019

Please disregard the AllowUnencrypted=true, you should never do this. This library supports message encryption with ntlm, kerberos, and credssp as well as HTTPS support if you really want to use basic auth.