WinRM 协商获得 200 而不是 401

WinRM Negotiate get 200 instead of 401

我正在 Rails 应用程序上开发 Ruby,该应用程序使用 WinRM 库访问远程 Windows 服务器。提供的传输是 :negotiate,它将与远程服务器协商身份验证。

问题是 WinRM 库需要 401 HTTP 状态代码,以便它可以发送更多数据以进行身份​​验证。但是,返回 200 HTTP 状态码,协商失败。

回溯是:

NoMethodError: undefined method `split' for nil:NilClass
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/http/transport.rb:226:in `init_auth'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/http/transport.rb:166:in `send_request'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/winrm_service.rb:489:in `send_message'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/winrm_service.rb:390:in `run_wql'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/command_executor.rb:186:in `os_version'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/command_executor.rb:145:in `code_page'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/command_executor.rb:72:in `block in open'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/command_executor.rb:218:in `retryable'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/winrm-1.7.3/lib/winrm/command_executor.rb:71:in `open'
    from (irb):20
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/railties-4.2.1/lib/rails/commands/console.rb:110:in `start'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/railties-4.2.1/lib/rails/commands/console.rb:9:in `start'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/railties-4.2.1/lib/rails/commands/commands_tasks.rb:68:in `console'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/railties-4.2.1/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
    from /home/cobalt/.rvm/gems/ruby-2.2.2/gems/railties-4.2.1/lib/rails/commands.rb:17:in `<top (required)>'
    from bin/rails:4:in `require'
    from bin/rails:4:in `<main>'2.2.2 :021 >

TCP 转储显示以下包交换

 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:04:08.372376 IP d8b5d56cba65.53166 > pokcpeusap02.corp.absc.local.wsman: Flags [S], seq 2899844066, win 29200, options [mss 1460,sackOK,TS val 1316187676 ecr 0,nop,wscale 7], length 0
        0x0000:  4500 003c 75fe 4000 4006 d486 0400 0005  E..<u.@.@.......
        0x0010:  0acd e165 cfae 1761 acd8 1be2 0000 0000  ...e...a........
        0x0020:  a002 7210 f065 0000 0204 05b4 0402 080a  ..r..e..........
        0x0030:  4e73 6e1c 0000 0000 0103 0307            Nsn.........
12:04:08.421019 IP pokcpeusap02.corp.absc.local.wsman > d8b5d56cba65.53166: Flags [S.], seq 3702856093, ack 2899844067, win 8192, options [mss 1351,nop,wscale 8,sackOK,TS val 79780711 ecr 1316187676],
 length 0
        0x0000:  4500 003c 7f04 4000 7d06 8e80 0acd e165  E..<..@.}......e
        0x0010:  0400 0005 1761 cfae dcb5 199d acd8 1be3  .....a..........
        0x0020:  a012 2000 754e 0000 0204 0547 0103 0308  ....uN.....G....
        0x0030:  0402 080a 04c1 5b67 4e73 6e1c            ......[gNsn.
12:04:08.421047 IP d8b5d56cba65.53166 > pokcpeusap02.corp.absc.local.wsman: Flags [.], ack 1, win 229, options [nop,nop,TS val 1316187725 ecr 79780711], length 0
        0x0000:  4500 0034 75ff 4000 4006 d48d 0400 0005  E..4u.@.@.......
        0x0010:  0acd e165 cfae 1761 acd8 1be3 dcb5 199e  ...e...a........
        0x0020:  8010 00e5 f05d 0000 0101 080a 4e73 6e4d  .....]......NsnM
        0x0030:  04c1 5b67                                ..[g
12:04:08.421368 IP d8b5d56cba65.53166 > pokcpeusap02.corp.absc.local.wsman: Flags [P.], seq 1:340, ack 1, win 229, options [nop,nop,TS val 1316187725 ecr 79780711], length 339
        0x0000:  4500 0187 7600 4000 4006 d339 0400 0005  E...v.@.@..9....
        0x0010:  0acd e165 cfae 1761 acd8 1be3 dcb5 199e  ...e...a........
        0x0020:  8018 00e5 f1b0 0000 0101 080a 4e73 6e4d  ............NsnM
        0x0030:  04c1 5b67 504f 5354 202f 7773 6d61 6e20  ..[gPOST./wsman.
        0x0040:  4854 5450 2f31 2e31 0d0a 4175 7468 6f72  HTTP/1.1..Author
        0x0050:  697a 6174 696f 6e3a 204e 6567 6f74 6961  ization:.Negotia
        0x0060:  7465 2054 6c52 4d54 564e 5455 4141 4241  te.TlRMTVNTUAABA
        0x0070:  4141 414e 3449 4934 4151 4142 4141 6741  AAAN4II4AQABAAgA
        0x0080:  4141 4141 4141 4141 4351 4141 4142 4462  AAAAAAAACQAAABDb
        0x0090:  334a 775a 4468 694e 5751 314e 6d4e 6959  3JwZDhiNWQ1NmNiY
        0x00a0:  5459 310d 0a43 6f6e 7465 6e74 2d54 7970  TY1..Content-Typ
        0x00b0:  653a 2061 7070 6c69 6361 7469 6f6e 2f73  e:.application/s
        0x00c0:  6f61 702b 786d 6c3b 6368 6172 7365 743d  oap+xml;charset=
        0x00d0:  5554 462d 380d 0a55 7365 722d 4167 656e  UTF-8..User-Agen
        0x00e0:  743a 2052 7562 7920 5769 6e52 4d20 436c  t:.Ruby.WinRM.Cl
        0x00f0:  6965 6e74 2028 322e 372e 312c 2072 7562  ient.(2.7.1,.rub
        0x0100:  7920 322e 322e 3220 2832 3031 352d 3034  y.2.2.2.(2015-04
        0x0110:  2d31 3329 290d 0a41 6363 6570 743a 202a  -13))..Accept:.*
        0x0120:  2f2a 0d0a 4461 7465 3a20 5475 652c 2030  /*..Date:.Tue,.0
        0x0130:  3720 4d61 7220 3230 3137 2031 323a 3034  7.Mar.2017.12:04
        0x0140:  3a30 3820 474d 540d 0a43 6f6e 7465 6e74  :08.GMT..Content
        0x0150:  2d4c 656e 6774 683a 2030 0d0a 486f 7374  -Length:.0..Host
        0x0160:  3a20 706f 6b63 7065 7573 6170 3032 2e63  :.pokcpeusap02.c
        0x0170:  6f72 702e 6162 7363 2e6c 6f63 616c 3a35  orp.absc.local:5
        0x0180:  3938 350d 0a0d 0a                        985....
12:04:08.516497 IP pokcpeusap02.corp.absc.local.wsman > d8b5d56cba65.53166: Flags [P.], seq 1:39, ack 340, win 256, options [nop,nop,TS val 79780721 ecr 1316187725], length 38
        0x0000:  4500 005a 7f05 4000 7d06 8e61 0acd e165  E..Z..@.}..a...e
        0x0010:  0400 0005 1761 cfae dcb5 199e acd8 1d36  .....a.........6
        0x0020:  8018 0100 11f4 0000 0101 080a 04c1 5b71  ..............[q
        0x0030:  4e73 6e4d 4854 5450 2f31 2e31 2032 3030  NsnMHTTP/1.1.200
        0x0040:  204f 4b0d 0a43 6f6e 7465 6e74 2d4c 656e  .OK..Content-Len
        0x0050:  6774 683a 2030 0d0a 0d0a                 gth:.0....
12:04:08.516541 IP d8b5d56cba65.53166 > pokcpeusap02.corp.absc.local.wsman: Flags [.], ack 39, win 229, options [nop,nop,TS val 1316187821 ecr 79780721], length 0
        0x0000:  4500 0034 7601 4000 4006 d48b 0400 0005  E..4v.@.@.......
        0x0010:  0acd e165 cfae 1761 acd8 1d36 dcb5 19c4  ...e...a...6....
        0x0020:  8010 00e5 f05d 0000 0101 080a 4e73 6ead  .....]......Nsn.
        0x0030:  04c1 5b71                                ..[q

会是什么问题?为什么我没有收到 401 HTTP 状态代码?

我设法找到了问题的根本原因。原来有另一个服务而不是 WinRM 服务正在侦听端口 5985。因此,当请求发送到该端口时,该服务响应需要基本身份验证和状态代码 200。启动 WinRM 服务后问题得到修复并让它在端口 5985 上监听。

详细分析见Ruby WinRM undefined method `split' for nil:NilClass。这真是一个很好的教训。有时问题很简单很愚蠢,但要找出问题却很费力。