When you try to connect through kerberos with a domain account on Ansible windows hosts, you may encounter the error that is shown below:
The configuration for the kerberos connection. is listed below, and you can find the steps on my previous article.
[all:vars] ansible_connection = winrm ansible_winrm_server_cert_validation = ignore ansible_port = 5985 ansible_user = domainUser ansible_password = password ansible_become_method= runas ansible_winrm_transport = kerberos
The problem occur while trying to connect with port 5985 unencrypted on the remote machine. To bypass the problem you could run on PowerShell the below command which allows an unencrypted connection through winrm protocol.
Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
Lastly you could try a test connection to verify the result.