Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-11130

LogonAccount not working with MSSQLSERVER service

    XMLWordPrintable

Details

    • New Feature
    • Status: Accepted
    • Normal
    • Resolution: Unresolved
    • PUP 7.6.0
    • None
    • Windows
    • None
    • Monolithic
    • Other
    • Night's Watch
    • Needs Assessment

    Description

      Puppet Version: 7.6.0
      Puppet Server Version: 2021.1
      OS Name/Version: Primary RHEL8 & Agent(issues) Windows Server 2019

      The customer is having issues with running MSSQL service by passing `logonaccount` parameters. 

      Error: Failed to apply catalog: Parameter logonpassword failed on Service[MSSQLSERVER]: Failed to update service configuration: The account name is invalid or does not exist, or the password is invalid for the account name specified. (file: /etc/puppetlabs/code/modules/profiles/manifests/windows/mssql.pp, line: 32)

      The customer has tried to insert different combinations of LogonAccount (also trying to pass full path):

      1. PILOT\rma_sql_svc
      2. PILOT
      rma_sql_svc
      3. domain\rma_sql_svc
      4. domain
      rma_sql_svc
      6. rma_sql_svc@domain

      Code snippet:

      service {'MSSQLSERVER':
         logonaccount => 'pilot.usda.lab
      rma_sql_svc',
         logonpassword => 'Password1234', #sensitive
         ensure => 'running'}

      **The puppet service account was given both Domain administrator and local administrator rights and nothing has worked. 

       

      One of our engineers has managed to create a workaround and stated:

      "We added debug logs and the conclusion is that the error comes from Windows API and probably is caused by the way the MSSQLSERVER services are defined(maybe they are protected?), since we are not setting specifically the logon account on the respective API request."

       

      Desired Behavior: Run the MSSQL with a specific account. 

      Actual Behavior: Windows API and MSSQLSERVER possibly have different ways of communicating and setting the accounts, which means that the current implementation of LogonAccount won't work for this specific service. 

      Workaround applied: the direction was to use exec resource with unless parameter that will apply exec resource only if unless script return value is not 0.

       

      A bug was raised under: https://tickets.puppetlabs.com/browse/PUP-11121

      More information from the customer ticket: https://puppetlabs.zendesk.com/agent/tickets/44707

       

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              bartosz.blizniak Bartosz Blizniak
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Zendesk Support