Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-11130

LogonAccount not working with MSSQLSERVER service



    • New Feature
    • Status: Accepted
    • Normal
    • Resolution: Unresolved
    • PUP 7.6.0
    • None
    • Windows
    • None
    • Monolithic
    • Other
    • Night's Watch
    • Needs Assessment


      Puppet Version: 7.6.0
      Puppet Server Version: 2021.1
      OS Name/Version: Primary RHEL8 & Agent(issues) Windows Server 2019

      The customer is having issues with running MSSQL service by passing `logonaccount` parameters. 

      Error: Failed to apply catalog: Parameter logonpassword failed on Service[MSSQLSERVER]: Failed to update service configuration: The account name is invalid or does not exist, or the password is invalid for the account name specified. (file: /etc/puppetlabs/code/modules/profiles/manifests/windows/mssql.pp, line: 32)

      The customer has tried to insert different combinations of LogonAccount (also trying to pass full path):

      1. PILOT\rma_sql_svc
      2. PILOT
      3. domain\rma_sql_svc
      4. domain
      6. rma_sql_svc@domain

      Code snippet:

      service {'MSSQLSERVER':
         logonaccount => 'pilot.usda.lab
         logonpassword => 'Password1234', #sensitive
         ensure => 'running'}

      **The puppet service account was given both Domain administrator and local administrator rights and nothing has worked. 


      One of our engineers has managed to create a workaround and stated:

      "We added debug logs and the conclusion is that the error comes from Windows API and probably is caused by the way the MSSQLSERVER services are defined(maybe they are protected?), since we are not setting specifically the logon account on the respective API request."


      Desired Behavior: Run the MSSQL with a specific account. 

      Actual Behavior: Windows API and MSSQLSERVER possibly have different ways of communicating and setting the accounts, which means that the current implementation of LogonAccount won't work for this specific service. 

      Workaround applied: the direction was to use exec resource with unless parameter that will apply exec resource only if unless script return value is not 0.


      A bug was raised under: https://tickets.puppetlabs.com/browse/PUP-11121

      More information from the customer ticket: https://puppetlabs.zendesk.com/agent/tickets/44707



        Issue Links



              Unassigned Unassigned
              bartosz.blizniak Bartosz Blizniak
              0 Vote for this issue
              3 Start watching this issue



                Zendesk Support