Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8295

Group resource cannot resolve virtual account "NT Service\Servicename"

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:

      Windows Server 2012 R2 that has services with Log On As Virtual accounts (NT Service\servicename).

    • Template:
      PUP Bug Template
    • Team:
      Windows
    • Sprint:
      Windows 2019-02-20
    • Method Found:
      Needs Assessment
    • CS Priority:
      Major
    • CS Frequency:
      3 - 25-50% of Customers
    • CS Severity:
      3 - Serious
    • CS Business Value:
      5 - $$$$$$
    • CS Impact:
      Hide
      This impacts all Azure SQL machines with SQLIaaSExtension enabled as the the virtual account is added to Administrators group by default. Therefore, any attempt to add new user to local administrators group will fail.

      This prevents the use of the group resource on all windows machines which ave virtual accounts.
      Show
      This impacts all Azure SQL machines with SQLIaaSExtension enabled as the the virtual account is added to Administrators group by default. Therefore, any attempt to add new user to local administrators group will fail. This prevents the use of the group resource on all windows machines which ave virtual accounts.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Note: the issue does not occur if the service has run at least once within machine up time, regardless whether it is stopped or disabled after that.

      Steps to reproduce:

      1. Disable service that run as NT Service\servicename (e.q. NT Service\SqlIaaSExtension)
      2. Reboot machine
      3. Create new group with NT Service\SqlIaaSExtension as member

        group { 'testgroup123':
         name => 'testgroup123',
         ensure => present,
         members => ['NT Service\SQLIaaSExtension'],
        }
        

      4. Puppet run throws error below

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              halim.wijaya Halim Wijaya
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support