xPSDesiredStateConfiguration icon indicating copy to clipboard operation
xPSDesiredStateConfiguration copied to clipboard
verified publisher icon dsccommunity

xService - doesn't restart running service after Credential Change

Open rdavisunr opened this issue 6 years ago • 3 comments

Details of the scenario you tried and the problem that is occurring

When using xService to change the credentials of an existing, running service. The credentials are changed successfully, but the service does not restart. Thus, it continues to run under the context it was running under prior to applying DSC. Thus, it is not in the desired state,

Verbose logs showing the problem

VERBOSE: [DC]: LCM:  [ Start  Resource ]  [[xService]RunOctopusAs]
VERBOSE: [DC]: LCM:  [ Start  Test     ]  [[xService]RunOctopusAs]
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Importing the module MSFT_xServiceResource in force mode.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Service OctopusDeploy Tentacle exists.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Perform operation 'Query CimInstances' with following parameters, ''queryExpression' = SELECT * FROM Win32_Service WHERE Name='OctopusDeploy Tentacle','queryDialect' = WQL,'namespaceName' = root\cimv2'.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Operation 'QueryCimInstances' complete.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Service OctopusDeploy Tentacle exists.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] The start name of service OctopusDeploy Tentacle does not match the expected username from the given credential. The expected value is someDomain\someDomainUser. The actual value is LocalSystem.
VERBOSE: [DC]: LCM:  [ End    Test     ]  [[xService]RunOctopusAs]  in 0.3220 seconds.
VERBOSE: [DC]: LCM:  [ Start  Set      ]  [[xService]RunOctopusAs]
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Importing the module MSFT_xServiceResource in force mode.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Editing the properties of service OctopusDeploy Tentacle...
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Perform operation 'Query CimInstances' with following parameters, ''queryExpression' = SELECT * FROM Win32_Service WHERE Name='OctopusDeploy Tentacle','queryDialect' = WQL,'namespaceName' = root\cimv2'.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Operation 'Query CimInstances' complete.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Perform operation 'Query CimInstances' with following parameters, ''queryExpression' = SELECT * FROM Win32_Service WHERE Name='OctopusDeploy Tentacle','queryDialect' = WQL,'namespaceName' = root\cimv2'.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Operation 'Query CimInstances' complete.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Perform operation 'Invoke CimMethod' with following parameters, ''instance' = Win32_Service: OctopusDeploy Tentacle (Name = "OctopusDeploy Tentacle"),'methodName' = Change,'namespaceName' = root/cimv2'.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Operation 'Invoke CimMethod' complete.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Perform operation 'Query CimInstances' with following parameters, ''queryExpression' = SELECT * FROM Win32_Service WHERE Name='OctopusDeploy Tentacle','queryDialect' = WQL,'namespaceName' = root\cimv2'.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] Operation 'Query CimInstances' complete.
VERBOSE: [DC]:                            [[xService]RunOctopusAs] The start mode of service OctopusDeploy Tentacle matches the expected start mode.
VERBOSE: [DC]: LCM:  [ End    Set      ]  [[xService]RunOctopusAs]  in 0.8470 seconds.
VERBOSE: [DC]: LCM:  [ End    Resource ]  [[xService]RunOctopusAs]

Suggested solution to the issue

Restart running services after credential changes.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

xService RunOctopusAs
{
    Name = "OctopusDeploy Tentacle"
    Credential = $SomeCreds
    StartupType = "Automatic"
    State = "Running"
}

The operating system the target node is running

OsName               : Microsoft Windows Server 2016 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.3024.amd64fre.rs1_release.190530-2002
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

5.1.14393.2969 10.0.14393.2969

Version of the DSC module that was used ('dev' if using current dev branch)

8.1.0.0

rdavisunr avatar Aug 09 '19 19:08 rdavisunr

I ended up using a script resource to make this work, but definitely not ideal. Can anyone from the team comment on this issue?

rdavisunr avatar Aug 19 '19 15:08 rdavisunr

Sorry for the delay. Yes you're right, your config should enforce the service to be running with that credential, so probably best for the resource to restart the service at that point in time, BUT...

Was your new credential using the same Username? If so, the problem is that I don't think we'd have a way to test whether the password is new or not. Without looking at the code, that could be your problem.

Could you please let me know if it was the same username or a different one in your $Credential data?

gaelcolas avatar Sep 06 '19 12:09 gaelcolas

@gaelcolas - in this case, I was changing the credential from running as LocalSystem to a domain user. So, different username.

Here's the relevant part from the DSC log above:

The start name of service OctopusDeploy Tentacle does not match the expected username from the given credential. The expected value is someDomain\someDomainUser. The actual value is LocalSystem.

rdavisunr avatar Sep 06 '19 17:09 rdavisunr