search

NetDocuments-Archive / ad-join-cookbook

Chef cookbook to join windows computer to AD
Apache License 2.0
14 stars 12 forks source link

Wont run if powershell is in non interactive mode #17

Closed spuder closed 7 years ago

spuder commented 7 years ago

For reasons I don't fully understand, some vms fail to join domain because of powershell non interactive mode.

What is that and how do you disable it? Do I need to bootstrap with --winrm-shell powershell https://discourse.chef.io/t/knife-winrm-chef-client-yields-no-output/9740/7

10.254.120.189 ================================================================================
10.254.120.189 Error executing action `run` on resource 'powershell_script[ad-join]'
10.254.120.189 ================================================================================
10.254.120.189
10.254.120.189 Mixlib::ShellOut::ShellCommandFailed
10.254.120.189 ------------------------------------
10.254.120.189 Expected process to exit with [0], but received '1'
10.254.120.189 ---- Begin output of "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None -File "C:/Users/vagrant/AppData/Local/Temp/chef-script20161102-2400-erdtvt.ps1" ----
10.254.120.189 STDOUT: Renaming computer from  to spencer-bootstrap
10.254.120.189 STDERR: C:\Users\vagrant\AppData\Local\Temp\chef-script20161102-2400-erdtvt.ps1 :
10.254.120.189 Windows PowerShell is in NonInteractive mode. Read and Prompt functionality is
10.254.120.189 not available.
10.254.120.189     + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorExcep
10.254.120.189    tion
10.254.120.189     + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio
10.254.120.189    n,chef-script20161102-2400-erdtvt.ps1
10.254.120.189 ---- End output of "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None -File "C:/Users/vagrant/AppData/Local/Temp/chef-script20161102-2400-erdtvt.ps1" ----
10.254.120.189 Ran "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None -File "C:/Users/vagrant/AppData/Local/Temp/chef-script20161102-2400-erdtvt.ps1" returned 1
10.254.120.189
10.254.120.189 Resource Declaration:
10.254.120.189 ---------------------
10.254.120.189 # In c:/chef/cache/cookbooks/ad-join/resources/domain_join.rb
10.254.120.189
10.254.120.189  77:     powershell_script 'ad-join' do
10.254.120.189  78:       code <<-EOH
10.254.120.189  79:       $adminname = "#{domain}\\#{domain_user}"
10.254.120.189  80:       $password = '#{domain_password}' | ConvertTo-SecureString -asPlainText -Force
10.254.120.189  81:       $credential = New-Object System.Management.Automation.PSCredential($adminname,$password)
10.254.120.189  82:
10.254.120.189  83:       if ( '#{newcomputername}' -eq $(hostname) ) {
10.254.120.189  84:         Write-Host "Skipping computer rename since already named: #{newcomputername}"
10.254.120.189  85:       }
10.254.120.189  86:       else {
10.254.120.189  87:         Write-Host "Renaming computer from $($hostname) to #{newcomputername}"
10.254.120.189  88:         Rename-Computer -NewName '#{newcomputername}'
10.254.120.189  89:       }
10.254.120.189  90:       sleep 5
10.254.120.189  91:       Add-computer -DomainName #{domain} #{ou.nil? ? '' : '-OUPath "' + ou + '"'} #{server.nil? ? '' : '-Server "' + server + '"'} -Credential $credential -force -Options JoinWithNewName,AccountCreate -PassThru #-Restart
10.254.120.189  92:
10.254.120.189  93:       # Old way, somtimes Domain controller busy error occured
10.254.120.189  94:       # Add-Computer  #{newcomputername} -DomainName #{domain} -OUPath #{ou} -Credential $credential -Restart -PassThru
10.254.120.189  95:       # Add-Computer -ComputerName Server01 -LocalCredential Server01\Admin01 -DomainName Domain02 -Credential Domain02\Admin02 -Restart -Force
10.254.120.189  96:       EOH
10.254.120.189  97:       only_if { node['kernel']['cs_info']['domain_role'].to_i == 0 || node['kernel']['cs_info']['domain_role'].to_i == 2 }
10.254.120.189  98:       notifies :reboot_now, 'reboot[Restart Computer]', :immediately
10.254.120.189  99:     end
10.254.120.189 100:
10.254.120.189
spuder commented 7 years ago

The powershell --NonInteractive isn't a problem

http://serverfault.com/questions/642789/how-to-force-powershell-to-not-allow-an-interactive-command-window

bootstrapped again using --winrm-shell powershell with same result.

Pretty sure this is because the vm has different local credentials.