search

PowerShell / PSDscResources

MIT License
129 stars 54 forks source link

Service: Username mismatch (Domain replaced with '.') #181

Closed considerITman closed 4 years ago

considerITman commented 4 years ago

Details of the scenario you tried and the problem that is occurring

I'm trying to ensure the tracing service to be in running state with the right identity. I'm passing a service-user in the Credential parameter. The resource fails with a user name mismatch. The user name it's trying to compare with is wrong - the Domainname is replaced with a '.' and there is another '.' appended to the user name:

{"time": "2020-03-18T09:09:24.821+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] User name for service 'SPTraceV4' is 'DOMAIN\\SP-Services'. It does not match '.\\SP-Services.'"},

I checked the MOF file and the user name is correct inside the credential instance:

instance of MSFT_Credential as $MSFT_Credential21ref
{
    Password = "-----BEGIN CMS----- XYZ -----END CMS-----";
    UserName = "DOMAIN\\SP-Services";
};

instance of MSFT_ServiceResource as $MSFT_ServiceResource2ref
{
    ResourceID = "[Service]SharePointTracing";
    State = "Running";
    Credential = $MSFT_Credential21ref;
    Ensure = "Present";
    SourceInfo = "ConfigurationXYZ.ps1::942::9::Service";
    Name = "SPTraceV4";
    StartupType = "Automatic";
    ModuleName = "PsDesiredStateConfiguration";
    ModuleVersion = "0.0";
    DependsOn = {
        "[SPFarm]SharePointFarm"};
    ConfigurationName = "ConfigurationXYZ";
};

Verbose logs showing the problem

{"time": "2020-03-18T09:09:24.593+01:00", "type": "verbose", "message": "[SERVER]: LCM:  [ Start  Resource ]  [[Service]SharePointTracing]  "},
{"time": "2020-03-18T09:09:24.609+01:00", "type": "verbose", "message": "[SERVER]: LCM:  [ Start  Test     ]  [[Service]SharePointTracing]  "},
{"time": "2020-03-18T09:09:24.625+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] Perform operation 'Query CimInstances' with following parameters, ''queryExpression' = SELECT * FROM Win32_Service WHERE Name='SPTraceV4','queryDialect' = WQL,'namespaceName' = root\\cimv2'."},
{"time": "2020-03-18T09:09:24.821+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] Operation 'Query CimInstances' complete."},
{"time": "2020-03-18T09:09:24.821+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] User name for service 'SPTraceV4' is 'DOMAIN\\SP-Services'. It does not match '.\\SP-Services.'"},
{"time": "2020-03-18T09:09:24.837+01:00", "type": "verbose", "message": "[SERVER]: LCM:  [ End    Test     ]  [[Service]SharePointTracing]  in 0.2280 seconds."},
{"time": "2020-03-18T09:09:24.837+01:00", "type": "verbose", "message": "[SERVER]: LCM:  [ Start  Set      ]  [[Service]SharePointTracing]  "},
{"time": "2020-03-18T09:09:24.837+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] Service 'SPTraceV4' already exists. Write properties such as Status, DisplayName, Description, Dependencies will be ignored for existing services."},
{"time": "2020-03-18T09:09:24.837+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] Perform operation 'Query CimInstances' with following parameters, ''queryExpression' = SELECT * FROM Win32_Service WHERE Name='SPTraceV4','queryDialect' = WQL,'namespaceName' = root\\cimv2'."},
{"time": "2020-03-18T09:09:25.040+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] Operation 'Query CimInstances' complete."},
{"time": "2020-03-18T09:09:25.040+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] Perform operation 'Invoke CimMethod' with following parameters, ''instance' = Win32_Service: SharePoint Tracing Service (Name = \"SPTraceV4\"),'methodName' = Change,'namespaceName' = root/cimv2'."},
{"time": "2020-03-18T09:09:25.056+01:00", "type": "verbose", "message": "[SERVER]:                            [[Service]SharePointTracing] Operation 'Invoke CimMethod' complete."},
{"time": "2020-03-18T09:09:25.071+01:00", "type": "verbose", "message": "[SERVER]: LCM:  [ End    Set      ]  [[Service]SharePointTracing]  in 0.2350 seconds."},
{"time": "2020-03-18T09:09:25.071+01:00", "type": "error", "message": "PowerShell DSC resource MSFT_ServiceResource  failed to execute Set-TargetResource functionality with error message: Failed to change 'Credential' property. Message: 'The 'Change' method of 'Win32_Service' failed with error code: '22'.' "},

Suggested solution to the issue

N/A

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# $ServiceAccount is populated ealier
Service SharePointTracing {
            Name        = "SPTraceV4"
            StartupType = "Automatic"  
            State       = "Running"
            Ensure      = "Present" 
            Credential  = $ServiceAccount
            DependsOn   = "[SPFarm]SharePointFarm"
        }

The operating system the target node is running

OsName : Microsoft Windows Server 2016 Standard OsOperatingSystemSKU : StandardServerEdition OsArchitecture : 64-bit WindowsBuildLabEx : 14393.3503.amd64fre.rs1_release.200131-0410 OsLanguage : en-US OsMuiLanguages : {en-US}

Version and build of PowerShell the target node is running

PSVersion 5.1.14393.3471 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.14393.3471 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

1.1

considerITman commented 4 years ago

Update I tried commenting out the Service Block and I get the same error. I verified that the SPTraceV4 Service does not appear in the MOF file.

I've cross posted this in SharePoint DSC.

PlagueHO commented 4 years ago

Hi @considerITman

I've just noticed that the resource your config is using the Service resource in the inbox PSDesiredStateConfiguration resource module. Those are the ones that come with Windows and are much older than this one. Can you instead use the Service resource in this module: PSDscResources

PSDscResources is a replacement for the Inbox resources. It is supported. There is also a community version of this module (xPSDesiredStateConfiguration) that would also work but may differ in function from the PSDscResources module.

considerITman commented 4 years ago

Hi @PlagueHO,

thanks for your answer! I used the community version and it works like a charm!