search

ansible-collections / microsoft.ad

Ansible collection for Active Directory management
GNU General Public License v3.0
39 stars 22 forks source link

microsoft.ad.domain fails with 'InstallDNS' not recognized error #84

Closed egorpavlikhin closed 10 months ago

egorpavlikhin commented 10 months ago
SUMMARY

microsoft.ad.domain task always fails with the error The specified argument 'InstallDNS' was not recognized. It seems that this issue has been fixed years back but somehow came back? InstallDNS is supposed to be with lowercase InstallDns. I checked the source file and it seems to be correct but somehow it still fails.

COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT

Controller: Ubuntu 22 Target: Windows Server 2019

STEPS TO REPRODUCE
- name: Ensure that domain exists
  microsoft.ad.domain:
    dns_domain_name: somedomain.local
    safe_mode_password: StrongPass123!
  register: check_domain
EXPECTED RESULTS

Expect the task to run and save the result

ACTUAL RESULTS
Using module file /home/egorp/.ansible/collections/ansible_collections/microsoft/ad/plugins/modules/domain.ps1
Pipelining is enabled.
<192.168.56.10> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5986 TO 192.168.56.10
EXEC (via pipeline wrapper)
The full traceback is:
The specified argument 'InstallDNS' was not recognized.

At line:164 char:16
+         $res = Install-ADDSForest @installParams
+                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Install-ADDSForest], DCPromoExecutionException
    + FullyQualifiedErrorId : DCPromo.General.77,Microsoft.DirectoryServices.Deployment.PowerShell.Commands.InstallADDSForestCommand

ScriptStackTrace:
at <ScriptBlock>, <No file>: line 164
fatal: [192.168.56.10]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "create_dns_delegation": null,
            "database_path": null,
            "dns_domain_name": "octopusadlab.local",
            "domain_mode": null,
            "domain_netbios_name": null,
            "forest_mode": null,
            "install_dns": false,
            "log_path": null,
            "reboot": false,
            "safe_mode_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "sysvol_path": null
        }
    },
    "msg": "Failed to install ADDSForest, DCPromo exited with 77: The specified argument 'InstallDNS' was not recognized.\r\n",
    "reboot_required": false
}
ISSUE TYPE
COMPONENT NAME

microsoft.ad.domain

ANSIBLE VERSION
ansible [core 2.15.6]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/egorp/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/egorp/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True
jborean93 commented 10 months ago

I think something else is problematic here, we use InstallDns not InstallDNS in the code https://github.com/ansible-collections/microsoft.ad/blob/38ae305e10bf92cf50f14cce954c2012b01222d7/plugins/modules/domain.ps1#L129

I think there's something else going wrong but unfortunately I was never able to replicate this error originally. Based on the error it seems like the module is calling DCPromo with the argument InstallDNS itself and the error back here is an error from DCPromo itself. We do not have any control over this as it's all internal in the module itself.

egorpavlikhin commented 10 months ago

I can confirm that this is related to something in Windows Server 2019 being broken. By the looks of it the powershell commands have drifted from the underlying DCPromo and nobody bothered to fix it. I tried to run the commands manually on a fresh machine but they still fail. Interestingly enough the command succeeds when called once but all subsequent executions fail.

jborean93 commented 10 months ago

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/troubleshoot-domain-controller-deployment does give some more details, I would see if you can view some of the log files to see if they shed some more light on the situation. I had a look at what the Install-ADDSForest cmdlet does and it calls a private API in dcpromocmd.dll with string arguments to replicate how it would be called in the command line. This is where the cmdlet is passed in InstallDNS but for whatever reason it is not validating it. Whether it's because the host is in some funky state or some other I'm not sure but without being able to replicate my hands are somewhat tied.

Hopefully the error logs might indicate what might be going wrong here or at least point us in a different direction.