search

dsccommunity / SqlServerDsc

This module contains DSC resources for deployment and configuration of Microsoft SQL Server.
MIT License
359 stars 224 forks source link

SqlSetup: Problem doing cluster install when SourePath is an UNC path #408

Open johlju opened 7 years ago

johlju commented 7 years ago

Details of the scenario you try and problem that is occurring: This is a problem when SourcePath is an UNC share when doing cluster install.

Three scenarios I tried to get cluster install. Credentials parameters involved SetupCredential, SourceCredential and PsDscRunAsCredential. Only Scenario 3 worked.

Scenario 1.

Using only parameter SetupCredential. It is not allow to access the UNC path becuase it is running as SYSTEM.

VERBOSE: [SQLTEST4]:                            [[xSQLServerSetup]InstallSQL2014Instance] 2017-02-26_10-27-07: Using path: \\fileserver.company.local\images\SQL2014SP1-ENT\setup.exe
Access is denied

Scenario 2.

Using both parameter PsDscRunAsCredential, to access the UNC share, and parameter SetupCredential, because the setup.exe process is started using these credentials. But those credential in PsDscRunAsCredential did not have rights (to impersonate) so the setup.exe process could start and failed with error "The process could not be created. Create process as user error #1314".

VERBOSE: [SQLTEST4]: LCM:  [ End    Set      ]  [[xSQLServerSetup]InstallSQL2014Instance]  in 2.2910 seconds.
PowerShell DSC resource MSFT_xSQLServerSetup  failed to execute Set-TargetResource functionality with error message: Exception calling "CreateProcessAsUser" with "4" argument(s): "The process could not be created. Create process as user error #1314" 
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : sqltest4.company.local

It is a guess that is the rights that are the problem, but if it is there might be a workaround to give those permissions, see this article http://stackoverflow.com/questions/1475577/createprocessasuser-error-1314.

Scenario 3.

Using both parameter SourceCredential, to copy media locally, and parameter `SetupCredential, because the setup.exe process is started using these credentials. This scenario worked!

VERBOSE: [SQLTEST4]:                            [[xSQLServerSetup]InstallSQL2014Instance] 2017-02-26_10-47-30: Process matching path 'C:\Windows\TEMP\SQL2014SP1-ENT\setup.exe' started in process ID 7024

The DSC configuration that is using the resource (as detailed as possible): Configuration from working scenario 3.

xSQLServerSetup $resourceConfigName
{
    Action = 'InstallFailoverCluster'
    ForceReboot = $false

    SourcePath = '\\fileserver.company.local\images\SQL2014SP1-ENT'
    UpdateEnabled = 'False'

    SetupCredential = $SqlInstallCredential
    SourceCredential = $SqlInstallCredential

    InstanceName = 'SQL2014'
    Features = 'SQLENGINE,SSMS,ADV_SSMS'

    InstallSharedDir = 'C:\Program Files\Microsoft SQL Server'
    InstallSharedWOWDir = 'C:\Program Files (x86)\Microsoft SQL Server'
    InstanceDir = 'C:\Program Files\Microsoft SQL Server'

    SQLCollation = 'Finnish_Swedish_CI_AS'
    SQLSvcAccount = $SqlServiceCredential
    AgtSvcAccount = $SqlAgentServiceCredential
    SQLSysAdminAccounts = 'COMPANY\SQL Administrators', $SqlAdministratorCredential.UserName

    InstallSQLDataDir = 'G:\MSSQL\Data'
    SQLUserDBDir = 'E:\MSSQL\Data'
    SQLUserDBLogDir = 'F:\MSSQL\Log'
    SQLTempDBDir = 'H:\MSSQL\Temp'
    SQLTempDBLogDir = 'H:\MSSQL\Temp'
    SQLBackupDir = 'I:\MSSQL\Backup'

    FailoverClusterNetworkName = 'TESTCLU01'
    FailoverClusterIPAddress = '192.168.0.10'
    FailoverClusterGroupName = 'TESTCLU01A'

    DependsOn = '[WindowsFeature]NetFramework35','[WindowsFeature]NetFramework45'
}

Version of the Operating System, SQL Server and PowerShell the DSC Target Node is running: Windows Server 2016, SQL Server 2014, PowerShell 5.0

Version of the DSC module you're using, or 'dev' if you're using current dev branch: Dev

johlju commented 7 years ago

I hope when #405 is solved this will be solved as well.

johlju commented 7 years ago

Scenario 2 could have been resolved with higher rights.

If both PsDscRunAsCredential and SetupCredential is assigned credentials, then the credentials assigned to PsDscRunAsCredential must have the access right 'Replace a process level token'.

If this access right 'Replace a process level token' is not set, starting the process will fail with the following error message.

Exception calling "CreateProcessAsUser" with "5" argument(s): "Create process as user error #1314".
johlju commented 7 years ago

Now there is a new scenario with PR #578 that should be made to work.

Scenarion 4.

Using both parameters PsDscRunAsCredential and SourceCredential, if PsDscRunAsCredential doesn't have the permission directly to the UNC path, and other credentials must be used to access the UNC path, or the SYSTEM account is used to install, then SourceCredential should be able to work either running as system, or together with PsDscRunAsCredential.