search

lowlydba / lowlydba.sqlserver

:spoon: A cross-platform Ansible collection using PowerShell to configure and maintain SQL Server.
https://galaxy.ansible.com/ui/repo/published/lowlydba/sqlserver
GNU General Public License v3.0
19 stars 12 forks source link

[Bug] SPN creation is successful but the ansible task is reported as FAILED. #243

Open DorBreger opened 3 months ago

DorBreger commented 3 months ago

Describe the bug spn is created but ansible task fails and reports changed: "false".

To Reproduce Create an availability groups where the engine is ran under a GMSA. Use 

lowlydba.sqlserver.spn:
      computer: db1.domain.com
      service_account: "DOMAIN\\g9540dbs$"

The ansible task will fail, but it will create the SPN. The error message is changed: "false", msg: "Configuring SPN failed: Exception calling \"CommitChanges\" with \"0\" argument(s): \"Access is denied.\r\n""

Expected behavior The ansible task to be successful.

Versions(please complete the following information):

Additional context Add any other context about the problem here. I'm using a GMSA to run the sql server engine.

briantist commented 3 months ago

Is it possible that SPN creation was successful on some AD object(s), but failed on other(s), like the listener computer object?

DorBreger commented 3 months ago

@briantist unfortunately not, I ran this before a listener was even created.

lowlydba commented 3 months ago

Can you try running with verbose output, and also include your dbatools version? If you can also try doing the creation directly with the DBATools command, that would be helpful to isolate the issue.

DorBreger commented 3 months ago

I will get to it when I'm back in the office on Wednesday, I haven't been able to replicate the problem locally on my cluster of VMs.