New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows_Service run_as_user does not work correctly #8079

Open
gdoddsy opened this Issue Dec 27, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@gdoddsy
Copy link

gdoddsy commented Dec 27, 2018

Description

When trying to install a service in Windows 2016 using windows_service, I am not able to specify a domain username and password. Ideally, I'd like to be able to specified a group managed service account, but I can't even add a regular domain account.

We need the service to run as a domain account so it can connect to other services on the network.

I think this is similar to issue 3521, which is marked as closed.

Chef Version

14.7.17

Platform Version

Windows Server 2016

Replication Case

windows_service 'install My Service' do
	action :create
	display_name "My Service"
	service_name "myservice"
	binary_path_name "c:\\Program Files\\myservice\\myservice.exe"
	startup_type :automatic
	delayed_start true
	run_as_user "domain\\MyUser"
	run_as_password "mypassword"
	description "Some description of my service."
end

Client Output

When it hits the line to install using a regular windows domain user:

FATAL: SystemCallError: windows_service[install My Service] (MyService::InstallMyService line 35) had an error: SystemCallError: The account name is invalid or does not exist, or the password is invalid for the account name specified. - CreateService: The account name is invalid or does not exist, or the password is invalid for the account name specified.
@gdoddsy

This comment has been minimized.

Copy link

gdoddsy commented Dec 27, 2018

Turns out we can register with a managed service account (without a password), but not with a normal windows account specifying a password

@kapilchouhan99

This comment has been minimized.

Copy link
Contributor

kapilchouhan99 commented Jan 14, 2019

As per my analysis, if you want to use domain\username then you will have to pass Domain name in this format.
Ex. suppose your domain is abc.com and a domain name is ABC then you will have to pass ABC as a domain instead of abc.com
like: ABC\myuser
and if you want to use abc.com as a domain, then you will have to use username@domain.com format
like: myuser@abc.com
also, I have found this
DOMAIN\username is the old logon format, called down-level logon name. Also known by the names SAMAccountName

username@domain.com is a UPN - User Principal Name. called newer logon format. It's an Internet-style login name.

I have checked it with User@domain.com, and it's working fine. you can try like this

windows_service 'install My Service' do
    action :create
    display_name "My Service"
    service_name "myservice"
    binary_path_name "c:\\Program Files\\myservice\\myservice.exe"
    startup_type :automatic
    delayed_start true
    run_as_user "MyUser@domain.com"
    run_as_password "mypassword"
    description "Some description of my service."
end

http://blog.schertz.name/2012/08/understanding-active-directory-naming-formats/
https://serverfault.com/questions/371150/any-difference-between-domain-username-and-usernamedomain-local

@btm @stuartpreston Please let me know your thoughts on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment