Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SqlSetup: Cannot install and apply GMSA accounts using the SqlSvcAccount and AgtSvcAccount variables #1869

Open
Sir-Turtle opened this issue Mar 9, 2023 · 4 comments
Open

SqlSetup: Cannot install and apply GMSA accounts using the SqlSvcAccount and AgtSvcAccount variables #1869

Sir-Turtle opened this issue Mar 9, 2023 · 4 comments
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.

Comments

@Sir-Turtle
Copy link

Sir-Turtle commented Mar 9, 2023
edited

Problem description

The installation does not error out, it completes just fine except it doesn't apply our defined GMSAs to the instance and uses default local accounts.

Verbose logs

I don't see a problem in the logs

How to reproduce

run an installation and pass GMSAs for service account parameters: SqlSvcAccount and AgtSvcAccount

Expected behavior

The accounts given to parameters SqlSvcAccount and AgtSvcAccount would be the accounts running the SQL services

Current behavior

default local accounts are running services after the installation completes

Suggested solution

Add support for GMSAs

Operating system the target node is running

OsName               : Microsoft Windows Server 2019 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.17763.3770
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.3770
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Module version used

SqlServerDsc 15.2.0  C:\Program Files\WindowsPowerShell\Modules\SqlServerDsc\15.2.0\SqlServerDsc.psd1
@Sir-Turtle
Copy link
Author

We have coded this feature ourselves.

@johlju
Copy link
Member

johlju commented Mar 10, 2023

@Sir-Turtle Is it possible for you to contribute the changes you made so others may use them as well?

@johlju johlju reopened this Mar 10, 2023
@johlju johlju added enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. labels Mar 10, 2023
@johlju johlju changed the title Cannot install and apply GMSA accounts using the SqlSvcAccount and AgtSvcAccount variables SqlSetup: Cannot install and apply GMSA accounts using the SqlSvcAccount and AgtSvcAccount variables Mar 10, 2023
@ghost
Copy link

ghost commented Apr 27, 2023

I would also look forward to a solution. This blocks the automation very much.

@goldenajj
Copy link

GMSA account for SQLSetup works. I've done this for a year, but with Ansible with the win_dsc module. What you probably missed is adding the $ after the account name.

SQLSvcAccount_username: '{{ short_domain }}\{{ instance.gmsa_sqlsvc }}$'
SQLSvcAccount_password: '{{ ansible_password }}' #dummy
AgtSvcAccount_username: '{{ short_domain }}\{{ instance.gmsa_sqlagt }}$'
AgtSvcAccount_password: '{{ ansible_password }}' #dummy

To use MSFT credential in ansible you have to use _username and _password otherwise it does not recognize it so nevermind that if you're using only the DSC module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Sir-Turtle @johlju @goldenajj