Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change AppPool identity to gmsa account fails #386

Open
hollspat opened this issue Dec 12, 2023 · 0 comments
Open

Change AppPool identity to gmsa account fails #386

hollspat opened this issue Dec 12, 2023 · 0 comments
Labels
community

Comments

@hollspat
Copy link

Describe the Bug

When setting AppPool identity to a gmsa account, the start of the appPool fail.s

Expected Behavior

Setting AppPool identity to a gmsa account should work as if you set it to an non-gmsa account. That is, the appPool should be started

Steps to Reproduce

Steps to reproduce the behavior:

  1. Create an AppPool with default AppPool identity 'ApplicationPoolIdentity'
    iis_application_pool { 'Default Web Site-Apu.Application.Professional':
    ensure => 'present',
    state => 'started',
    identity_type => 'ApplicationPoolIdentity',
    }
  2. Run puppet on the server so that the appPool is created
  3. Change the AppPool identity to a gmsa account
    iis_application_pool { 'Default Web Site-Apu.Application.Professional':
    ensure => 'present',
    state => 'started',
    identity_type => 'SpecificUser',
    user_name => localad\apuapp$,
    password => '',
    }
  4. Run puppet on the server
    Result: The run fails with error
    Error: Error updating apppool: The service cannot accept control messages at this time. (Exception from HRESULT: 0x80070425)
    Error: Error updating apppool: The service cannot accept control messages at this time. (Exception from HRESULT: 0x80070425)

Environment

  • Version: 7.25.0
  • Platform: Rhel 8.9

Additional Context

We have two environments, a dev and a production environment. In our production environment it fails 100%. In our dev env if fails 50%.
My guess is that there is a timing issue/race condition. When I added a try/catch and a sleep, it started working.

Here is my changes:
iis/lib/puppet/provider/iis_application_pool/webadministration.rb

 59       when :started
 60         cmd << "If((Get-WebAppPoolState -Name \"#{@resource[:name]}\").Value -ne 'Started'){
 61                    try{
 62                      write-host 'First try';
 63                      Start-WebAppPool -Name \"#{@resource[:name]}\" -ErrorAction Stop
 64                    } catch{
 65                       write-host 'Failed first try, sleeping 15 seconds';
 66                       Sleep 15;
 67                       Start-WebAppPool -Name \"#{@resource[:name]}\" -ErrorAction Stop
 68                      }
 69                }"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ia-content @hollspat