Hi everyone,
I have a problem to clean SPN of MSSQL database instance by Ansible.
First i copy a script on the server :
- name : "{{ titre_clean_spn }} - Copie du fichier ps1 pour le nettoyage
des SPN sur le serveur"
win_template:
src: "./templates/230-SPN/clean-spn-sqlserver.j2"
dest: 'C:\temp\clean-spn-sqlserver.ps1'
After i execute it with an ActiveDirectory account :
# Execution du script pour le nettoyage des SPN
- name: "{{ titre_clean_spn }} - Execution du script pour le nettoyage des
SPN"
win_command: powershell.exe -executionpolicy bypass -File "{{ item }}"
with_items:
- 'C:/temp/clean-spn-sqlserver.ps1'
I get this error message :
{
"start": "2022-02-09 04:32:01.974026",
"stdout": "",
"cmd": "powershell.exe -executionpolicy bypass -File
\"C:/temp/clean-spn-sqlserver.ps1\"",
"stderr": "Failed to bind to DC of domain mydomain.fr, error 0x5/5 ->
Access is denied.\r\n\r\nFailed to bind to DC of domain mydomain.fr, error
0x5/5 -> Access is denied.\r\n\r\n",
"changed": true,
"rc": 0,
"delta": "0:00:00.296875",
"end": "2022-02-09 04:32:02.270902",
"stdout_lines": [],
"stderr_lines": [
"Failed to bind to DC of domain mydomain.fr, error 0x5/5 -> Access
is denied.",
"",
"Failed to bind to DC of domain mydomain.fr, error 0x5/5 -> Access
is denied.",
""
],
"_ansible_no_log": false,
"item": "C:/temp/clean-spn-sqlserver.ps1",
"ansible_loop_var": "item",
"_ansible_item_label": "C:/temp/clean-spn-sqlserver.ps1"
}
When i open an MSTC session on the same server with the same
ActiveDirectory account uses by Ansible, it works ..
PS C:\Temp> .\clean-spn-sqlserver.ps1
Unregistering ServicePrincipalNames for
CN=server01,OU=Serveurs,DC=mydomain,DC=fr
MSSQLSvc/server01.mydomain.fr
Updated object
Unregistering ServicePrincipalNames for
CN=server01,OU=Serveurs,DC=mydomain,DC=fr
MSSQLSvc/server01.mydomain.fr:1433
Updated object
For information : it is not the first time that i execute script with same
account from Ansible and it works
Can you help me please,
Thank for your help,
Matt
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d3cba07a-c62f-40dc-a804-d44c65f6d62fn%40googlegroups.com.
