Hi,
I have resolved my problem.
- name: "{{ titre_clean_spn }} - Execution du script pour le nettoyage des
SPN"
win_command: powershell.exe -executionpolicy Unrestricted -NonInteractive
-File "{{ item }}"
with_items:
- 'C:/temp/clean-spn-sqlserver.ps1'
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_flags: logon_type=new_credentials
logon_flags=netcredentials_only
ansible_become_user: 'MYDOMAIN\usr_ansible'
ansible_become_pass: "{{ usr_ansible_password }}"
no_log: "{{ ansible_no_log }}"
Matt
Le jeudi 10 février 2022 à 08:42:03 UTC+1, [email protected] a écrit :
> Hi everyone,
>
> I have a problem to clean SPN of MSSQL database instance by Ansible.
>
> First i copy a script on the server :
>
> - name : "{{ titre_clean_spn }} - Copie du fichier ps1 pour le nettoyage
> des SPN sur le serveur"
> win_template:
> src: "./templates/230-SPN/clean-spn-sqlserver.j2"
> dest: 'C:\temp\clean-spn-sqlserver.ps1'
>
> After i execute it with an ActiveDirectory account :
> # Execution du script pour le nettoyage des SPN
> - name: "{{ titre_clean_spn }} - Execution du script pour le nettoyage des
> SPN"
> win_command: powershell.exe -executionpolicy bypass -File "{{ item }}"
> with_items:
> - 'C:/temp/clean-spn-sqlserver.ps1'
>
> I get this error message :
> {
> "start": "2022-02-09 04:32:01.974026",
> "stdout": "",
> "cmd": "powershell.exe -executionpolicy bypass -File
> \"C:/temp/clean-spn-sqlserver.ps1\"",
> "stderr": "Failed to bind to DC of domain mydomain.fr, error 0x5/5 ->
> Access is denied.\r\n\r\nFailed to bind to DC of domain mydomain.fr,
> error 0x5/5 -> Access is denied.\r\n\r\n",
> "changed": true,
> "rc": 0,
> "delta": "0:00:00.296875",
> "end": "2022-02-09 04:32:02.270902",
> "stdout_lines": [],
> "stderr_lines": [
> "Failed to bind to DC of domain mydomain.fr, error 0x5/5 ->
> Access is denied.",
> "",
> "Failed to bind to DC of domain mydomain.fr, error 0x5/5 ->
> Access is denied.",
> ""
> ],
> "_ansible_no_log": false,
> "item": "C:/temp/clean-spn-sqlserver.ps1",
> "ansible_loop_var": "item",
> "_ansible_item_label": "C:/temp/clean-spn-sqlserver.ps1"
> }
>
>
>
> When i open an MSTC session on the same server with the same
> ActiveDirectory account uses by Ansible, it works ..
> PS C:\Temp> .\clean-spn-sqlserver.ps1
> Unregistering ServicePrincipalNames for
> CN=server01,OU=Serveurs,DC=mydomain,DC=fr MSSQLSvc/
> server01.mydomain.fr
> Updated object
> Unregistering ServicePrincipalNames for
> CN=server01,OU=Serveurs,DC=mydomain,DC=fr MSSQLSvc/
> server01.mydomain.fr:1433
> Updated object
>
> For information : it is not the first time that i execute script with same
> account from Ansible and it works
>
> Can you help me please,
>
> Thank for your help,
> Matt
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5a185317-13c2-4b1c-8a40-c6d1eca789cdn%40googlegroups.com.
