From 7b1cc11685a53f517a582e94fc07553737bb7aba Mon Sep 17 00:00:00 2001 From: Jordan Borean Date: Fri, 10 Aug 2018 16:17:45 +1000 Subject: [PATCH] win_domain modules: ensure Netlogon service is still running after promotion (#43703) --- .../fragments/win_domain_controller-netlogon.yaml | 3 +++ lib/ansible/modules/windows/win_domain.ps1 | 11 +++++++++++ .../modules/windows/win_domain_controller.ps1 | 15 ++++++++++++++- 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/win_domain_controller-netlogon.yaml diff --git a/changelogs/fragments/win_domain_controller-netlogon.yaml b/changelogs/fragments/win_domain_controller-netlogon.yaml new file mode 100644 index 0000000000..9d9c439a57 --- /dev/null +++ b/changelogs/fragments/win_domain_controller-netlogon.yaml @@ -0,0 +1,3 @@ +bugfixes: +- win_domain - ensure the Netlogon service is up and running after promoting host to controller - https://github.com/ansible/ansible/issues/39235 +- win_domain_controller - ensure the Netlogon service is up and running after promoting host to controller - https://github.com/ansible/ansible/issues/39235 diff --git a/lib/ansible/modules/windows/win_domain.ps1 b/lib/ansible/modules/windows/win_domain.ps1 index c8105522cb..7e5bc54f6a 100644 --- a/lib/ansible/modules/windows/win_domain.ps1 +++ b/lib/ansible/modules/windows/win_domain.ps1 @@ -75,6 +75,17 @@ If(-not $forest) { $iaf = Install-ADDSForest @install_forest_args $result.reboot_required = $iaf.RebootRequired + + # The Netlogon service is set to auto start but is not started. This is + # required for Ansible to connect back to the host and reboot in a + # later task. Even if this fails Ansible can still connect but only + # with ansible_winrm_transport=basic so we just display a warning if + # this fails. + try { + Start-Service -Name Netlogon + } catch { + Add-Warning -obj $result -message "Failed to start the Netlogon service after promoting the host, Ansible may be unable to connect until the host is manually rebooting: $($_.Exception.Message)" + } } } diff --git a/lib/ansible/modules/windows/win_domain_controller.ps1 b/lib/ansible/modules/windows/win_domain_controller.ps1 index 6e8cb9d175..4fa8c48b6b 100644 --- a/lib/ansible/modules/windows/win_domain_controller.ps1 +++ b/lib/ansible/modules/windows/win_domain_controller.ps1 @@ -213,7 +213,20 @@ Try { } $install_result = Install-ADDSDomainController -NoRebootOnCompletion -Force @install_params - Write-DebugLog "Installation completed, needs reboot..." + Write-DebugLog "Installation complete, trying to start the Netlogon service" + # The Netlogon service is set to auto start but is not started. This is + # required for Ansible to connect back to the host and reboot in a + # later task. Even if this fails Ansible can still connect but only + # with ansible_winrm_transport=basic so we just display a warning if + # this fails. + try { + Start-Service -Name Netlogon + } catch { + Write-DebugLog "Failed to start the Netlogon service: $($_.Exception.Message)" + Add-Warning -obj $result -message "Failed to start the Netlogon service after promoting the host, Ansible may be unable to connect until the host is manually rebooting: $($_.Exception.Message)" + } + + Write-DebugLog "Domain Controller setup completed, needs reboot..." } } member_server {