CreateProcessAsUser failed with Win32ErrorCode 1058 when running become: true on a Windows host?

I’m using Ansible Automation Platform. I’m trying to run a task (specifically community.windows.win_credential) on a Windows host using become: true, but it’s failing with the following error:

{
  "exception": "Exception calling \"CreateProcessAsUser\" with \"9\" argument(s): \"CreateProcessWithTokenW() failed (The service cannot be started, either because it is disabled or because it has no enabled devices associated with it, Win32ErrorCode 1058)\"\r\nAt line:103 char:5\r\n+     $result = [Ansible.Become.BecomeUtil]::CreateProcessAsUser($usern ...\r\n+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException\r\n    + FullyQualifiedErrorId : Win32Exception\r\n\r\nScriptStackTrace:\r\nat <ScriptBlock>, <No file>: line 103\r\nat <ScriptBlock><End>, <No file>: line 137\r\nat <ScriptBlock>, <No file>: line 11\r\n\r\nSystem.Management.Automation.MethodInvocationException: Exception calling \"CreateProcessAsUser\" with \"9\" argument(s): \"CreateProcessWithTokenW() failed (The service cannot be started, either because it is disabled or because it has no enabled devices associated with it, Win32ErrorCode 1058)\" ---> Ansible.Process.Win32Exception: CreateProcessWithTokenW() failed (The service cannot be started, either because it is disabled or because it has no enabled devices associated with it, Win32ErrorCode 1058)\r\n   at Ansible.Become.BecomeUtil.CreateProcessAsUser(String username, String password, LogonFlags logonFlags, LogonType logonType, String lpApplicationName, String lpCommandLine, String lpCurrentDirectory, IDictionary environment, Byte[] stdin) in c:\\Users\\myUser\\AppData\\Local\\Temp\\rwchbapb.1.cs:line 309\r\n   at CallSite.Target(Closure , CallSite , Type , Object , Object , Object , Object , Object , Object , Object , Object , Object )\r\n   --- End of inner exception stack trace ---\r\n   at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)\r\n   at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)\r\n   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)\r\n   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)",
  "msg": "internal error: failed to become user 'myUser': Exception calling \"CreateProcessAsUser\" with \"9\" argument(s): \"CreateProcessWithTokenW() failed (The service cannot be started, either because it is disabled or because it has no enabled devices associated with it, Win32ErrorCode 1058)\"",
  "_ansible_no_log": false,
  "changed": false
}

The user is in the local Administrators group in the host. The Privilege Escalation Method (runas), Username, and Password are set on the Machine credential. Username and Password are the same that are used to log into the host.

I found this issue and followed some of the troubleshooting steps on there with no change.

I’ve tried running the task without become, but Ansible throws an error that it must be run with become:

Failed to access the user’s credential store, run the module with become.

Does anyone know how I can get this working?

I was unable to use become on Windows because the seclogon service was not running. After starting that I was able to successfully run community.windows.win_credential with become.

This requirement is in the Ansible documentation here.

1 Like