Hi everyone,
I have a problem to clean SPN of MSSQL database instance by Ansible.
First i copy a script on the server :
- name : “{{ titre_clean_spn }} - Copie du fichier ps1 pour le nettoyage des SPN sur le serveur”
win_template:
src: “./templates/230-SPN/clean-spn-sqlserver.j2”
dest: ‘C:\temp\clean-spn-sqlserver.ps1’
After i execute it with an ActiveDirectory account :
Execution du script pour le nettoyage des SPN
- name: “{{ titre_clean_spn }} - Execution du script pour le nettoyage des SPN”
win_command: powershell.exe -executionpolicy bypass -File “{{ item }}”
with_items: - ‘C:/temp/clean-spn-sqlserver.ps1’
I get this error message :
{
“start”: “2022-02-09 04:32:01.974026”,
“stdout”: “”,
“cmd”: “powershell.exe -executionpolicy bypass -File "C:/temp/clean-spn-sqlserver.ps1"”,
“stderr”: “Failed to bind to DC of domain mydomain.fr, error 0x5/5 → Access is denied.\r\n\r\nFailed to bind to DC of domain mydomain.fr, error 0x5/5 → Access is denied.\r\n\r\n”,
“changed”: true,
“rc”: 0,
“delta”: “0:00:00.296875”,
“end”: “2022-02-09 04:32:02.270902”,
“stdout_lines”: ,
“stderr_lines”: [
“Failed to bind to DC of domain mydomain.fr, error 0x5/5 → Access is denied.”,
“”,
“Failed to bind to DC of domain mydomain.fr, error 0x5/5 → Access is denied.”,
“”
],
“_ansible_no_log”: false,
“item”: “C:/temp/clean-spn-sqlserver.ps1”,
“ansible_loop_var”: “item”,
“_ansible_item_label”: “C:/temp/clean-spn-sqlserver.ps1”
}
When i open an MSTC session on the same server with the same ActiveDirectory account uses by Ansible, it works …
PS C:\Temp> .\clean-spn-sqlserver.ps1
Unregistering ServicePrincipalNames for CN=server01,OU=Serveurs,DC=mydomain,DC=fr MSSQLSvc/server01.mydomain.fr
Updated object
Unregistering ServicePrincipalNames for CN=server01,OU=Serveurs,DC=mydomain,DC=fr MSSQLSvc/server01.mydomain.fr:1433
Updated object
For information : it is not the first time that i execute script with same account from Ansible and it works
Can you help me please,
Thank for your help,
Matt