Open
Description
Describe the Bug
When setting AppPool identity to a gmsa account, the start of the appPool fail.s
Expected Behavior
Setting AppPool identity to a gmsa account should work as if you set it to an non-gmsa account. That is, the appPool should be started
Steps to Reproduce
Steps to reproduce the behavior:
- Create an AppPool with default AppPool identity 'ApplicationPoolIdentity'
iis_application_pool { 'Default Web Site-Apu.Application.Professional':
ensure => 'present',
state => 'started',
identity_type => 'ApplicationPoolIdentity',
} - Run puppet on the server so that the appPool is created
- Change the AppPool identity to a gmsa account
iis_application_pool { 'Default Web Site-Apu.Application.Professional':
ensure => 'present',
state => 'started',
identity_type => 'SpecificUser',
user_name => localad\apuapp$,
password => '',
} - Run puppet on the server
Result: The run fails with error
Error: Error updating apppool: The service cannot accept control messages at this time. (Exception from HRESULT: 0x80070425)
Error: Error updating apppool: The service cannot accept control messages at this time. (Exception from HRESULT: 0x80070425)
Environment
- Version: 7.25.0
- Platform: Rhel 8.9
Additional Context
We have two environments, a dev and a production environment. In our production environment it fails 100%. In our dev env if fails 50%.
My guess is that there is a timing issue/race condition. When I added a try/catch and a sleep, it started working.
Here is my changes:
iis/lib/puppet/provider/iis_application_pool/webadministration.rb
59 when :started
60 cmd << "If((Get-WebAppPoolState -Name \"#{@resource[:name]}\").Value -ne 'Started'){
61 try{
62 write-host 'First try';
63 Start-WebAppPool -Name \"#{@resource[:name]}\" -ErrorAction Stop
64 } catch{
65 write-host 'Failed first try, sleeping 15 seconds';
66 Sleep 15;
67 Start-WebAppPool -Name \"#{@resource[:name]}\" -ErrorAction Stop
68 }
69 }"