win_update did not work with version higher 1.13.0 #543
Comments
|
Can you try out the following task to see if it works or not? - ansible.windows.win_command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -Command whoamiIt would be good to know if the PowerShell process starts normally or whether it's a problem with starting it with the parent process started by the task scheduler. Another area you can look at is the task scheduler event logs, the article at https://docs.nxlog.co/userguide/integrate/windows-task-scheduler.html shows how they can be enabled if they are not already. Then in the event viewer under The one that would be good to see is something that indicates the task had finished (whether successfully or not) Knowing the exit code for this |
cat test.yml git:(main|✚2
---
- name: Test playbook
hosts: winmgr.casa-due-pur.de
gather_facts: true
tasks:
- ansible.windows.win_command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -Command whoami
``
```shell
ansible-playbook test.yml --ask-vault-pass git:(main|✚2
Vault password:
PLAY [Test playbook] *****************************************************************************************************************************************************************************
TASK [ansible.windows.win_command] ***************************************************************************************************************************************************************
changed: [winmgr.casa-due-pur.de]
PLAY RECAP ***************************************************************************************************************************************************************************************
winmgr.casa-due-pur.de : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
The command task did not produce any output. Thank you. |
|
Looks like 'LogonUserS4U' throws an error 2147943726. The user can not logon. |
|
Thank you for the detailed information it has been helpful. When translating the messages I can see that
The
By all indications the task scheduler process running as SYSTEM started without any issues and was stopped at the time it should have been stopped. As it used the SYSTEM fallback would you be able to try the following tasks as well and let me know if it worked or not - hosts: ...
gather_facts: false
tasks:
- ansible.windows.win_command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -Command gci env:'
vars:
ansible_become: true
ansible_become_method: runas
ansible_become_user: SYSTEMWhile not strictly the same it should hopefully replicate whether your host is able to spawn PowerShell under the |
Yes the connection user is a member of Domain Admins group. Because of your question i just created a local admin account and now it works. task path: /Users/x/.ansible/roles/ricariel.windows/tasks/upgrade_all.yml:2
ok: [server] =>
changed: false
failed_update_count: 0
filtered_updates: {}
found_update_count: 0
installed_update_count: 0
invocation:
module_args:
accept_list: null
category_names:
- CriticalUpdates
- SecurityUpdates
- UpdateRollups
log_path: c:\windows\logs\ansible_update_log.txt
reboot: false
reboot_timeout: 600
reject_list: null
server_selection: default
skip_optional: false
state: installed
reboot_required: false
rebooted: false
updates: {}Did not know, i cannot use that user. Learning ansible at the moment and coming from Saltstack.
This worked! TASK [ansible.windows.win_command] *********************************************************************************************************************************************************************
changed: [server]Did i missed some documentation reading or is it unusual to operate as a domain administrator? Regards |
For my testing environment I do use a Domain Admin account and it does work but I can see how it might not in other environments. I would say it is unusual to use a privileged accounts like DA in anything but a break glass situation. In saying that it is hard to have an account that Ansible could use universally so I'm sure you aren't the only one. It's good to know that the scheduled task method being used may not work for DA accounts sometimes or ones marked as sensitive though so thank you for confirming. It is interesting your Essentially it allows you to do the following and it will avoid task scheduler altogether making things a bit more straightforward: - name: Search and install updates
ansible.windows.win_updates:
category_names:
- CriticalUpdates
- SecurityUpdates
- UpdateRollups
reboot: "{{ windows_upgrade_reboot | default(false) }}"
state: installed
reboot_timeout: 600
log_path: c:\windows\logs\ansible_update_log.txt
become: true
become_method: runas
vars:
# Or just ansible_become_user: SYSTEM
ansible_become_user: '{{ ansible_user }}'
ansible_become_pass: '{{ ansible_password }}' |
|
Thank you very much! |
SUMMARY
I tried updating my windows systems with connection type ssh then an error happened:
No errors are logged on windows host. Hosts are Windows 10 and Windows Server 2019
ISSUE TYPE
COMPONENT NAME
win_update
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Ansible Host: macOS 13.5 (22G74)
Ansible Client: Windows 10
"ansible_distribution": "Microsoft Windows 10 Enterprise",
"ansible_distribution_major_version": "10",
"ansible_distribution_version": "10.0.19045.0",
"ansible_distribution": "Microsoft Windows Server 2019 Standard",
"ansible_distribution_major_version": "10",
"ansible_distribution_version": "10.0.17763.0",
"ansible_distribution": "Microsoft Windows 10 Pro",
"ansible_distribution_major_version": "10",
"ansible_distribution_version": "10.0.19045.0",
STEPS TO REPRODUCE
EXPECTED RESULTS
TASK [ricariel.windows : Search and install updates] ******************************************************************************************************************************
ok: [hostname]
ACTUAL RESULTS
The text was updated successfully, but these errors were encountered: