SPSearchServiceApp: Doesn't work when specifying database credentials
See original GitHub issueDetails of the scenario you tried and the problem that is occurring
If the DatabaseCredentials parameter is supplied to the resource, it does not include those credentials when it calls Confirm-UserIsDbOwner
and Set-UserAsDbOwner
, so those functions will attempt to connect to the database using windows authentication
Verbose logs showing the problem
"Message": "PowerShell DSC resource MSFT_SPSearchServiceApp failed to execute Test-TargetResource functionality with error message: Error while running SQL query: Windows logins are not supported in this version of SQL Server. ",
"Data": {
},
"InnerException": {
"SerializedRemoteException": "System.Management.Automation.RuntimeException: Error while running SQL query: Windows logins are not supported in this version of SQL Server.",
"SerializedRemoteInvocationInfo": "System.Management.Automation.InvocationInfo",
"ErrorRecord": "Error while running SQL query: Windows logins are not supported in this version of SQL Server.",
"WasThrownFromThrowStatement": false,
"Message": "Error while running SQL query: Windows logins are not supported in this version of SQL Server.",
"Data": "System.Collections.ListDictionaryInternal",
"InnerException": null,
"TargetSite": "Void EndInvoke()",
"StackTrace": " at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()\r\n at System.Management.Automation.PowerShell.CoreInvokeRemoteHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)\r\n at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd, List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration, LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32\u0026 resultStatusHandle, Collection`1\u0026 result, ErrorRecord\u0026 errorRecord, PSModuleInfo localRunSpaceModuleInfo)",
"HelpLink": null,
"Source": "System.Management.Automation",
"HResult": -2146233087
},
"TargetSite": null,
"StackTrace": null,
"HelpLink": null,
"Source": null,
"HResult": -2146233079
Suggested solution to the issue
Provide the DatabaseCredential parameter to the Confirm-UserIsDbOwner
and Set-UserAsDbOwner
functions
The DSC configuration that is used to reproduce the issue (as detailed as possible)
Any configuration with a SPSearchServiceApp resource with UseSQLAuthentication=$true and DatabaseCredentials specified
The operating system the target node is running
OsName : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsVersion : 1809
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage : en-US
OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
Name Value
---- -----
PSVersion 5.1.17763.2183
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.2183
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version of the DSC module that was used
Name Version Path
---- ------- ----
SharePointDSC 4.8.0 C:\Program Files\WindowsPowerShell\Modules\SharePointDSC\4.8.0\SharePointDSC.psd1
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (5 by maintainers)
Top Results From Across the Web
SPSearchServiceApp exception creating defaultAccount ...
In the case that the script is run from the user sp_farm or sp_admin, then the data is get correctly, and if the...
Read more >SharePointDsc/HISTORIC_CHANGELOG.md at master
Needed when e.g. using Azure SQL Managed Instance as SharePoint's database server. UseSQLAuthentication and DatabaseCredentials parameters will need to be ...
Read more >PowerShell
SPSearchServiceApp: Doesn't work when specifying database credentials $ 0 · Details of the scenario you tried and the problem that is occurring ·...
Read more >Secure Store Application ID credentials don't work when ...
I went ahead and added the account spSetup to the database as a datareader and viola, I was able to make the connection....
Read more >SharePointDsc.psd1 4.9.0
Description = 'This DSC module is used to deploy and configure SharePoint Server 2013, 2016 and 2019, and covers a wide range of...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@ykuijs This is still open - the original underlying problem appears to be corrected, but there is another issue in Set-UserAsDBOwner - this TSQL code block always tries to create a windows-based sql server login:
This isn’t an issue for the account specified from the $DatabaseCredentials parameter, as the account already exists. However, the SearchServiceApp resource also tries to ensure the farm’s default service account has database owner permissions.
Perhaps the fix is in the sections of the SPSearchServiceApp resource’s Get-TargetResource function that checks database account permissions, that check should either be bypassed entirely if $DatabaseCredentials are specified, or the Confirm-UserIsDbOwner calls should only check the permissions of the account actually used to access SQL (which would be the user specified in $DatabaseCredentials) instead of the farm service account.
I should point out the use case for this is provisioning SP in Azure VMs connecting to an Azure SQL Managed Instance, which doesn’t support windows authentication.
I realized that I didn’t add this check to the Test method. Just created another PR to fix that, after which I will release v4.9 later today.