Make Service run under Local User Account using powershell

reliability
(Doug Ferguson) #1

Hi. I’m am using a powershell to install tentacles using a script based on the one found here: https://octopus.com/blog/auto-provision-ec2-instances-with-tentacle-installed

I would like to run the tentacle service under a local account that is a member of Administrators for my workgroup (the comptuer is not on a domain).

I added the username and password params to the call so that it reads:
& .\tentacle.exe service --instance “Tentacle” --install --username=$serviceUserAccount --password=$servicePassword --start --console | Write-Host

The error I receive upon executing this line is:
Service installed
Service reconfigured
Granting log on as a service right to WORKGROUP\LocalAdmin
LookupAccountName result = False
IsValidSid: False
LookupAccountName domainName:
LookupAccountName failed: 1337
Tentacle.exe : Unable to set username/password on service ‘OctopusDeploy Tentacle’. WMI returned 22.
At C:\temp\configureOctopus.ps1:185 char:3
& .\tentacle.exe service --instance “Tentacle” --install --username=$serviceUserAccount --password=$servicePassword --start --console | Write-Host

  • + CategoryInfo          : NotSpecified: (Unable to set u...MI returned 22.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    
    

Can you please let me know what I need to do to make the service run under the specified account? I validated that the user account and password are correct.

Thanks

Here are the relevant lines of the script I am calling in case it gives more context:
& .\tentacle.exe create-instance --instance “Tentacle” --config $tentacleConfigFile --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on create-instance”
}
& .\tentacle.exe new-certificate --instance “Tentacle” --if-blank --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on creating new certificate”
}
& .\tentacle.exe configure --instance “Tentacle” --reset-trust --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on creating configure reset trust”
}
& .\tentacle.exe configure --instance “Tentacle” --home $tentacleHomeDirectory --app $tentacleAppDirectory --port $tentacleListenPort --console | Write-Host #–noListen “True” for PollingTentacles, it’s noListen
if ($lastExitCode -ne 0) {
throw “Installation failed on configure”
}
& .\tentacle.exe configure --instance “Tentacle” --trust $octopusServerThumbprint --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on configure thumbprint”
}
$absoluteUri = $octopusServerUrl.AbsoluteUri

$registrationExpress = “.\tentacle.exe register-with --instance Tentacle --server $absoluteUri --apiKey $apiKey $registerInRolesText --environment $environment $tenantText $tenantedDeploymentText --publicHostName $ipAddress --comms-style TentaclePassive --force --console”

Invoke-Expression $registrationExpress
if ($lastExitCode -ne 0) {
throw “Installation failed on register-with”
}

& .\tentacle.exe service --instance “Tentacle” --install --username=$serviceUserAccount --password=$servicePassword --start --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on service install”
}

(Doug Ferguson) #2

I figured it out. Here’s the answer in case it helps someone else.

I originally set the $serviceUserAccount as just the account name “LocalAdmin”.
I then tried with the workgroup as the domain name like “WORKGROUP\LocalAdmin”

What finally worked was using the computer name as the domain name.
$domain = $env:COMPUTERNAME
$serviceUserAccount = “$domain\LocalAdmin”

(Daniel Fischer) #4

Hi Doug,

Thanks for the update on this! I’m glad to hear you figured this out.

Please don’t hesitate to get in touch at any time in the future. :slight_smile:

Best regards,
Daniel