Make Service run under Local User Account using powershell

dougferg · 6 September 2019 03:04

Hi. I’m am using a powershell to install tentacles using a script based on the one found here: https://octopus.com/blog/auto-provision-ec2-instances-with-tentacle-installed

I would like to run the tentacle service under a local account that is a member of Administrators for my workgroup (the comptuer is not on a domain).

I added the username and password params to the call so that it reads:
& .\tentacle.exe service --instance “Tentacle” --install --username=$serviceUserAccount --password=$servicePassword --start --console | Write-Host

The error I receive upon executing this line is:
Service installed
Service reconfigured
Granting log on as a service right to WORKGROUP\LocalAdmin
LookupAccountName result = False
IsValidSid: False
LookupAccountName domainName:
LookupAccountName failed: 1337
Tentacle.exe : Unable to set username/password on service ‘OctopusDeploy Tentacle’. WMI returned 22.
At C:\temp\configureOctopus.ps1:185 char:3
& .\tentacle.exe service --instance “Tentacle” --install --username=$serviceUserAccount --password=$servicePassword --start --console | Write-Host

+ CategoryInfo          : NotSpecified: (Unable to set u...MI returned 22.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

Can you please let me know what I need to do to make the service run under the specified account? I validated that the user account and password are correct.

Thanks

Here are the relevant lines of the script I am calling in case it gives more context:
& .\tentacle.exe create-instance --instance “Tentacle” --config $tentacleConfigFile --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on create-instance”
}
& .\tentacle.exe new-certificate --instance “Tentacle” --if-blank --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on creating new certificate”
}
& .\tentacle.exe configure --instance “Tentacle” --reset-trust --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on creating configure reset trust”
}
& .\tentacle.exe configure --instance “Tentacle” --home $tentacleHomeDirectory --app $tentacleAppDirectory --port $tentacleListenPort --console | Write-Host #–noListen “True” for PollingTentacles, it’s noListen
if ($lastExitCode -ne 0) {
throw “Installation failed on configure”
}
& .\tentacle.exe configure --instance “Tentacle” --trust $octopusServerThumbprint --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on configure thumbprint”
}
$absoluteUri = $octopusServerUrl.AbsoluteUri

$registrationExpress = “.\tentacle.exe register-with --instance Tentacle --server $absoluteUri --apiKey $apiKey $registerInRolesText --environment $environment $tenantText $tenantedDeploymentText --publicHostName $ipAddress --comms-style TentaclePassive --force --console”

Invoke-Expression $registrationExpress
if ($lastExitCode -ne 0) {
throw “Installation failed on register-with”
}

& .\tentacle.exe service --instance “Tentacle” --install --username=$serviceUserAccount --password=$servicePassword --start --console | Write-Host
if ($lastExitCode -ne 0) {
throw “Installation failed on service install”
}

dougferg · 6 September 2019 12:22

I figured it out. Here’s the answer in case it helps someone else.

I originally set the $serviceUserAccount as just the account name “LocalAdmin”.
I then tried with the workgroup as the domain name like “WORKGROUP\LocalAdmin”

What finally worked was using the computer name as the domain name.
$domain = $env:COMPUTERNAME
$serviceUserAccount = “$domain\LocalAdmin”

Daniel_Fischer · 9 September 2019 05:06

Hi Doug,

Thanks for the update on this! I’m glad to hear you figured this out.

Please don’t hesitate to get in touch at any time in the future.

Best regards,
Daniel

system · 9 October 2019 05:06

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.