question

SfDen-4602 avatar image
0 Votes"
SfDen-4602 asked ·

Patch Orchestration Application (POA) does not install updates in gMSA security cluster

https://github.com/microsoft/Service-Fabric-POA/issues/34

In ETW log, i see next: {

"ProviderName": "POA-NodeAgentSFUtility", "Id": 2, "Message": "RepairManagerHelper.CreateRepairTaskForNode failed. Exception details System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at System.Fabric.Interop.NativeClient.IFabricRepairManagementClient2.EndCreateRepairTask(IFabricAsyncOperationContext context) at System.Fabric.Interop.AsyncCallOutAdapter21.Finish(IFabricAsyncOperationContext context, Boolean expectedCompletedSynchronously) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.ServiceFabric.PatchOrchestration.NodeAgentSFUtility.Helpers.RepairManagerHelper.d_6.MoveNext() in D:\a\1\s\src\PatchOrchestrationApplication\NodeAgentSFUtility\src\Helpers\RepairManagerHelper.cs:line 170", "ProcessId": 9876, "Level": "Error", "Keywords": "0x0000F00000000000", "EventName": "ErrorMessage", "ActivityID": null, "RelatedActivityID": null, "Payload": { "message": "RepairManagerHelper.CreateRepairTaskForNode failed. Exception details System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at System.Fabric.Interop.NativeClient.IFabricRepairManagementClient2.EndCreateRepairTask(IFabricAsyncOperationContext context) at System.Fabric.Interop.AsyncCallOutAdapter21.Finish(IFabricAsyncOperationContext context, Boolean expectedCompletedSynchronously) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.ServiceFabric.PatchOrchestration.NodeAgentSFUtility.Helpers.RepairManagerHelper.d_6.MoveNext() in D:\a\1\s\src\PatchOrchestrationApplication\NodeAgentSFUtility\src\Helpers\RepairManagerHelper.cs:line 170" } }

I tried to run POA as Service Fabric Administrator, https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-run-service-as-ad-user-or-group, but it did not help.

azure-service-fabric
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If in service POSNodeSvc(NodeAgentNTService) change manually Log on as ServiceFabricAdmin domain account, then all working. But over time service again Log on as Local System account and error above will appear again. How run POSNodeSvc(NodeAgentNTService) as ServiceFabricAdmin account always?

0 Votes 0 · ·

0 Answers