Azure Service Fabric
An Azure service that is used to develop microservices and orchestrate containers on Windows and Linux.
Patch Orchestration Application (POA) does not install updates in gMSA security cluster
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 59%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
SfDen
141
Reputation points
https://github.com/microsoft/Service-Fabric-POA/issues/34
In ETW log, i see next:
{
"ProviderName": "POA-NodeAgentSFUtility",
"Id": 2,
"Message": "RepairManagerHelper.CreateRepairTaskForNode failed. Exception details System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Fabric.Interop.NativeClient.IFabricRepairManagementClient2.EndCreateRepairTask(IFabricAsyncOperationContext context)
at System.Fabric.Interop.AsyncCallOutAdapter21.Finish(IFabricAsyncOperationContext context, Boolean expectedCompletedSynchronously) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.ServiceFabric.PatchOrchestration.NodeAgentSFUtility.Helpers.RepairManagerHelper.d__6.MoveNext() in D:\a\1\s\src\PatchOrchestrationApplication\NodeAgentSFUtility\src\Helpers\RepairManagerHelper.cs:line 170", "ProcessId": 9876, "Level": "Error", "Keywords": "0x0000F00000000000", "EventName": "ErrorMessage", "ActivityID": null, "RelatedActivityID": null, "Payload": { "message": "RepairManagerHelper.CreateRepairTaskForNode failed. Exception details System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at System.Fabric.Interop.NativeClient.IFabricRepairManagementClient2.EndCreateRepairTask(IFabricAsyncOperationContext context) at System.Fabric.Interop.AsyncCallOutAdapter21.Finish(IFabricAsyncOperationContext context, Boolean expectedCompletedSynchronously)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.ServiceFabric.PatchOrchestration.NodeAgentSFUtility.Helpers.RepairManagerHelper.d__6.MoveNext() in D:\a\1\s\src\PatchOrchestrationApplication\NodeAgentSFUtility\src\Helpers\RepairManagerHelper.cs:line 170"
}
}
I tried to run POA as Service Fabric Administrator, https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-run-service-as-ad-user-or-group, but it did not help.
Azure Service Fabric
-
SfDen 141 Reputation points
2019-12-24T09:24:02.687+00:00 If in service POSNodeSvc(NodeAgentNTService) change manually Log on as ServiceFabricAdmin domain account, then all working. But over time service again Log on as Local System account and error above will appear again. How run POSNodeSvc(NodeAgentNTService) as ServiceFabricAdmin account always?
Sign in to comment
Sign in to answer