This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 77%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
We are trying to install patches from Ansible on Windows servers and it used to work fine well, but recently few changes happened from AD or GPO which is causing the below error while executing the Windows updates script from Ansible.
"Failed to get token for NT AUTHORITY\SYSTEM required for become as a service account or an account without a password" ---> System.Exception: Failed to get token for NT AUTHORITY\SYSTEM required for become as a service account or an account without a password
"msg": "internal error: failed to become user 'SYSTEM': Exception calling \"CreateProcessAsUser\" with \"9\" argument(s): \"Failed to get token for NT AUTHORITY\SYSTEM required for become as a service account or an account without a password\""
Strangely we were able to do on few servers and few not, so not able to find what settings actually causing the issue.
it is issue with SeDebugPrivilage for the users. It is disabled as new Group policy removed users and groups from Windows settings -- security settings -- local policies -- user rights assignment -- debug programs
whoami /priv will show the SeDebugPrivilage for user that used to run script and it should be enabled.
error while executing the Windows updates script from Ansible
The developer will be your best resource for troubleshooting, or also try asking in their own forums.
https://www.ansible.com/community?extIdCarryOver=true&sc_cid=701f2000001OH7YAAW
--please don't forget to Accept as answer if the reply is helpful--
Hi Patrick
Sure, We asked in Ansible forum as well, but we suspect issue is from window client end, please help if we can check any particular settings for above error
Might try downloading here and manual install as a test.
https://www.catalog.update.microsoft.com/
--please don't forget to Accept as answer if the reply is helpful--
Hi Patrick
Manual installation of updates working fine, only issue while doing over winrm and we are suspecting even we run it with admin account it is expecting to became admin user.
Only the developer knows their own in house developed process. They should be in the best position to debug the process.
BTW it looks like you're not alone.
https://learn.microsoft.com/en-us/answers/questions/276349/assign-34system34-rights-to-domain-user-id-on-wind.html
--please don't forget to Accept as answer if the reply is helpful--
Hi Patrick
We checked in Ansible communities and it is issue with SeDebugPrivilage for the users. It is disabled as new Group policy removed users and groups from Windows settings -- security settings -- local policies -- user rights assignment -- debug programs.
Glad to hear, you're welcome.
--please don't forget to Accept as answer if the reply is helpful--