Stop and Start MSSQLSERVER and SQLSERVERAGENT

kxmoss · August 17, 2016, 8:45pm

up until about a month or so ago, my recipe worked fine where after I installed SQL I was able to stop the services and set them to run as a sQL service account we have set up. But now, I till stop them and assign the users, but wont’ start back up. I manually log into the servers and click start. The credentials are good, but it just won’t start the services. See below for the blocks in question.

windows_service 'SQLSERVERAGENT' do
  action :stop
end

windows_service 'MSSQLSERVER' do
  action :stop
end

windows_service 'MSSQLSERVER' do
  run_as_user node['Relativity']['SQLServer']['Service_Account']
  run_as_password node['Relativity']['SQLServer']['Service_Account_Password']
  action :start
end

windows_service 'SQLSERVERAGENT' do
  run_as_user node['Relativity']['SQLServer']['Service_Account']
  run_as_password node['Relativity']['SQLServer']['Service_Account_Password']
  action :start
end

Matt_Wrock · August 17, 2016, 10:03pm

Does the chef run fail when trying to stop? I’d also check the event logs to see if it started and then stopped and if any error was collected.

kxmoss · August 18, 2016, 2:51pm

yes, the chef run fails and the even logs shows a stop but no start…In the system logs I see it receiving a stopped state, but nothing for start…

kxmoss · August 18, 2016, 3:28pm

looks to be a winrm issue because I ran chef-client on the server and it worked without an issue…

I see this in teh System logs…

The WinRM service has received an unsecure HTTP connection from 10.12.236.104. 

 This is not a secure configuration. 

 User Action

The winrm configurations are set as:

Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = true
        Auth
            Basic = true
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = true
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 10
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 25
        MaxMemoryPerShellMB = 1024
        MaxShellsPerUser = 30

Do you see a reason why this would be erring?

kxmoss · August 18, 2016, 6:05pm

I went ahead and just decided to go with a powershell script to start the service…not sure why the windows_service resource isn’t working

Matt_Wrock · August 19, 2016, 4:55am

I think this is unrelated to the service failures but that event log message regarding the insecure configuration is likely due to the AllowUnencrypted = true setting. Its best not to set that to true. Some chef tooling (knife-windows and test-kitchen) required that in the past but if you are using recent versions its unnecessary.

dmartushev · August 19, 2017, 9:30pm

I was recently working on this use case and ran into the same challenge. Just as another example of a way forward, setting up a retry worked for me (the below also includes idempotency via the only_if guard):

windows_service 'SQLSERVERAGENT' do
  action :stop
  guard_interpreter :powershell_script
  only_if '(Get-WMIObject Win32_Service | where-object { $_.name -eq "SQLSERVERAGENT" }| where-object {$_.startname -eq ".\foo_bar"}) -eq $null'
end

windows_service 'MSSQLSERVER' do
  action :stop
  guard_interpreter :powershell_script
  only_if '(Get-WMIObject Win32_Service | where-object { $_.name -eq "MSSQLSERVER" }| where-object {$_.startname -eq ".\foo_bar"}) -eq $null'
end

windows_service 'MSSQLSERVER' do
  run_as_user '.\foo_bar'
  run_as_password 'FooBar!'
  action :start
  retries 5
  retry_delay 10
end

windows_service 'SQLSERVERAGENT' do
  run_as_user '.\foo_bar'
  run_as_password 'FooBar!'
  action :start
  retries 5
  retry_delay 10
end

Hope that’s of help for anyone else running into this. Or if I google around in the future and run into my own post

Topic		Replies	Views
MySQL-cookbook: Instance restart at every chef-client run Chef Infra (archive)	1	694	August 27, 2015
Bug in tutorials for Windows Chef Infra (archive)	3	557	August 14, 2015
Chef push jobs to restart a windows service on a node Chef Infra (archive)	1	624	July 27, 2016
FATAL "Mixlib ShellOut CommandTimeout" on Chef Windows/knife winrm when installing SQL Server Chef Infra (archive)	2	2033	June 17, 2016
Re: Re: Re: Chef 12.4.1 client for Windows 2012r2 Chef Infra (archive)	1	284	August 31, 2015

Stop and Start MSSQLSERVER and SQLSERVERAGENT

Related Topics