Juju fails to reset jujud password on windows if logged into desktop

Bug #1900002 reported by Gabriel Samfira on 2020-10-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
juju
Medium
Gabriel Samfira

Bug Description

On Windows, juju machine agents and unit agents run under a regular user called "jujud". In order for a service to run under a regular user, the service needs to be configured with the credentials of that user, and the user needs to have the SeServiceLoginRight (https://docs.microsoft.com/en-us/windows/win32/secauthz/account-rights-constants).

In order to not need to store the password securely, the juju machine agent will reset the password for the user when it needs to create a new unit on the machine, and it will set that password on all services that have the jujud user set as the user under which the service needs to run.

Starting with Windows Server 2016, whenever someone logs into an interactive desktop session, a temporary service is spawned, named something like: CDPUserSvc_1b8268b, the description of which is: Connected Devices Platform User Service_1b8268b

When attempting to fetch information about this service, Windows will return an error. When that happens, juju enters an error loop out of which it cannot recover currently.

This bug manifests against all versions of juju.

Harry Pidcock (hpidcock) wrote :
Changed in juju:
assignee: nobody → Gabriel Samfira (gabriel-samfira)
status: New → In Progress
importance: Undecided → Medium
milestone: none → 2.9-beta1
Changed in juju:
milestone: 2.9-beta1 → 2.9-rc1
Changed in juju:
milestone: 2.9-rc1 → 2.9-rc2
Changed in juju:
milestone: 2.9-rc2 → 2.9-rc3
Ben Hoyt (benhoyt) on 2020-11-05
Changed in juju:
status: In Progress → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers