Azure-pipelines-agent: Unable to configure agent service when --windowsLogonPassword value starts with "-" or contains "^" symbol

Created on 28 Jan 2020  路  8Comments  路  Source: microsoft/azure-pipelines-agent

Agent Version and Platform

2.164.6
Windows

Azure DevOps Type and Version

dev.azure.com

What's not working?

Unable to configure agent service when --windowsLogonPassword value starts with "-" or contains "^" symbol.

Example "-"

$password = "-bMBd9oVyEY1SJRJog8j"

.\config.cmd --unattended --url $url --auth pat --token $token --pool $pool --agent $agent --runAsService --windowsLogonAccount $user --windowsLogonPassword $password --replace

[2020-01-28 02:13:37Z ERR  Agent] System.Exception: Invalid configuration provided for windowslogonpassword. Terminating unattended configuration.
   at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.PromptManager.ReadValue(String argName, String description, Boolean secret, String defaultValue, Func`2 validator, Boolean unattended)
   at Microsoft.VisualStudio.Services.Agent.Listener.CommandSettings.GetArgOrPrompt(String name, String description, String defaultValue, Func`2 validator)
   at Microsoft.VisualStudio.Services.Agent.Listener.CommandSettings.GetWindowsLogonPassword(String accountName)
   at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.WindowsServiceControlManager.ConfigureService(AgentSettings settings, CommandSettings command)
   at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.ConfigureAsync(CommandSettings command)
   at Microsoft.VisualStudio.Services.Agent.Listener.Agent.ExecuteCommand(CommandSettings command)
[2020-01-28 02:13:37Z ERR  Terminal] WRITE ERROR: Invalid configuration provided for windowslogonpassword. Terminating unattended configuration.

This might be happening due to a parser logic. https://github.com/microsoft/azure-pipelines-agent/blob/c6f06f9decfddadcea8d8e54eb371cfb35fcd7c8/src/Microsoft.VisualStudio.Services.Agent/CommandLineParser.cs#L73-L105

Example "^"

$password = "b^MBd9oVyEY1SJRJog8j"

.\config.cmd --unattended --url $url --auth pat --token $token --pool $pool --agent $agent --runAsService --windowsLogonAccount $user --windowsLogonPassword $password --replace

[2020-01-28 02:16:43Z ERR  Agent] System.Security.SecurityException: Invalid windows credentials entered. Try again or ctrl-c to quit
   at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.WindowsServiceControlManager.ConfigureService(AgentSettings settings, CommandSettings command)
   at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.ConfigureAsync(CommandSettings command)
   at Microsoft.VisualStudio.Services.Agent.Listener.Agent.ExecuteCommand(CommandSettings command)
[2020-01-28 02:16:43Z ERR  Terminal] WRITE ERROR: Invalid windows credentials entered. Try again or ctrl-c to quit

With this one, I am not sure where it might be failing.

picture srrl

All 8 comments

@srrl - Thanks for all the detail and preliminary debug in this issue.

The example using "^", I traced through the code and we are calling a native Windows API and that is failing. Are you sure that is the correct password?

I believe you are correct about the example using "-" and we will look at how we can best provide a fix.

jtpetty picture jtpetty on 28 Jan 2020

@jtpetty Thank you!

The password is correct. At least you can set it and use with your user account without any issue.
I think this might be a Windows API bug.

srrl picture srrl on 29 Jan 2020

As a workaround, can you try using an environment variable to pass in the password?

set VSTS_AGENT_INPUT_WINDOWSLOGONPASSWORD -bMBd9oVyEY1SJRJog8j
.\config.cmd --unattended --url $url --auth pat --token $token --pool $pool --agent $agent --runAsService --windowsLogonAccount $user --replace
jtpetty picture jtpetty on 29 Jan 2020

Environment variable workaround works for both "-" and "^" cases.

srrl picture srrl on 2 Feb 2020

ok, great, at least there is a workaround for you. I will take a look at how we can fix this in our command argument parsing logic.

jtpetty picture jtpetty on 6 Feb 2020
👍1

This should be fixed by #2812 and will be in the next release of the agent

jtpetty picture jtpetty on 6 Mar 2020
🎉1

I had similiar issue with with password that contained & and ^ symbols: P@ss&^ord1

Used @jtpetty trick, but had to to escape & as well. My SET command looked like this:

set VSTS_AGENT_INPUT_WINDOWSLOGONPASSWORD P@ss"&"^ord1

gintuoklis picture gintuoklis on 10 Apr 2020

I set the env var VSTS_AGENT_INPUT_WINDOWSLOGONPASSWORD but then
my powershell script containing the config.cmd in a Invoke always complains
... An error occurred: MissingValueOptionError ..

Where is documented that VSTS_AGENT_INPUT_WINDOWSLOGONPASSWORD can be used instead of setting it by --windowsLogonPassword?

smartmeta picture smartmeta on 10 Jun 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bzuu picture bzuu  路  4Comments
AceHack picture AceHack  路  3Comments
fernisoites picture fernisoites  路  4Comments
riezebosch picture riezebosch  路  4Comments
ActualReverend picture ActualReverend  路  3Comments