diff --git a/doc/100-General/10-Changelog.md b/doc/100-General/10-Changelog.md index 0350342..0e5d7f0 100644 --- a/doc/100-General/10-Changelog.md +++ b/doc/100-General/10-Changelog.md @@ -20,6 +20,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic * [#685](https://github.com/Icinga/icinga-powershell-framework/pull/685) Fixes an issue while trying to stop the JEA process in certain cases, which results in an error during installation but has no other effect on the environment * [#686](https://github.com/Icinga/icinga-powershell-framework/pull/686) Fixes certutil error handling and message output in case the icingaforwindows.pfx could not be created * [#687](https://github.com/Icinga/icinga-powershell-framework/pull/687) Fixes Icinga for Windows port handling on installation, which will now use the proper defined port for communicating with the Icinga CA +* [#699](https://github.com/Icinga/icinga-powershell-framework/issues/699) Fixes Icinga for Windows password management for the managed user `icinga`, which could fail in some cases because of ambiguous characters or complexity errors and will now retry up to 10 times before giving up * [#702](https://github.com/Icinga/icinga-powershell-framework/pull/702) Fixes an issue with Icinga Director Self-Service API, which ignored the defined service user ### Enhancements diff --git a/lib/core/windows/Get-IcingaRandomChars.psm1 b/lib/core/windows/Get-IcingaRandomChars.psm1 index addaf9d..2c4f144 100644 --- a/lib/core/windows/Get-IcingaRandomChars.psm1 +++ b/lib/core/windows/Get-IcingaRandomChars.psm1 @@ -2,7 +2,7 @@ function Get-IcingaRandomChars() { param ( [int]$Count = 10, - [string]$Symbols = 'abcdefghiklmnoprstuvwxyzABCDEFGHKLMNOPRSTUVWXYZ1234567890!§$%&/()=?}][{@#*+' + [string]$Symbols = 'abcdefghiklmnoprstuvwxyzABCDEFGHKLMNOPRSTUVWXYZ1234567890!§$%()=?}][{@#*+' ); $RandomChars = ''; diff --git a/lib/core/windows/New-IcingaWindowsUser.psm1 b/lib/core/windows/New-IcingaWindowsUser.psm1 index f2520e0..0132df3 100644 --- a/lib/core/windows/New-IcingaWindowsUser.psm1 +++ b/lib/core/windows/New-IcingaWindowsUser.psm1 @@ -33,9 +33,22 @@ function New-IcingaWindowsUser() # User already exist -> override password - but only if the user is entirely managed by Icinga if ($UserConfig.IcingaManagedUser) { - $Result = Start-IcingaProcess -Executable 'net' -Arguments ([string]::Format('user "{0}" "{1}"', $IcingaUser, (ConvertFrom-IcingaSecureString -SecureString (New-IcingaWindowsUserPassword)))); + # In case the password set fails, we need to try again + [int]$Attempts = 0; + [bool]$Success = $FALSE; - if ($Result.ExitCode -ne 0) { + while ($Attempts -lt 10) { + $Result = Start-IcingaProcess -Executable 'net' -Arguments ([string]::Format('user "{0}" "{1}"', $IcingaUser, (ConvertFrom-IcingaSecureString -SecureString (New-IcingaWindowsUserPassword)))); + + if ($Result.ExitCode -eq 0) { + $Success = $TRUE; + break; + } + + $Attempts += 1; + } + + if ($Success -eq $FALSE) { Write-IcingaConsoleError 'Failed to update password for user "{0}": {1}' -Objects $IcingaUser, $Result.Error; return @{ @@ -43,7 +56,6 @@ function New-IcingaWindowsUser() 'SID' = $UserConfig.SID; }; } - Write-IcingaConsoleNotice 'User updated successfully.'; } else { Write-IcingaConsoleWarning 'User "{0}" is not managed by Icinga for Windows. No changes were made.' -Objects $IcingaUser;