0

I'm trying to set up a new deployment group, with the creation of a new dedicated (windows) agent. The web UI is nice, as it is able to generate the power shell commands to get that done. But unlike the documentation, I don't get the little check box that says "include PAT", but this is not the problem here. (Maybe this is because I'm using a AzureDevops on premise Server version instead of the cloud managed service?)

Here is my problem. I run the script, I just give the PAT, and I let the default service user for the agent which is NT Authority\System (AUTORITE NT\Système in french, as I'm using a self hosted french windows VM). Finally the process exits with the following error. when trying to start the service: Cannot start service vstsagent.<devopsservername>.<agentpoolname>.<agentmachinename> on computer '.'.

When I go to the event viewer, I can see the following:

This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

Whenever I go to the service pannel and try to start it manually I still get the same problem. When I switch user to "LocalSystem", everything goes fine...

What goes wrong? Why is it complaining about NETLOGON? Aren't "NT Authority\System" and "LocalSystem" the same account? Could it be related to the fact I'm using a french OS? (unable to select the relevant account by default? or something in this mood?)

chrisdot
  • 659
  • 6
  • 19

2 Answers2

1

LocalSystem account is a built-in Windows Account. It is the most powerful account on a Windows local instance (More powerful than any admin account). It is part of NT Authority\SYSTEM.

As a workaround, we could open Control Panel / Administrative Tools / Services / NETLOGON and change it from automatic to manual and then stop it, then try it again.

Update1

My machine language is English and the test result as shown below.

Power shell:

enter image description here

Result:

enter image description here

Vito Liu
  • 7,525
  • 1
  • 8
  • 17
  • Yes, but NetLogon was already set to manual, and already stopped. This is what I don't understand... – chrisdot Feb 02 '21 at 11:08
  • This issue may be related to machine language, would you mind changing the language to English and trying again? – Vito Liu Feb 05 '21 at 08:42
  • Just checking in to see whether this issue is still blocking you now? Any update for this issue? – Vito Liu Feb 08 '21 at 07:03
  • It's not a blocking issue, as I found a workaround. Iwill try to set up a new agent on an english machine to see if it is a culture related problem. – chrisdot Feb 09 '21 at 17:44
  • Hi @Christophe, Glad to hear that your problem has been solved. Would you mind sharing the workaround here as an answer? It could help other community members who get the same issues. Thanks. Have a nice day. :) – Vito Liu Feb 10 '21 at 05:42
  • Hi @VitoLiu , the workaround was just to switch the service's identity to LocalSystem. I still do not understand why I got a NetLogon error as this one was already turned off. – chrisdot Feb 10 '21 at 09:58
  • OK, I took some time to do the test. With an en/US OS there is no problem, the default "NT AUTHORITY\SYSTEM" is found and we do not get any error. – chrisdot Feb 15 '21 at 16:28
0

So after having tested the same scenario with a standard en/US host running the agent, we do not get the problem. I suspect this is due to the french language where NT Authority\System is named AUTORITE NT\Système that can not be matched (due maybe to the é character?)

chrisdot
  • 659
  • 6
  • 19