Restart-DbaService not working well with Credentials

[dokier]

Verified issue does not already exist?

I have searched and found no existing issue

What error did you receive?

Restart-DbaService does not work well when passing a Credential.

WARNING: [12:44:52][Get-DbaCmObject] [servername.domain.com] Invalid connection credentials

Restart-DbaService calls Update-ServiceStatus but it's not passing a credential on line 151 and 157. Even if you add a Credential here, Update-ServiceStatus then uses Invoke-Parallel calling a script block called "$svcControlBlock" but there is no credential being passed there either.

if ($processArray) {
            if ($PSCmdlet.ShouldProcess("$ProcessArray", "Restarting Service")) {
                $services = Update-ServiceStatus -InputObject $processArray -Action 'stop' -Timeout $Timeout -EnableException $EnableException
                foreach ($service in ($services | Where-Object { $_.Status -eq 'Failed' })) {
                    $service
                }
                $services = $services | Where-Object { $_.Status -eq 'Successful' }
                if ($services) {
                    Update-ServiceStatus -InputObject $services -Action 'restart' -Timeout $Timeout -EnableException $EnableException
                }
            }
        } else {
            Stop-Function -EnableException $EnableException -Message "No SQL Server services found with current parameters."
        }

Steps to Reproduce

# provide your command(s) executed pertaining to dbatools
# please include variable values (redacted or fake if needed) for reference

Log into your client computer with an account without access to the remote server (this step is very important). Then create a credential variable with an account with access to the remote server.
$cred = Get-Credential # Enter a credential to access to the remote server"
Restart-DbaService -ComputerName computer1 -Credential $cred

Please confirm that you are running the most recent version of dbatools

2.1.28

Other details or mentions

No response

What PowerShell host was used when producing this error

Windows PowerShell (powershell.exe)

PowerShell Host Version

Name Value

---

PSVersion 5.1.17763.6414
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.6414
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

SQL Server Edition and Build number

Not Important here

.NET Framework Version

.NET Framework 4.8.4762.0

[mattcargile]

I think this is related to the internal cache. As a workaround, I usually run the below if I am having weird connection issues. I don't have time right now to dig further into it though.

Get-DbaCmConnection | Remove-DbaCmConnection

[dokier]

@mattcargile Hi! I made sure to remove my CM Connections, but the issue still persists. I also had others test it, and they encountered the same problem. If you follow the steps to reproduce the issue, you might experience it too. The most critical step is: 'Log into your client computer with an account that does not have access to the remote server.' This is important because if your account already has access and you 'simulate' passing those same credentials in the cmdlet, part of the code might not actually use the provided credentials, resulting in a successful connection. However, if you log in to the client with an account that doesn’t have access to the target, you will encounter the issue.

[mattcargile]

So starting a new post as the above is getting messy. So all the calls to Update-DbaServiceStatus appear to need -Credential passed in so like the below patch for Stop-DbaService.
EDIT 2: So I was playing with Stop-DbaService. I got past the first error with this patch. Now I am into the Get-RunspaceData errors.

diff --git a/public/Stop-DbaService.ps1 b/public/Stop-DbaService.ps1
index 0ed31fa91..38dfa04fe 100644
--- a/public/Stop-DbaService.ps1
+++ b/public/Stop-DbaService.ps1
@@ -138,7 +138,7 @@ function Stop-DbaService {
         }
         if ($PSCmdlet.ShouldProcess("$ProcessArray", "Stopping Service")) {
             if ($processArray) {
-                Update-ServiceStatus -InputObject $processArray -Action 'stop' -Timeout $Timeout -EnableException $EnableException
+                Update-ServiceStatus -InputObject $processArray -Action 'stop' -Timeout $Timeout -EnableException $EnableException -Credential $Credential
             } else {
                 Stop-Function -EnableException $EnableException -Message "No SQL Server services found with current parameters." -Category ObjectNotFound
             }

Second, usage like the below gets Access Denied for some reason. The below pattern is used between Update-DbaServiceStatus into Invoke-Parallel.

Get-DbaCmObject -ComputerName remoteserver -Namespace 'root\cimv2' -Query "select * from win32_service where name = 'SQLSERVERAGENT'" -cr domain\user | Invoke-CimMethod -methodname StopService

I would expect this to work like the below works without passing in a credential via -CimSession on Invoke-CimMethod.

Get-CimInstance -cims (New-CimInstance remoteserver -cred domain\user ) -Namespace 'root\cimv2' -Query "select * from win32_service where name = 'SQLSERVERAGENT'" | Invoke-CimMethod -methodname StopService

I tried adding passing in a _CimCredential to -CimSession on the below but that made performance worse with Invoke-Parallel and I get even weirder behavior like Get-RunSpaceData spitting out 50 or more InputObject is Null messages. One time it would stop the service but I wouldn't get any output from Stop-DbaService.

dbatools/private/functions/Update-ServiceStatus.ps1

Line 108 in 55f5166

$invokeResult = Invoke-CimMethod -InputObject $service._CimObject -MethodName $methodName