Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xUser: Returns 'The variable '$user' cannot be retrieved' error inside Windows 2022 Server Core container #757

Open
dk-ebeisecker opened this issue Apr 17, 2023 · 6 comments
Open

xUser: Returns 'The variable '$user' cannot be retrieved' error inside Windows 2022 Server Core container #757

dk-ebeisecker opened this issue Apr 17, 2023 · 6 comments
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.

Comments

@dk-ebeisecker
Copy link

Problem description

When I attempt to run the xUser resource inside a Docker build of Windows 2022 Server Core, I get the following error

Docker image
mcr.microsoft.com/windows/servercore ltsc2022 b53d206693f6

PS C:\> Invoke-DscResource @user -Verbose                                                                                                                                                                                                 cmdlet Invoke-DscResource at command pipeline position 1                                                            
Supply values for the following parameters:                                                                          
Method: Test                                                                                                         
PowerShell DSC resource DSC_xUserResource  failed to 
execute Test-TargetResource functionality with error message:   The variable '$user' cannot be retrieved because it has not been set.                                                    
+ CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException              
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName        : localhost

Verbose logs

PS C:\> Invoke-DscResource @user -Verbose

cmdlet Invoke-DscResource at command pipeline position 1
Supply values for the following parameters:
Method: Test
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceTest,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer 3796F4E274AA with user sid S-1-5-93-2-1.
VERBOSE: [3796F4E274AA]: LCM:  [ Start  Test     ]  [[xUser]DirectResourceAccess]
VERBOSE: [3796F4E274AA]: LCM:  [ End    Test     ]  [[xUser]DirectResourceAccess] False in 0.1720 seconds.
PowerShell DSC resource DSC_xUserResource  failed to execute Test-TargetResource functionality with error message: The variable '$user'
cannot be retrieved because it has not been set.
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.321 seconds
PS C:\> Invoke-DscResource @user -Verbose

cmdlet Invoke-DscResource at command pipeline position 1
Supply values for the following parameters:
Method: Set
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer 3796F4E274AA with user sid S-1-5-93-2-1.
VERBOSE: [3796F4E274AA]: LCM:  [ Start  Set      ]  [[xUser]DirectResourceAccess]
VERBOSE: [3796F4E274AA]:                            [[xUser]DirectResourceAccess] Configuration of user MyNewUser started.
VERBOSE: [3796F4E274AA]: LCM:  [ End    Set      ]  [[xUser]DirectResourceAccess]  in 0.1720 seconds.
PowerShell DSC resource DSC_xUserResource  failed to execute Set-TargetResource functionality with error message: The variable '$user'
cannot be retrieved because it has not been set.
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.317 seconds

DSC configuration

$user = @{                                                                                                                         
  Name = 'xUser'                                                                                                                          
  ModuleName = 'xPSDesiredStateConfiguration'                                                                                            
  Property = @{                                                                                                                           
    UserName = 'MyNewUser'                                                                                                                  
    Password = New-Object System.Management.Automation.PSCredential('Bamboo',(ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force))  
}                                                                                                                                       
}

Suggested solution

I'm not sure what the problem is

Operating system the target node is running

OsName               : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.859.amd64fre.fe_release_svc_prod2.220707-1832
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.20348.1366
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.1366
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

xPSDesiredStateConfiguration version

Name                         Version Path
----                         ------- ----
xPSDesiredStateConfiguration 9.1.0   C:\Program Files\WindowsPowerShell\Modules\xPSDesiredStateConfiguration\9.1.0\xPSDesiredStateConf...
@johlju
Copy link
Member

johlju commented Apr 17, 2023

Verify that these lines work setting the variable $user.

xPSDesiredStateConfiguration/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1

Lines 661 to 666 in 7703bb1

$principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext `
-ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Machine)
try
{
$user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($principalContext, $UserName)

@dk-ebeisecker
Copy link
Author

The first line fails

PS C:\> $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Machine)

Unable to find type [System.DirectoryServices.AccountManagement.ContextType].
At line:1 char:107
+ ... gumentList ([System.DirectoryServices.AccountManagement.ContextType]: ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Director...ent.ContextType:TypeName) [], RuntimeException
    + FullyQualifiedErrorId : TypeNotFound

@johlju
Copy link
Member

johlju commented Apr 17, 2023

So then the current implementation is not supported in a container.

The following line is used on a Nano server, does it work in the container?

xPSDesiredStateConfiguration/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1

Line 1135 in 7703bb1

[Microsoft.PowerShell.Commands.LocalUser] $user = Get-LocalUser -Name $UserName -ErrorAction Stop

If that works, can you see what this outputs?

(Get-CimInstance -ClassName Win32_OperatingSystem).OperatingSystemSKU

@dk-ebeisecker
Copy link
Author

dk-ebeisecker commented Apr 17, 2023
edited

Yes, that line works fine inside the container

PS C:\> [Microsoft.PowerShell.Commands.LocalUser] $user = Get-LocalUser -Name 'Guest' -ErrorAction Stop
PS C:\> $user

Name  Enabled Description
----  ------- -----------
Guest False   Built-in account for guest access to the computer/domain

PS C:\> (Get-CimInstance -ClassName Win32_OperatingSystem).OperatingSystemSKU
8

@johlju
Copy link
Member

johlju commented Apr 17, 2023

Okay so then the resource might need to switch to the same logic as used in a Nano server.

Looking at the list of SKUs here https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-operatingsystem the container reports as a normal Desktop Experience. Must be some other why to determine that it runs in a container. 🤔

But if you want to test out the full functionality of when running in Nano (might be other problems) you could replace the following lines in your local installed module to if ($true) so the Nano-logic is ran.

xPSDesiredStateConfiguration/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1

Line 45 in 7703bb1

if (Test-IsNanoServer)

xPSDesiredStateConfiguration/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1

Line 144 in 7703bb1

if (Test-IsNanoServer)

xPSDesiredStateConfiguration/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1

Line 239 in 7703bb1

if (Test-IsNanoServer)

@johlju johlju added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Apr 17, 2023
@johlju
Copy link
Member

johlju commented Apr 17, 2023

So what we need is new logic to test if running in a container and then run the same logic as Nano (if it works) or other logic that is needed for a Windows container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johlju @dk-ebeisecker