Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: DC_FORESTPRIMARY.DSC.PS1 leaves the system with unvalid properties #353

Open
DennisL68 opened this issue Apr 16, 2020 · 4 comments
Open

Bug: DC_FORESTPRIMARY.DSC.PS1 leaves the system with unvalid properties #353

DennisL68 opened this issue Apr 16, 2020 · 4 comments
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.

Comments

@DennisL68
Copy link 

Verison of PowerShell: 
$PSVersionTable.PSVersion

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      17763  1007

PowerShell host:
Console

Operating system:
Get-CimInstance Win32_OperatingSystem | Select-Object Caption, Version, ServicePackMajorVersion, OSArchitecture, WindowsDirectory


Caption                 : Microsoft Windows Server 2019 Standard
Version                 : 10.0.17763
ServicePackMajorVersion : 0
OSArchitecture          : 64-bit
WindowsDirectory        : C:\Windows


Version of LabBuilder:
PS C:\Windows\system32> Get-Module -Name LabBuilder -ListAvailable


    Directory: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.0.5.105  LabBuilder                          {Get-LabResourceModule, Initialize-LabResourceModule, Get-...

When checking the state of the DC after deployment with Get-DscConfiguration an error is returned.

I've verified this on two different setups. I've done three clean rebuilds on the second system with the same result each time.

PS C:\Users\Administrator> Get-DscConfiguration
Get-DscConfiguration : The PowerShell DSC resource  returned results that are not valid from Get-TargetResource. The
KDSRootKey key is not a valid property in the corresponding DSC resource schema file. The results from
Get-TargetResource must be in a Hashtable format. The keys in the Hashtable must be the same as the properties in the
corresponding DSC resource schema file.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Ge
   t-DscConfiguration], CimException
    + FullyQualifiedErrorId : GetOperationResultInvalidResultFormat,Get-DscConfiguration

The configuration used for the DC:

<vm name="DC"
        template="Template Windows Server 2019 b1903 - 1GB"
        computername="DC"
        bootorder="10">
      
      <dsc configname="DC_FORESTPRIMARY"
           configfile="DC_FORESTPRIMARY.DSC.ps1">
        <parameters>
          DomainName = "LABBUILDER.COM"
          DomainNetBiosName = "LABBUILDER"
          DomainAdminPassword = "Password!1"
          InstallRSATTools = $true
          
          Forwarders = @('8.8.8.8','8.8.4.4')
          
          ADZones = @(
              @{ Name = 'ALPHA.LOCAL';
                DynamicUpdate = 'Secure';
                ReplicationScope = 'Forest';
              }
          )

          PrimaryZones = @(
              @{ Name = 'BRAVO.LOCAL';
                ZoneFile = 'bravo.local.dns';
                DynamicUpdate = 'None';
              }
          )
        </parameters>
      </dsc>

      <adapters>
        <adapter name="External"
          switchname="External">
        </adapter>
        <adapter name="Private"
          switchname="Private">
            <ipv4 address="192.168.11.2"
                subnetmask="24"
                dnsserver="192.168.11.2"/>
        </adapter>
      </adapters>
    </vm>
@DennisL68
Copy link
Author

DennisL68 commented Apr 16, 2020
edited

My guess is that the issue is with the CreateKDSRootKey script...

PS C:\Users\Administrator> Test-DscConfiguration -Detailed | select -ExpandProperty ResourcesInDesiredState | select ConfigurationName,InstanceName,ResourceName

ConfigurationName InstanceName                 ResourceName
----------------- ------------                 ------------
DC_FORESTPRIMARY  IPv4_2::[Networking]Network  IPAddress
DC_FORESTPRIMARY  IPv4G_2::[Networking]Network DefaultGatewayAddress
DC_FORESTPRIMARY  IPv4D_2::[Networking]Network DnsServerAddress
DC_FORESTPRIMARY  BackupInstall                WindowsFeature
DC_FORESTPRIMARY  DNSInstall                   WindowsFeature
DC_FORESTPRIMARY  ADDSInstall                  WindowsFeature
DC_FORESTPRIMARY  RSAT-AD-PowerShellInstall    WindowsFeature
DC_FORESTPRIMARY  PrimaryDC                    ADDomain
DC_FORESTPRIMARY  DscDomainWait                WaitForADDomain
DC_FORESTPRIMARY  RecycleBin                   ADOptionalFeature
DC_FORESTPRIMARY  CreateKDSRootKey             Script
DC_FORESTPRIMARY  DNSForwarders                xDnsServerForwarder
DC_FORESTPRIMARY  ADZone1                      xDnsServerADZone
DC_FORESTPRIMARY  PrimaryZone1                 xDnsServerPrimaryZone

@PlagueHO
Copy link
Owner

I think you're right - this looks like a problem in the script.

@PlagueHO PlagueHO added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Apr 18, 2020
@dennisl68-castra
Copy link

I recently discovered the tracing feature of the module xDscDiagnostics.
Using Get-xDscOperation | select -ExpandProperty Allevents | ft -Wrap on a DC brings out the same issue...

PS C:\Users\Administrator> Get-DscConfiguration
Get-DscConfiguration : The PowerShell DSC resource  returned results that are not valid from Get-TargetResource. The KDSRootKey key is not a valid property in
the corresponding DSC resource schema file. The results from Get-TargetResource must be in a Hashtable format. The keys in the Hashtable must be the same as
the properties in the corresponding DSC resource schema file.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : GetOperationResultInvalidResultFormat,Get-DscConfiguration

PS C:\Users\Administrator> Get-xDscOperation | where result -eq failure | select -ExpandProperty allevents | ft -Wrap

TimeCreated           Message
-----------           -------
8/10/2021 12:08:13 PM Operation Get-DscConfiguration started by user sid S-1-5-21-2802173511-2513878040-2912752035-500 from computer NULL.
8/10/2021 12:08:13 PM The local configuration manager is updating the PSModulePath to WindowsPowerShell\Modules;C:\Program
                      Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules.
8/10/2021 12:08:17 PM  PsDscRunAsCredential has been specified. The user name is Administrator.
8/10/2021 12:08:18 PM  Impersonation successful. Thread is running under the context of NT AUTHORITY\SYSTEM.
8/10/2021 12:08:18 PM  Impersonation reverted. Thread is running under the context of NT AUTHORITY\SYSTEM.
8/10/2021 12:08:21 PM This event indicates that failure happens when LCM is processing the configuration. Error Id is 0xD. Error Detail is The
                      SendConfigurationApply function did not succeed.. Resource Id is [Script]CreateKDSRootKey and Source Info is
                      C:\Users\Public\myLab\AzDev\AzDev-RDC\LabBuilder Files\DSC.ps1::258::9::Script. Error Message is The PowerShell DSC resource  returned
                      results that are not valid from Get-TargetResource. The KDSRootKey key is not a valid property in the corresponding DSC resource schema
                      file. The results from Get-TargetResource must be in a Hashtable format. The keys in the Hashtable must be the same as the properties in
                      the corresponding DSC resource schema file..
8/10/2021 12:08:21 PM MIResult: 13
                      Error Message: The PowerShell DSC resource  returned results that are not valid from Get-TargetResource. The KDSRootKey key is not a
                      valid property in the corresponding DSC resource schema file. The results from Get-TargetResource must be in a Hashtable format. The
                      keys in the Hashtable must be the same as the properties in the corresponding DSC resource schema file.
                      Message ID: GetOperationResultInvalidResultFormat
                      Error Category: 8
                      Error Code: 13
                      Error Type: MI
8/10/2021 12:08:21 PM  Impersonation reverted. Thread is running under the context of NT AUTHORITY\SYSTEM.
8/10/2021 12:08:21 PM  Impersonation successful. Thread is running under the context of NT AUTHORITY\SYSTEM.

Looking into the issue I found out that the value indeed is returned as a hashtable

GetScript  = {
    Return @{
        KDSRootKey = (Get-KDSRootKey)
    }

But I couldn't find any schema.MOF file defining KDSRootKey.

I found ADKDSKey in the DSC resource MSFT_ADKDSKey that might be usable instead...
"C:\Program Files\WindowsPowerShell\Modules\ActiveDirectoryDsc\4.1.0.0\DSCResources\MSFT_ADKDSKey\MSFT_ADKDSKey.schema.mof"

It contains the properties

- [Key] String EffectiveTime
- [Write] String Ensure
- [Write] Boolean AllowUnsafeEffectiveTime;
- [Write] Boolean ForceRemove
- [Read] String DistinguishedName
- [Read] DateTime CreationTime
- [Read] String KeyId

which seems appropriate for a KDSRootKey.

@dennisl68-castra
Copy link

Using the KeyName ADKDSKey made the issue go away :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@PlagueHO @DennisL68 @dennisl68-castra