Access denied to mount iso

[JP-MB]

Problem description

I face issue Acces Denied when launch Start-Dsc

Have u got any idea about this deny ?
Try with my authorised credentail , but same issue . Try to give computer authorize on DVD, but impossible

Verbose logs

PS C:\Users\a-xxxxxx\Documents\DSC\SQLInstall> Start-DscConfiguration -Path "C:\Users\a-xxxxxx\Documents\DSC\SQLINSTALL"  -verbose  -wait  -force
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'names
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer NLVCP1842D with user sid S-1-5-21-2082413636-168370749-3624124516-756047.
VERBOSE: [NLVCP1842D]: LCM:  [ Start  Set      ]
VERBOSE: [NLVCP1842D]: LCM:  [ Start  Resource ]  [[MountImage]SQL2019]
VERBOSE: [NLVCP1842D]: LCM:  [ Start  Test     ]  [[MountImage]SQL2019]
VERBOSE: [NLVCP1842D]:                            [[MountImage]SQL2019] Test-TargetResource: Testing Mounted Drive for image file 'S'.
VERBOSE: [NLVCP1842D]:                            [[MountImage]SQL2019] Get-TargetResource: Getting Mounted Drive for image file '\\D1.cougar.ms.lvmh\DfsLvm\Apps\Soft
2019\Ent_Core_2019_64Bit_English'.
Access is denied.
    + CategoryInfo          : PermissionDenied: (MSFT_DiskImage:) [], CimException
    + FullyQualifiedErrorId : HRESULT 0x80070005,Get-DiskImage
    + PSComputerName        : localhost

VERBOSE: [NLVCP1842D]:                            [[MountImage]SQL2019] Test-TargetResource: The image file '\\D1.cougar.ms.lvmh\DfsLvm\Apps\Soft_Nt\_soft\Microsoft\S
2019\Ent_Core_2019_64Bit_English' is not mounted to drive 'S' but should be. Change required.
VERBOSE: [NLVCP1842D]: LCM:  [ End    Test     ]  [[MountImage]SQL2019]  in 0.1250 seconds.
The PowerShell DSC resource '[MountImage]SQL2019' with SourceInfo 'C:\Users\a-millionje\Documents\DSC\SQLInstall.ps1::11::3::MountImage' threw one or more non-termina
logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

VERBOSE: [NLVCP1842D]: LCM:  [ Start  Resource ]  [[WaitForVolume]WaitForSQL2019]
VERBOSE: [NLVCP1842D]: LCM:  [ Start  Test     ]  [[WaitForVolume]WaitForSQL2019]
VERBOSE: [NLVCP1842D]:                            [[WaitForVolume]WaitForSQL2019] Test-TargetResource: Checking for volume 'S'.
VERBOSE: [NLVCP1842D]:                            [[WaitForVolume]WaitForSQL2019] Test-TargetResource: Volume 'S' not found.
VERBOSE: [NLVCP1842D]: LCM:  [ End    Test     ]  [[WaitForVolume]WaitForSQL2019]  in 0.1410 seconds.
VERBOSE: [NLVCP1842D]: LCM:  [ Start  Set      ]  [[WaitForVolume]WaitForSQL2019]
VERBOSE: [NLVCP1842D]:                            [[WaitForVolume]WaitForSQL2019] Set-TargetResource: Checking for volume 'S'.
VERBOSE: [NLVCP1842D]:                            [[WaitForVolume]WaitForSQL2019] Set-TargetResource: Volume 'S' not found, retrying in 5 seconds.
VERBOSE: [NLVCP1842D]:                            [[WaitForVolume]WaitForSQL2019] Set-TargetResource: Volume 'S' not found, retrying in 5 seconds.
VERBOSE: [NLVCP1842D]:                            [[WaitForVolume]WaitForSQL2019] Set-TargetResource: Volume 'S' not found, retrying in 5 seconds.

DSC configuration

Configuration SQLInstall
{	
     	Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
	Import-DSCResource -ModuleName StorageDsc #For ISO-mounting
	Import-DscResource -ModuleName sqlserverdsc
	
	
     Node localhost
     {
        $Drive='\\D1.cougar.ms.lvmh\DfsLvm\Apps\Soft_Nt\_soft\Microsoft\SQL_server\SQL Server 2019\Ent_Core_2019_64Bit_English'
	 MountImage SQL2019
        {
            ImagePath   = $Drive
            DriveLetter = 'S'
            #Ensure = 'Present'
	    Access = 'ReadOnly'
        }

        WaitForVolume WaitForSQL2019
        {
            DriveLetter      = 'S'
            RetryIntervalSec = 5
            RetryCount       = 10
         }

         

	WindowsFeature 'NetFramework45'
          {
               Name   = 'NET-Framework-45-Core'
               Ensure = 'Present'
          }

          SqlSetup 'InstallDefaultInstance'
          {
               InstanceName        = 'TEST'
               Features            = 'SQLENGINE'
               SourcePath          = 'S:\'
               SQLSysAdminAccounts = @('a-xxxxxx','a-xxxxxxx')
               DependsOn           = '[WindowsFeature]NetFramework45'
          }
	   
	}
}
SQLInstall

Suggested solution

Try to give Read access to DVD to computer . But impossible

Operating system the target node is running

WS 2016

PowerShell version and build the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14393.5582
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.5582
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

StorageDsc version

PS C:\Users\a-millionje\Documents\DSC\SQLInstall> Get-Module -Name 'StorageDsc' -ListAvailable | ft Name,Version,Path

Name       Version Path
----       ------- ----
storagedsc 5.1.0   C:\Program Files\WindowsPowerShell\Modules\storagedsc\storagedsc.psd1

[johlju]

Use the built-in parameter PSDscRunAsCredential to the credentials that have permission to read the path: https://learn.microsoft.com/en-us/powershell/dsc/configurations/runasuser?view=dsc-1.1

[JP-MB]

thks a lot for your reply, but how to code under MountImage . it doesn't seem to be an available parameter

[JP-MB]

I try something like
Node $Node
{
{PsDscRunAsCredential = Get-Credential}
....

but no impact and credential required at console .

[johlju]

You have to change Get-Credential, that is just a simple example. Instead you pass a password as a parameter (PSCredential) to the configuration so that the password is compiled into the MOF file (the configuration run by Start-DscConfiguration). By passing this credential the resource is run as that user, that user need the correct permissions on the share (share permission and file system permission).

For testing you can pass plain text password in the compiled configuration. For production you should use certificate to encrypt the password. See DSC documentation how to encrypt credentials.

[johlju]

The parameter is built-in in DSC and supported by LCM.

MountImage SQL2019
        {
            ImagePath   = $Drive
            DriveLetter = 'S'
            #Ensure = 'Present'
	    Access = 'ReadOnly'
            PSDscRunAsCredential =    $MyCredential
        }

[JP-MB]

I have
PS C:\Users\a-millionje\Documents\DSC\SQLInstall> $credentials

UserName Password

---

a-millionje System.Security.SecureString

---

PS C:\Users\a-millionje\Documents\DSC\SQLInstall> $configData = @{AllNodes = @(@{NodeName= 'localhost';PsDscAllowPlainTextPassword = $true} )}

---

PS C:\Users\a-millionje\Documents\DSC> ./SQLInstall.ps1 -MyCredential $credentials $configData

cmdlet SQLInstall at command pipeline position 1
Supply values for the following parameters:
Node: NLVCP1842D

Directory: C:\Users\a-millionje\Documents\DSC\SQLInstall

Mode LastWriteTime Length Name

---

-a---- 06/03/2023 15:28 4672 NLVCP1842D .mof

---

with SQLINSTALL source:

Configuration SQLInstall
{ param( [parameter(mandatory=$true)][string]$Node,
[PSCredential]$MyCredential
)

Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
Import-DSCResource -ModuleName StorageDsc #For ISO-mounting
Import-DscResource -ModuleName sqlserverdsc
	
 Node $Node
 {
$Drive='\\D1.cougar.ms.lvmh\DfsLvm\Apps\Soft_Nt\Ent_Core_2019_64Bit_English'	 
MountImage SQL2019
    {
        ImagePath   = $Drive
        DriveLetter = 'S'
        Ensure = 'Present'
		Access = 'ReadOnly'
		PsDscRunAsCredential = $MyCredential			
    
    }

    WaitForVolume WaitForSQL2019
    {
        DriveLetter      = 'S'
        RetryIntervalSec = 5
        RetryCount       = 10
    }

     

WindowsFeature 'NetFramework45'
	{
           Name   = 'NET-Framework-45-Core'
           Ensure = 'Present'
    }

      SqlSetup 'InstallDefaultInstance'
	{
           InstanceName        = 'TEST'
           Features            = 'SQLENGINE'
           SourcePath          = 'S:\'
           SQLSysAdminAccounts = @('a-xxxxxxx','a-xxxxxxx')
           DependsOn           = '[WindowsFeature]NetFramework45'
    }
   
}

}
SQLInstall

---

but got issue when run config

PS C:\Users\a-millionje\Documents\DSC\SQLInstall> Start-DscConfiguration -path "." -verbose -wait

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
The WS-Management service cannot process the request. The WMI service returned an 'access denied' error.
+ CategoryInfo : PermissionDenied: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : HRESULT 0x80338104
+ PSComputerName : NLVCP1842D

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.167 seconds

Apparently it doesn't use my credential ; no ?

[johlju]

Make sure the account you use in the PSDscRunAsCredential is allowed to run resources. The account need specific rights on the node. Don't remember which ones now.

[johlju]

The right can be found here https://learn.microsoft.com/en-us/powershell/dsc/configurations/runasuser

Then make sure to run Start-DscConfiguration as elevated user.

[JP-MB]

Hello
thks for your support
After investigating I 've change a little bit my source MOF with teh follow:

---

Configuration SQLInstall
{ param( [parameter(mandatory=$true)][string]$Node,
[parameter(mandatory=$true)][PScredential] $MyCred
)

Import-DscResource –ModuleName PSDesiredStateConfiguration
Import-DSCResource -ModuleName StorageDsc #For ISO-mounting
Import-DscResource -ModuleName sqlserverdsc
	
 Node $Node
 {
#$Drive='\\D1.cougar.ms.lvmh\DfsLvm\Apps\Soft_Nt\_soft\Microsoft\SQL_server\SQL Server 2019\Ent_Core_2019_64Bit_English'
$Drive='C:\Users\a-millionje\Documents\DSC\SW_DVD9_SQL_Svr_Enterprise_Edtn_2019Dec2019_64Bit_English_MLF_X22-22247.ISO'	 
MountImage SQL2019
    {
        ImagePath   = $Drive
        DriveLetter = 'S'
        Ensure = 'Present'
		Access = 'ReadOnly'
		PsDscRunAsCredential = $MyCred	
			    
    }

    WaitForVolume WaitForSQL2019
    {
        DriveLetter      = 'S'
        RetryIntervalSec = 5
        RetryCount       = 10
    }

     

WindowsFeature 'NetFramework45'
	{
           Name   = 'NET-Framework-45-Core'
           Ensure = 'Present'
    }

      SqlSetup 'InstallDefaultInstance'
	{
           InstanceName        = 'TEST'
           Features            = 'SQLENGINE'
           SourcePath          = 'S:\'
           SQLSysAdminAccounts = @('a-millionje','a-akella')
           DependsOn           = '[WindowsFeature]NetFramework45'
    }
   
}

$mydata=
@{
AllNodes =
@(
@{
NodeName = "*"
PSDscAllowDomainUser = $true
PSDscAllowPlainTextPassword = $true
}
)

}
}

SQLInstall

---

Then use following command with configurationdata to generatare MOF :

PS C:\Users\a-millionje\Documents\DSC> .\SQLInstall4.ps1 -configurationdata $mydata

---

But finally it doesn't want to generate it arguing security message

PS C:\Users\a-millionje\Documents\DSC> .\SQLInstall4.ps1 -configurationdata $mydata

cmdlet SQLInstall at command pipeline position 1
Supply values for the following parameters:
Node: NLVCP1843D
MyCred
ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'PsDscRunAsCredential' OF TYPE 'MountImage': Converting and storing encrypted passwords as plain text is not
recommended. For more information on securing credentials in MOF file, please refer to MSDN blog: http://go.microsoft.com/fwlink/?LinkId=393729
At C:\Users\a-millionje\Documents\DSC\SQLInstall4.ps1:14 char:2

• MountImage
  At line:341 char:16

• $aliasId = ConvertTo-MOFInstance $keywordName $canonicalizedValue
  

•            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [Write-Error], InvalidOperationException
  • FullyQualifiedErrorId : FailToProcessProperty,ConvertTo-MOFInstance
    WARNING: It is not recommended to use domain credential for node 'NLVCP1843D'. In order to suppress the warning, you can add a property named 'PSDscAllowDomainUser' with a value of $true to
    your DSC configuration data for node 'NLVCP1843D'.
    Compilation errors occurred while processing configuration 'SQLInstall'. Please review the errors reported in error stream and modify your configuration code appropriately.
    At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3917 char:5

• throw $ErrorRecord
  

• ~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (SQLInstall:String) [], InvalidOperationException
  • FullyQualifiedErrorId : FailToProcessConfiguration

---

does it really possible to do it ?

[johlju]

Your passing in a parameter to the script when the parameter is in the configuration.

Without really knowing want you doing, I think you probably need to do

# dot-source the script
. .\SQLInstall4.ps1

# pass the parameters to the configuration
SQLInstall -Node 'localhost' -MyCred  $credentials -ConfigurationData $mydata

[JP-MB]

Hello
I do what I read here https://learn.microsoft.com/en-us/powershell/dsc/configurations/configdata?view=dsc-1.1

[johlju]

It says to use the configuration in the same file but you are passing the configuration from outside the file?

[JP-MB]

No I pass in the same file
Configuration SQLInstall
{ param( [parameter(mandatory=$true)][string]$Node,
[parameter(mandatory=$true)][PScredential] $MyCred
)

Import-DscResource –ModuleName PSDesiredStateConfiguration
Import-DSCResource -ModuleName StorageDsc #For ISO-mounting
Import-DscResource -ModuleName sqlserverdsc
	
 Node $Node
 {
#$Drive='\\D1.cougar.ms.lvmh\DfsLvm\Apps\Soft_Nt\_soft\Microsoft\SQL_server\SQL Server 2019\Ent_Core_2019_64Bit_English'
$Drive='C:\Users\a-millionje\Documents\DSC\SW_DVD9_SQL_Svr_Enterprise_Edtn_2019Dec2019_64Bit_English_MLF_X22-22247.ISO'	 
MountImage SQL2019
    {
        ImagePath   = $Drive
        DriveLetter = 'S'
        Ensure = 'Present'
		Access = 'ReadOnly'
		PsDscRunAsCredential = $MyCred	
			    
    }

    WaitForVolume WaitForSQL2019
    {
        DriveLetter      = 'S'
        RetryIntervalSec = 5
        RetryCount       = 10
    }

     

WindowsFeature 'NetFramework45'
	{
           Name   = 'NET-Framework-45-Core'
           Ensure = 'Present'
    }

      SqlSetup 'InstallDefaultInstance'
	{
           InstanceName        = 'TEST'
           Features            = 'SQLENGINE'
           SourcePath          = 'S:\'
           SQLSysAdminAccounts = @('a-millionje','a-akella')
           DependsOn           = '[WindowsFeature]NetFramework45'
    }
   
}

$mydata=
@{
AllNodes =
@(
@{
NodeName = "*"
PSDscAllowDomainUser = $true
PSDscAllowPlainTextPassword = $true
}
)

}
}

SQLInstall

[johlju]

Change SqlInstall in the end to:

SQLInstall -Node 'localhost' -MyCred  $credentials -ConfigurationData $mydata

[JP-MB]

Hello
same result . Compile is KO