Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IisFeatureDelegation wipes out config #626

Open
martospy opened this issue Jul 19, 2023 · 1 comment
Open

IisFeatureDelegation wipes out config #626

martospy opened this issue Jul 19, 2023 · 1 comment
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.

Comments

@martospy
Copy link

Problem description

I am trying to use IisFeatureDelegation to override security so I can write set new log paths. When I do this however it wipes out the config lines in the applicationHost file and rewrites new stanzas to the bottom that IIS doesn't know what to do with. I have to restore from backup when this happens. Adding the stanzas to the Verbose Logs.

If I try and use 'IIS:\Sites\Default Web Site' instead of 'MACHINE/WEBROOT/APPHOST' it does not work. This is on Server 2022.

Verbose logs

<sites>
            <site name="Default Web Site" id="1">
                <application path="/">
                    <virtualDirectory path="/" physicalPath="D:\inetpub\wwwroot" />
                </application>
                <application path="/MSMQ" applicationPool="DefaultAppPool">
                    <virtualDirectory path="/" physicalPath="D:\inetpub\wwwroot\msmq" />
                </application>
                <bindings>
                    <binding protocol="http" bindingInformation="*:80:" />
                </bindings>
                    <logFile />
                    <traceFailedRequestsLogging />
                    <ftpServer>
                        <sessions />
                        <connections />
                        <security>
                            <dataChannelSecurity />
                            <commandFiltering />
                            <ssl />
                            <sslClientCertificates />
                            <authentication>
                                <anonymousAuthentication />
                                <basicAuthentication />
                                <clientCertAuthentication />
                                <customAuthentication>
                                    <providers />
                                </customAuthentication>
                            </authentication>
                            <customAuthorization>
                                <provider />
                            </customAuthorization>
                        </security>
                        <customFeatures>
                            <providers />
                        </customFeatures>
                        <messages />
                        <fileHandling />
                        <firewallSupport />
                        <userIsolation>
                            <activeDirectory />
                        </userIsolation>
                        <directoryBrowse />
                        <logFile />
                    </ftpServer>
            </site>
            <siteDefaults>
                <logFile logFormat="W3C" directory="%SystemDrive%\inetpub\logs\LogFiles" />
                <traceFailedRequestsLogging directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles" />
            </siteDefaults>
            <applicationDefaults applicationPool="DefaultAppPool" />
            <virtualDirectoryDefaults allowSubDirConfig="true" />
        </sites>

DSC configuration

IisFeatureDelegation applicationHostsitesUnlock
        {
            Filter       = '/system.applicationHost/sites'
            OverrideMode = 'Allow'
            Path         = 'MACHINE/WEBROOT/APPHOST'
        }

        IisFeatureDelegation applicationHostlogUnlock
        {
            Filter       = '/system.applicationHost/log'
            OverrideMode = 'Allow'
            Path         = 'MACHINE/WEBROOT/APPHOST'
        }

        IisFeatureDelegation ftpServerUnlock
        {
            Filter       = '/system.ftpServer/log'
            OverrideMode = 'Allow'
            Path         = 'MACHINE/WEBROOT/APPHOST'
        }

Suggested solution

No idea

Operating system the target node is running

Server 2022 Standard

PowerShell version and build the target node is running

Powershell 5.1

WebAdministrationDsc version

4.1.0
@johlju johlju added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Dec 6, 2023
@johlju
Copy link
Member

johlju commented Dec 6, 2023

Looks like we need better integration tests for this resource. If someone can provide a fix for this I will happily review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johlju @martospy