Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ScheduledTask: Support ValueQueries for event trigger #392

Open
Antiohne opened this issue Oct 3, 2022 · 0 comments
Open

ScheduledTask: Support ValueQueries for event trigger #392

Antiohne opened this issue Oct 3, 2022 · 0 comments
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.

Comments

@Antiohne
Copy link

Antiohne commented Oct 3, 2022

Problem description

I am trying to automate the 'Enable automatic rebinding of renewed certificates' setting within IIS. When you do this manually a scheduled task is created. The trigger definition you will find below.

<Triggers>
  <EventTrigger>
    <Enabled>true</Enabled>
    <Subscription>&lt;QueryList&gt;&lt;Query Id='0'&gt;&lt;Select Path='Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational'&gt;*[System[EventID=1001]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>
    <ValueQueries>
      <Value name="NewCertHash">Event/UserData/CertNotificationData/NewCertificateDetails/@Thumbprint</Value>
      <Value name="OldCertHash">Event/UserData/CertNotificationData/OldCertificateDetails/@Thumbprint</Value>
    </ValueQueries>
  </EventTrigger>
</Triggers>

As you can see in the XML definition we have besides the event subscription a ValueQueries section. This ValueQueries option is missing in the ScheduledTask definition. According the documentation it's a list of key-values.

Verbose logs

N/A

DSC configuration

# Enable automatic rebind of renewed certificates.
ScheduledTask "IIS-AutoCertRebind" {
  TaskName                        = "IIS-AutoCertRebind"
  TaskPath                        = "\Microsoft\Windows\CertificateServicesClient"
  ActionExecutable                = "%SystemRoot%\System32\inetsrv\appcmd.exe"
  ActionArguments                 = 'renew binding /oldcert:$(OldCertHash) /newcert:$(NewCertHash)'
  ScheduleType                    = "OnEvent"
  Ensure                          = "Present"
  Enable                          = $true
  BuiltInAccount                  = "SYSTEM"
  AllowStartIfOnBatteries         = $true
  DisallowStartOnRemoteAppSession = $false
  ExecutionTimeLimit              = "0.01:00:00"
  RestartCount                    = 3
  RestartInterval                 = "0.00:10:00"
  RunLevel                        = "Highest"
  EventSubscription               = "<QueryList><Query Id='0'><Select Path='Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational'>*[System[EventID=1001]]</Select></Query></QueryList>"
  #EventValueQueries is missing
}

Suggested solution

Add a property named EventValueQueries which can contain a hash table with the ValueQueries property value.

# Enable automatic rebind of renewed certificates.
ScheduledTask "IIS-AutoCertRebind" {
  TaskName                        = "IIS-AutoCertRebind"
  TaskPath                        = "\Microsoft\Windows\CertificateServicesClient"
  ActionExecutable                = "%SystemRoot%\System32\inetsrv\appcmd.exe"
  ActionArguments                 = 'renew binding /oldcert:$(OldCertHash) /newcert:$(NewCertHash)'
  ScheduleType                    = "OnEvent"
  Ensure                          = "Present"
  Enable                          = $true
  BuiltInAccount                  = "SYSTEM"
  AllowStartIfOnBatteries         = $true
  DisallowStartOnRemoteAppSession = $false
  ExecutionTimeLimit              = "0.01:00:00"
  RestartCount                    = 3
  RestartInterval                 = "0.00:10:00"
  RunLevel                        = "Highest"
  EventSubscription               = "<QueryList><Query Id='0'><Select Path='Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational'>*[System[EventID=1001]]</Select></Query></QueryList>"
  EventValueQueries               = @{ 
    "NewCertHash" = "Event/UserData/CertNotificationData/NewCertificateDetails/@Thumbprint";
    "OldCertHash" = "Event/UserData/CertNotificationData/OldCertificateDetails/@Thumbprint"
  }
}

I found a GIST with a PowerShell example how to configure the ValueQueries property.

Operating system the target node is running

OsName               : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage           : en-US
OsMuiLanguages       : {en-US, en-GB}

PowerShell version and build the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.20348.859
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.859
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

ComputerManagementDsc version

Name                  Version Path
----                  ------- ----
ComputerManagementDsc 8.5.0   C:\Program Files\WindowsPowerShell\Modules\ComputerManagementDsc\8.5.0\ComputerManagementDsc.psd1
@johlju johlju added enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. labels Oct 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Antiohne @johlju