Author Posts

March 31, 2015 at 2:24 pm

Hi All,

I'm relatively new to DSC and have started working on setting up a lab configuration.

I'm trying to achieve the following sequence of events...
1. Push the configuration to the server, rename it to DC1
2. Promote DC1 to be the first domain controller in the testing.local forest

Here is my configuration script...


$ConfigurationData = @{

AllNodes = @(

    @{
    
    NodeName = '*'
    PSDscAllowPlainTextPassword = $True
    
    },
    
       
    @{

    NodeName = '192.168.1.1'
    HostName = 'dc1'
    Role = 'FirstDomainController'
    BackendAlias = 'Ethernet'
    DNSAddress = '192.168.1.1'

    DomainName = 'testing.local'
    AD_DB_Path = 'd:\ntds'
    AD_Log_Path = 'd:\ntds\log'
    AD_SysVol_Path = 'd:\ntds\SYSVOL'
    DSRMPassword = 'Password1'
        
    }

   
)


}


Configuration Lab_Configuration {

param(
    [Parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [PSCredential]$DomainCredentials
    )

Import-DscResource -ModuleName xRemoteDesktopAdmin,xWinEventLog,xSystemSecurity,xPendingReboot,xComputerManagement,xNetworking,xActiveDirectory

node $allnodes.NodeName {

    xIEESC DisableIEEscAdministrators {

        UserRole = 'Administrators'
        IsEnabled = $false
        
    }

    xIEESC DisableIEEscUsers {

        UserRole = 'Users'
        IsEnabled = $false
        
    }

    xUAC DisableUAC {

        Setting = 'NeverNotifyAndDisableAll'
        
    }
    
    xRemoteDesktopAdmin EnableRDP {

        Ensure = 'Present'
        UserAuthentication = 'Secure'
            
    }

    xWinEventLog SystemLog {

        LogName = 'System'
        LogMode = 'Circular'
        MaximumSizeInBytes = '104857600'
        
    }
        
    WindowsFeature SNMP {

        Name = 'SNMP-Service'
        Ensure = 'Present'

    }

    WindowsFeature SNMP-Tools {

        Name = 'RSAT-SNMP'
        Ensure = 'Present'

    }
   
    WindowsFeature PowershellISE {

        Name = 'Powershell-ISE'
        Ensure = 'Present'
    
    }

    WindowsFeature TelnetClient {

        Name = 'Telnet-Client'
        Ensure = 'Present'

    }

    WindowsFeature Backup {

        Name = 'Windows-Server-Backup'
        Ensure = 'Present'

    }


switch ($Node.role) {

    'WebServer' {

                WindowsFeature WebServer {

                    Name = 'Web-Server'
                    Ensure = 'Present'

                }

            }

    'FirstDomainController' {

                xComputer SetComputerInfo {

                    Name = $Node.HostName
                    
                }
                                           
                WindowsFeature ActiveDirectory {

                    Name = 'AD-Domain-Services'
                    Ensure = 'Present'

                }

                WindowsFeature RSAT-AD-Tools {

                    Name = 'RSAT-AD-Tools'
                    Ensure = 'Present'

                }

                WindowsFeature RSAT-ADDS {

                    Name = 'RSAT-ADDS'
                    Ensure = 'Present'

                }

                WindowsFeature RSAT-AD-AdminCenter {

                    Name = 'RSAT-AD-AdminCenter'
                    Ensure = 'Present'

                }

                WindowsFeature RSAT-ADDS-Tools {

                    Name = 'RSAT-ADDS-Tools'
                    Ensure = 'Present'

                }

                xADDomain CreateForest {

                    DomainName = $Node.DomainName
                    DomainAdministratorCredential = $DomainCredentials
                    SafeModeAdministratorPassword = $DomainCredentials
                    DatabasePath = $Node.AD_DB_Path
                    LogPath = $Node.AD_Log_Path
                    SysvolPath = $Node.AD_SysVol_Path
                    DependsOn = '[WindowsFeature]ActiveDirectory'

                }
                                
                     
            }

          'AdditionalDomainController' {
          
          }  


}


}

}

Lab_Configuration -ConfigurationData $ConfigurationData -DomainCredentials (Get-Credential) -output C:\DSC\config_files 

When i push the configuration to the server, the windows features are added and the computer name gets changed, and DSC reboots the server which is great (LCM is configured on the server to reboot when required).

Once the server restarts, Active Directory gets added (i can see the NTDS folder on the d: as specified), however it doesn't reboot afterwards to complete the configuration. I have tested a configuration that promotes a domain controller without first renaming the server, and at the end of the process it reboots and everything appears to work nicely.

Looking through the DSC events in the event viewer, i can see the following events ...

Job {52909196-D7F1-11E4-80BA-0800279A8F85} :
This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x7. ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is [xComputer]SetComputerInfo and SourceInfo is ::134::17::xComputer. ErrorMessage is The PowerShell DSC resource C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer returned results in a format that is not valid. The results from running Test-TargetResource must be the boolean value True or False..

[hr]

Job {52909196-D7F1-11E4-80BA-0800279A8F85} :
MIResult 1
ErrorMessage The PowerShell DSC resource C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer returned results in a format that is not valid. The results from running Test-TargetResource must be the boolean value True or False.
MessageIDTestTargetResourceInvalidResultFormat
ErrorCategory 8
ErrorCode 7
ErrorType MI

[hr]

Job {52909196-D7F1-11E4-80BA-0800279A8F85} :
This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_xADDomain DSC resource. FullyQualifiedErrorId is Test.VerifyDcPromoCore.DCPromo.General.15,Microsoft.DirectoryServices.Deployment.PowerShell.Commands.InstallADDSForestCommand. ErrorMessage is Verification of prerequisites for Domain Controller promotion failed. Role change is in progress or this computer needs to be restarted.

[hr]

Job {52909196-D7F1-11E4-80BA-0800279A8F85} :
MIResult 1
ErrorMessage Verification of prerequisites for Domain Controller promotion failed. Role change is in progress or this computer needs to be restarted.
MessageIDTest.VerifyDcPromoCore.DCPromo.General.15,Microsoft.DirectoryServices.Deployment.PowerShell.Commands.InstallADDSForestCommand
ErrorCategory 0
ErrorCode 1
ErrorType MI

[hr]

I'm thinking that perhaps the errors relating to xComputer are preventing the xADDomain configuration from completing successfully. Running Get-DscConfigurationStatus -All shows the following...

Status StartDate Type Mode RebootRequested NumberOfConfigurationResources
—— ——— —- —- ————— ——————————
Failure 2015/04/01 08:45:21 Reboot PUSH False 19
Success 2015/04/01 08:43:16 Initial PUSH True 19

I'm hoping that somebody can point me in the right direction as to what i am doing wrong here? Any assistance will be greatly appreciated.

March 31, 2015 at 2:45 pm

So, right now, what's the order of events you [b]want[/b] to occur? Rename first?

March 31, 2015 at 2:47 pm

I forgot to add, i'm running the Feb preview of WMF 5 on the workstation that i'm authoring and pushing the configuration from, and on the target server. The workstation is Windows 8.1 and the server is 2012 R2 (with KB2883200 installed)

March 31, 2015 at 2:49 pm

That's correct, I'm hoping for the events to occur in the following order...

1. First rename the computer from the default name applied during OS installation to "dc1"
2. Promote it to become the first domain controller in the testing.local domain.

March 31, 2015 at 2:52 pm

Well, let's hope it's not a WMF5 issue. Just accept that it might be broken. It isn't even pretending to be production-ready or problem-free.

I think you need to add a dependency on your xComputer completing. Try making sure THAT happens, THEN AD-Domain-Services gets installed, and then let CreateForest run. So

 
                WindowsFeature ActiveDirectory {
 
                    Name = 'AD-Domain-Services'
                    Ensure = 'Present'
                    DependsOn = "[xComputer]SetComputerInfo"
 
                }

That'll give DSC a stopping point after changing the computer name, where it can reboot. xComputer SHOULD be logging that as a reboot-required, and so it should take the opportunity.

March 31, 2015 at 2:54 pm

Thanks Don, makes sense. I'll give that a try and post back here with the results.

Greatly appreciated the rapid response... =D

March 31, 2015 at 3:44 pm

Ok, i've added the dependency as suggested and tried a clean re-run of the configuration (i have a snapshot of the VM that i can roll back to re-test cleanly).

The computer changes its name to "dc1" and reboots, but once it has finished restarting, it doesn't appear to go any further, it doesn't attempt to install the Active Directory binaries or create the domain.

I'm seeing the following events in the DSC event log...

Job {2D822626-5C33-4BB4-8CEF-6470E4B200A0} :
This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x7. ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is [xComputer]SetComputerInfo and SourceInfo is ::134::17::xComputer. ErrorMessage is The PowerShell provider C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer returned results in a format that is not valid. The results from running Test-TargetResource must be the boolean value True or False..

[hr]

Job {2D822626-5C33-4BB4-8CEF-6470E4B200A0} :
DSC Engine Error :
Error Message The SendConfigurationApply function did not succeed.
Error Code : 7

[hr]

Job {43C7B1E7-AD3D-47D2-A3B5-C3F3BC44A6DB} :
DSC Engine Error :
Error Message Current configuration does not exist. Start a DSC configuration first to create a current configuration.
Error Code : 1

So based on the events above it looks as though there is a problem with the computer rename section of the configuration, and now that a dependency has been set, it wont continue due to these errors.

I've rolled back to WMF 4 now (uninstalling the WMF 5 preview on both machines), and am seeing the same problem.

March 31, 2015 at 3:53 pm

At a loss. It looks like xComputer is barfing; you might try running a diagnostic trace on the target using the DSC Diagnostics module to see if you can get better information. But if xComputer is heaving something other than True/False for its Test-TargetResource function, that'll gum up the whole thing.

March 31, 2015 at 3:57 pm

Cheers Don,

I'll look into running some traces to see if it reveals anything useful.

Thanks again for the help.

March 31, 2015 at 5:17 pm

I've been using the xDscDiagnostics module (mainly using the trace-xdscoperation command) and the best output i have been able to get is as follows...

EventType : ERROR
TimeCreated : 1/04/2015 11:37:06 AM
Message : This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x7.
ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is
[xComputer]SetComputerInfo and SourceInfo is ::134::17::xComputer. ErrorMessage is The PowerShell
provider C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer
returned results in a format that is not valid. The results from running Test-TargetResource must be
the boolean value True or False..
ComputerName : DC1
JobID : b24d8cfc-67b9-4f1c-83b2-04c21f410ade
SequenceID : 1
Event : System.Diagnostics.Eventing.Reader.EventLogRecord

Given that it is trying to see if the computer is in compliance (whether the name has been set as specified) and that Test-TargetrRsource in the xComputer resource is returning something other than a boolean value (not sure how this could be possible), is there a way that i can see what is actually being returned?

Is the way that i am going about this configuration flawed somehow? My thinking is that getting the computer to rename itself should be a fairly straight forward... I

April 1, 2015 at 9:42 am

I don't think your approach is wrong, no.

About the only way to test it would be to unload all modules from memory, manually load the xComputer module by using Import-Module, and then run its Test-TargetResource command, passing in the necessary hash table structure as input. That should let you see if it's tossing something.

April 4, 2015 at 2:19 pm

Simon , there is a problem with Test-TargetResource in xComputerManagement resource replace if ($Name -ne $env:COMPUTERNAME) {return $false} with if ($Name -ne $env:COMPUTERNAME) {return $false} else {return $true} in MSFT_xComputer.psm1 files .

That will solve the issue .

April 6, 2015 at 3:10 pm

Thanks Mariusz,

I'll give that a try when i get into the office and see how i get on.

Appreciate all of the assistance.

April 7, 2015 at 3:02 pm

Worked like a charm, thanks again for all of the assistance, greatly appreciated. =D