Automatic reboot not occurring after domain creation with xADDomain

This topic contains 13 replies, has 3 voices, and was last updated by Profile photo of Simon Simon 1 year, 8 months ago.

  • Author
    Posts
  • #23836
    Profile photo of Simon
    Simon
    Participant

    Hi All,

    I'm relatively new to DSC and have started working on setting up a lab configuration.

    I'm trying to achieve the following sequence of events...
    1. Push the configuration to the server, rename it to DC1
    2. Promote DC1 to be the first domain controller in the testing.local forest

    Here is my configuration script...

    
    $ConfigurationData = @{
    
    AllNodes = @(
    
        @{
        
        NodeName = '*'
        PSDscAllowPlainTextPassword = $True
        
        },
        
           
        @{
    
        NodeName = '192.168.1.1'
        HostName = 'dc1'
        Role = 'FirstDomainController'
        BackendAlias = 'Ethernet'
        DNSAddress = '192.168.1.1'
    
        DomainName = 'testing.local'
        AD_DB_Path = 'd:\ntds'
        AD_Log_Path = 'd:\ntds\log'
        AD_SysVol_Path = 'd:\ntds\SYSVOL'
        DSRMPassword = 'Password1'
            
        }
    
       
    )
    
    
    }
    
    
    Configuration Lab_Configuration {
    
    param(
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [PSCredential]$DomainCredentials
        )
    
    Import-DscResource -ModuleName xRemoteDesktopAdmin,xWinEventLog,xSystemSecurity,xPendingReboot,xComputerManagement,xNetworking,xActiveDirectory
    
    node $allnodes.NodeName {
    
        xIEESC DisableIEEscAdministrators {
    
            UserRole = 'Administrators'
            IsEnabled = $false
            
        }
    
        xIEESC DisableIEEscUsers {
    
            UserRole = 'Users'
            IsEnabled = $false
            
        }
    
        xUAC DisableUAC {
    
            Setting = 'NeverNotifyAndDisableAll'
            
        }
        
        xRemoteDesktopAdmin EnableRDP {
    
            Ensure = 'Present'
            UserAuthentication = 'Secure'
                
        }
    
        xWinEventLog SystemLog {
    
            LogName = 'System'
            LogMode = 'Circular'
            MaximumSizeInBytes = '104857600'
            
        }
            
        WindowsFeature SNMP {
    
            Name = 'SNMP-Service'
            Ensure = 'Present'
    
        }
    
        WindowsFeature SNMP-Tools {
    
            Name = 'RSAT-SNMP'
            Ensure = 'Present'
    
        }
       
        WindowsFeature PowershellISE {
    
            Name = 'Powershell-ISE'
            Ensure = 'Present'
        
        }
    
        WindowsFeature TelnetClient {
    
            Name = 'Telnet-Client'
            Ensure = 'Present'
    
        }
    
        WindowsFeature Backup {
    
            Name = 'Windows-Server-Backup'
            Ensure = 'Present'
    
        }
    
    
    switch ($Node.role) {
    
        'WebServer' {
    
                    WindowsFeature WebServer {
    
                        Name = 'Web-Server'
                        Ensure = 'Present'
    
                    }
    
                }
    
        'FirstDomainController' {
    
                    xComputer SetComputerInfo {
    
                        Name = $Node.HostName
                        
                    }
                                               
                    WindowsFeature ActiveDirectory {
    
                        Name = 'AD-Domain-Services'
                        Ensure = 'Present'
    
                    }
    
                    WindowsFeature RSAT-AD-Tools {
    
                        Name = 'RSAT-AD-Tools'
                        Ensure = 'Present'
    
                    }
    
                    WindowsFeature RSAT-ADDS {
    
                        Name = 'RSAT-ADDS'
                        Ensure = 'Present'
    
                    }
    
                    WindowsFeature RSAT-AD-AdminCenter {
    
                        Name = 'RSAT-AD-AdminCenter'
                        Ensure = 'Present'
    
                    }
    
                    WindowsFeature RSAT-ADDS-Tools {
    
                        Name = 'RSAT-ADDS-Tools'
                        Ensure = 'Present'
    
                    }
    
                    xADDomain CreateForest {
    
                        DomainName = $Node.DomainName
                        DomainAdministratorCredential = $DomainCredentials
                        SafeModeAdministratorPassword = $DomainCredentials
                        DatabasePath = $Node.AD_DB_Path
                        LogPath = $Node.AD_Log_Path
                        SysvolPath = $Node.AD_SysVol_Path
                        DependsOn = '[WindowsFeature]ActiveDirectory'
    
                    }
                                    
                         
                }
    
              'AdditionalDomainController' {
              
              }  
    
    
    }
    
    
    }
    
    }
    
    Lab_Configuration -ConfigurationData $ConfigurationData -DomainCredentials (Get-Credential) -output C:\DSC\config_files 
    
    

    When i push the configuration to the server, the windows features are added and the computer name gets changed, and DSC reboots the server which is great (LCM is configured on the server to reboot when required).

    Once the server restarts, Active Directory gets added (i can see the NTDS folder on the d: as specified), however it doesn't reboot afterwards to complete the configuration. I have tested a configuration that promotes a domain controller without first renaming the server, and at the end of the process it reboots and everything appears to work nicely.

    Looking through the DSC events in the event viewer, i can see the following events ...

    Job {52909196-D7F1-11E4-80BA-0800279A8F85} :
    This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x7. ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is [xComputer]SetComputerInfo and SourceInfo is ::134::17::xComputer. ErrorMessage is The PowerShell DSC resource C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer returned results in a format that is not valid. The results from running Test-TargetResource must be the boolean value True or False..

    [hr]

    Job {52909196-D7F1-11E4-80BA-0800279A8F85} :
    MIResult 1
    ErrorMessage The PowerShell DSC resource C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer returned results in a format that is not valid. The results from running Test-TargetResource must be the boolean value True or False.
    MessageIDTestTargetResourceInvalidResultFormat
    ErrorCategory 8
    ErrorCode 7
    ErrorType MI

    [hr]

    Job {52909196-D7F1-11E4-80BA-0800279A8F85} :
    This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_xADDomain DSC resource. FullyQualifiedErrorId is Test.VerifyDcPromoCore.DCPromo.General.15,Microsoft.DirectoryServices.Deployment.PowerShell.Commands.InstallADDSForestCommand. ErrorMessage is Verification of prerequisites for Domain Controller promotion failed. Role change is in progress or this computer needs to be restarted.

    [hr]

    Job {52909196-D7F1-11E4-80BA-0800279A8F85} :
    MIResult 1
    ErrorMessage Verification of prerequisites for Domain Controller promotion failed. Role change is in progress or this computer needs to be restarted.
    MessageIDTest.VerifyDcPromoCore.DCPromo.General.15,Microsoft.DirectoryServices.Deployment.PowerShell.Commands.InstallADDSForestCommand
    ErrorCategory 0
    ErrorCode 1
    ErrorType MI

    [hr]

    I'm thinking that perhaps the errors relating to xComputer are preventing the xADDomain configuration from completing successfully. Running Get-DscConfigurationStatus -All shows the following...

    Status StartDate Type Mode RebootRequested NumberOfConfigurationResources
    —— ——— —- —- ————— ——————————
    Failure 2015/04/01 08:45:21 Reboot PUSH False 19
    Success 2015/04/01 08:43:16 Initial PUSH True 19

    I'm hoping that somebody can point me in the right direction as to what i am doing wrong here? Any assistance will be greatly appreciated.

  • #23837
    Profile photo of Don Jones
    Don Jones
    Keymaster

    So, right now, what's the order of events you [b]want[/b] to occur? Rename first?

  • #23838
    Profile photo of Simon
    Simon
    Participant

    I forgot to add, i'm running the Feb preview of WMF 5 on the workstation that i'm authoring and pushing the configuration from, and on the target server. The workstation is Windows 8.1 and the server is 2012 R2 (with KB2883200 installed)

  • #23839
    Profile photo of Simon
    Simon
    Participant

    That's correct, I'm hoping for the events to occur in the following order...

    1. First rename the computer from the default name applied during OS installation to "dc1"
    2. Promote it to become the first domain controller in the testing.local domain.

  • #23840
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well, let's hope it's not a WMF5 issue. Just accept that it might be broken. It isn't even pretending to be production-ready or problem-free.

    I think you need to add a dependency on your xComputer completing. Try making sure THAT happens, THEN AD-Domain-Services gets installed, and then let CreateForest run. So

     
                    WindowsFeature ActiveDirectory {
     
                        Name = 'AD-Domain-Services'
                        Ensure = 'Present'
                        DependsOn = "[xComputer]SetComputerInfo"
     
                    }
    

    That'll give DSC a stopping point after changing the computer name, where it can reboot. xComputer SHOULD be logging that as a reboot-required, and so it should take the opportunity.

  • #23841
    Profile photo of Simon
    Simon
    Participant

    Thanks Don, makes sense. I'll give that a try and post back here with the results.

    Greatly appreciated the rapid response... =D

  • #23842
    Profile photo of Simon
    Simon
    Participant

    Ok, i've added the dependency as suggested and tried a clean re-run of the configuration (i have a snapshot of the VM that i can roll back to re-test cleanly).

    The computer changes its name to "dc1" and reboots, but once it has finished restarting, it doesn't appear to go any further, it doesn't attempt to install the Active Directory binaries or create the domain.

    I'm seeing the following events in the DSC event log...

    Job {2D822626-5C33-4BB4-8CEF-6470E4B200A0} :
    This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x7. ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is [xComputer]SetComputerInfo and SourceInfo is ::134::17::xComputer. ErrorMessage is The PowerShell provider C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer returned results in a format that is not valid. The results from running Test-TargetResource must be the boolean value True or False..

    [hr]

    Job {2D822626-5C33-4BB4-8CEF-6470E4B200A0} :
    DSC Engine Error :
    Error Message The SendConfigurationApply function did not succeed.
    Error Code : 7

    [hr]

    Job {43C7B1E7-AD3D-47D2-A3B5-C3F3BC44A6DB} :
    DSC Engine Error :
    Error Message Current configuration does not exist. Start a DSC configuration first to create a current configuration.
    Error Code : 1

    So based on the events above it looks as though there is a problem with the computer rename section of the configuration, and now that a dependency has been set, it wont continue due to these errors.

    I've rolled back to WMF 4 now (uninstalling the WMF 5 preview on both machines), and am seeing the same problem.

  • #23843
    Profile photo of Don Jones
    Don Jones
    Keymaster

    At a loss. It looks like xComputer is barfing; you might try running a diagnostic trace on the target using the DSC Diagnostics module to see if you can get better information. But if xComputer is heaving something other than True/False for its Test-TargetResource function, that'll gum up the whole thing.

  • #23844
    Profile photo of Simon
    Simon
    Participant

    Cheers Don,

    I'll look into running some traces to see if it reveals anything useful.

    Thanks again for the help.

  • #23845
    Profile photo of Simon
    Simon
    Participant

    I've been using the xDscDiagnostics module (mainly using the trace-xdscoperation command) and the best output i have been able to get is as follows...

    EventType : ERROR
    TimeCreated : 1/04/2015 11:37:06 AM
    Message : This event indicates that failure happens when LCM is processing the configuration. ErrorId is 0x7.
    ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is
    [xComputer]SetComputerInfo and SourceInfo is ::134::17::xComputer. ErrorMessage is The PowerShell
    provider C:\Program Files\WindowsPowerShell\Modules\xComputerManagement\DscResources\MSFT_xComputer
    returned results in a format that is not valid. The results from running Test-TargetResource must be
    the boolean value True or False..
    ComputerName : DC1
    JobID : b24d8cfc-67b9-4f1c-83b2-04c21f410ade
    SequenceID : 1
    Event : System.Diagnostics.Eventing.Reader.EventLogRecord

    Given that it is trying to see if the computer is in compliance (whether the name has been set as specified) and that Test-TargetrRsource in the xComputer resource is returning something other than a boolean value (not sure how this could be possible), is there a way that i can see what is actually being returned?

    Is the way that i am going about this configuration flawed somehow? My thinking is that getting the computer to rename itself should be a fairly straight forward... I

  • #23870
    Profile photo of Don Jones
    Don Jones
    Keymaster

    I don't think your approach is wrong, no.

    About the only way to test it would be to unload all modules from memory, manually load the xComputer module by using Import-Module, and then run its Test-TargetResource command, passing in the necessary hash table structure as input. That should let you see if it's tossing something.

  • #23959
    Profile photo of Mariusz Serwin
    Mariusz Serwin
    Participant

    Simon , there is a problem with Test-TargetResource in xComputerManagement resource replace if ($Name -ne $env:COMPUTERNAME) {return $false} with if ($Name -ne $env:COMPUTERNAME) {return $false} else {return $true} in MSFT_xComputer.psm1 files .

    That will solve the issue .

  • #24004
    Profile photo of Simon
    Simon
    Participant

    Thanks Mariusz,

    I'll give that a try when i get into the office and see how i get on.

    Appreciate all of the assistance.

  • #24049
    Profile photo of Simon
    Simon
    Participant

    Worked like a charm, thanks again for all of the assistance, greatly appreciated. =D

You must be logged in to reply to this topic.