DSC to join domain

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Jens Jens 20 hours, 13 minutes ago.

  • Author
    Posts
  • #72734
    Profile photo of Jens
    Jens
    Participant

    Hello all,

    I'm experiencing with some DSC scripts in azure.

    Login-AzureRmAccount

    Show-SubscriptionARM

    $rgName = 'rgName'
    $storageAccountName = "storageaccount"

    $storageAccount = Get-AzureRmStorageAccount -ResourceGroupName $rgName -AccountName $storageAccountName
    $storageAccountKey = (Get-AzureRmStorageAccountKey -ResourceGroupName $rgName -AccountName $storageAccountName).Value[0]

    # we are using default container
    $containerName = 'windows-powershell-dsc'

    $configurationName = 'IISInstall'
    $configurationPath = ".\$configurationName.ps1"
    #Publish your DSC configuration to the Azure storage
    $moduleURL = Publish-AzureRmVMDscConfiguration -ConfigurationPath $configurationPath -ResourceGroupName $rgName -StorageAccountName $storageAccount.StorageAccountName -Force

    $storageContext = New-AzureStorageContext -StorageAccountName $storageAccount.StorageAccountName -StorageAccountKey $storageAccountKey
    $sasToken = New-AzureStorageContainerSASToken -Name $containerName -Context $storageContext -Permission r

    $settingsHashTable = @{
    "ModulesUrl" = "$moduleURL";
    "ConfigurationFunction" = "$configurationName.ps1\$configurationName";
    "SasToken" = "$sasToken"
    }

    $vmName= "VMTEST"
    $extensionName = 'DSC'
    $extensionType = 'DSC'
    $publisher = 'Microsoft.Powershell'
    $typeHandlerVersion = '2.1'

    Set-AzureRmVMExtension -ResourceGroupName $rgName -VMName $vmName -Location $storageAccount.Location `
    -Name $extensionName -Publisher $publisher -ExtensionType $extensionType -TypeHandlerVersion $typeHandlerVersion `
    -Settings $settingsHashTable

    This script calls the DSC what is in these script:

    Configuration IISInstall
    {

    Import-DSCResource -module xDSCDomainjoin
    #domain credentials to be given here
    $secdomainpasswd = ConvertTo-SecureString "password" -AsPlainText -Force
    $mydomaincreds = New-Object System.Management.Automation.PSCredential("domain\account", $secdomainpasswd)
    $domain = "mydomain"

    Node localhost
    {
    WindowsFeature IIS
    {
    Name = "Web-Server"
    Ensure = "Present"
    }

    # Install ASP.NET 4.5
    WindowsFeature AspNet45

    {
    Name = "Web-Asp-Net45"
    Ensure = "Present"
    }

    # Join domain
    xDSCDomainjoin JoinDomain
    {
    Domain = $domain
    Credential = $mydomaincreds
    }
    }
    }

    The first 2 steps are successful, however the domain join function always gives an error. Anyone knows what is the problem?

    I would like to join the domain with the DSC script.

  • #72745
    Profile photo of Don Jones
    Don Jones
    Keymaster

    It's a little tough to guess what the error might be. Can you just post the error?

    • #72797
      Profile photo of Jens
      Jens
      Participant

      Sorry about that. Here is the error:

      Set-AzureRmVMExtension : Long running operation failed with status 'Failed'.
      ErrorCode: VMExtensionProvisioningError
      ErrorMessage: VM has reported a failure when processing extension 'DSC'. Error message: "The DSC Extension received an incorrect input: Compilation errors occurred while processing configuration 'IISInsta
      ll'. Please review the errors reported in error stream and modify your configuration code appropriately. System.InvalidOperationException error processing property 'Credential' OF TYPE 'xDSCDomainjoin': C
      onverting and storing encrypted passwords as plain text is not recommended. For more information on securing credentials in MOF file, please refer to MSDN blog: http://go.microsoft.com/fwlink/?LinkId=3937
      29
      At C:\Packages\Plugins\Microsoft.Powershell.DSC\2.26.0.0\DSCWork\IISInstall.ps1.0\IISInstall.ps1:75 char:5
      + xDSCDomainjoin Converting and storing encrypted passwords as plain text is not recommended. For more information on securing credentials in MOF file, please refer to MSDN blog: http://go.microsoft.com
      /fwlink/?LinkId=393729 Cannot find path 'HKLM:\SOFTWARE\Microsoft\PowerShell\3\DSC' because it does not exist. Cannot find path 'HKLM:\SOFTWARE\Microsoft\PowerShell\3\DSC' because it does not exist.
      Another common error is to specify parameters of type PSCredential without an explicit type. Please be sure to use a typed parameter in DSC Configuration, for example:
      configuration Example {
      param([PSCredential] $UserAccount)
      ...
      }.
      Please correct the input and retry executing the extension.".
      StartTime: 14/06/2017 8:59:39
      EndTime: 14/06/2017 9:06:57
      OperationID: 10c08c2e-de25-439d-b02a-d9646dcd477b
      Status: Failed
      At line:31 char:1
      + Set-AzureRmVMExtension -ResourceGroupName $rgName -VMName $vmName -Location $st ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : CloseError: (:) [Set-AzureRmVMExtension], ComputeCloudException
      + FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.SetAzureVMExtensionCommand

  • #72812
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You appear to be trying to use a non-encrypted credential. That isn't allowed – as described at the URL referenced in the error.

    • #73636
      Profile photo of Jens
      Jens
      Participant

      I added following in the first script:
      $settingsHashTable = @{
      "ModulesUrl" = "$moduleURL";
      "ConfigurationFunction" = "$configurationName.ps1\$configurationName";
      "SasToken" = "$sasToken"
      AllNodes = @(
      @{
      NodeName = "localhost"
      PsDscAllowPlainTextPassword = $true
      }
      )
      }

      So plain text password shouldn't be a problem.
      However I still get the error. Any ideas how I can solve it?

      Thanks.

You must be logged in to reply to this topic.