Author Posts

January 11, 2016 at 11:41 pm

I keep getting an error telling me that PSDscAllowPlainTextPassword needs to be set to true (even though it is)
In this ps1 file I set configuration data, have my DSC configuration, then compile the mof and run it.
You will see that I execute the mof with specific credentials, which are OK, and I also pass in different credentials to be used by the resource, which


$ConfigurationData = @{
AllNodes = @(
@{
NodeName = "*";
PSDscAllowPlainTextPassword = $true
}
)
}

Configuration my_configuration
{
param(
[string] $ComputerName,
[PSCredential] $NonAdminCredentials
)

Import-DscResource -ModuleName my_CompositeResources

Node $ComputerName
{

my_CompositeResource_dostuff DoSomeStuff {
NameOfHost = "$ComputerName"
NonAdminCreds = $NonAdminCredentials
}
}
}

$adminpwd = ConvertTo-SecureString "VerySecretPassword" -AsPlainText -Force
$AdminCreds = New-Object System.Management.Automation.PSCredential ("Administrator", $adminpwd)

$nonadminpwd = ConvertTo-SecureString "NotSoSecretPassword" -AsPlainText -Force
$NonAdminCreds = New-Object System.Management.Automation.PSCredential ("Bob", $nonadminpwd)

my_configuration -ConfigurationData $ConfigurationData -ComputerName "bozo" -NonAdminCredentials $NonAdminCreds
Start-DscConfiguration .\my_configuration -Wait -Verbose -Credential $AdminCreds -Force -ErrorAction Stop

.

In my composite resource I am simply setting a service to run under a specific user id (bob).


Configuration my_CompositeResource_dostuff
{
param(
[string] $NameOfHost,
[PSCredential] $NonAdminCreds
)

Service SetupJenkins
{
Name = "jenkins"
State = "Stopped"
StartupType = 'Automatic'
Credential = $NonAdminCreds
}

}

However, I still get the error ...

ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Credential' OF TYPE 'Service': Converting and storing an encrypted password as plaintext is allowed only if PSDscAllowPlainTextPassword is set to true.

and it points to the line in the composite resource where the Service resource is called from.

Is there something faulty in my logic?

January 12, 2016 at 4:39 am

I'm not sure if this is considered a bug or not, but the node names need to actually be in the ConfigurationData for that to work. You can't just have NodeName='*' for some reason.

January 12, 2016 at 7:07 am

Incidentally, after seeing this same question brought up over and over again on the web, I fired off an email to the MVP mailing list (which is monitored by PowerShell team members as well) suggesting a fix. Hopefully we'll see this behavior improve in a future version of the DSC module.

January 12, 2016 at 3:20 pm

Wow. That was amazingly simple, and amazingly effective. It worked, thank you very much Dave.

Of course, I never do 'simple' – can I complicate it a little?

This is probably a question about the scope of variables. But what if, in my ps1 script above, the computer name was $args instead of 'bozo', as shown? If I ran the script with a computer name as an argument, could I get that argument into the configuration data somehow?

The script will be used for building and configuring nodes on the fly, so the node name won't be known until the script is run.

January 12, 2016 at 7:20 pm

You can write a function that accepts an array of computer names as arguments, uses that array to create a ConfigurationData hashtable, and then passes that table to the actual configuration.

January 12, 2016 at 9:02 pm

Oh yeah, that makes sense (gees, that scares me, powershell making sense to me) I'll give that a try next up.
Thanks again Dave.