Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Usage of the module doesn´t allow Azure DSC machines to finish configuration #33

Open
weiner22 opened this issue Dec 6, 2022 · 0 comments

Comments

@weiner22
Copy link

weiner22 commented Dec 6, 2022

Details of the scenario you tried and the problem that is occurring

Hello, I´ve updated fully working DSC code by Local Security Policy (GPO), by using GPRegistryPolicyDSC Module.

Verbose logs showing the problem

Machine in Azure DSC is still in-progress status, never finishes the configuration (normally configured in 10min including software installations)
Error from Azure DSC RAW Report: Index was out of range. Must be non-negative and less than the size of the collection. xDSCDiagnostics module points to this particular module.

Suggested solution to the issue

Let the module to finish the configuration and configure the policies accordingly.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# insert configuration here (only part of the code here, whole has about 7k lines)
 RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PolicyVersion'
         {
              ValueName = 'PolicyVersion'
              ValueData = 534
              ValueType = 'Dword'
              TargetType = 'ComputerConfiguration'
              Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall'
         }

         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\ConSecRules\{e571f044-8183-493e-ad47-3fd714e619b9}'
         {
              ValueName = '{e571f044-8183-493e-ad47-3fd714e619b9}'
              ValueData = 'v2.22|Action=SecureServer|Name=Nvs-DC-Out-Winrm|Desc=Secure Winrm|Protocol=6|Active=TRUE|Profile=Domain|EP2Port=5985|EP2Port=5986|Auth1Set=Nvs-Mm-Kerb|Auth2Set=Nvs-Em-Kerb-Or-Anon|Crypto2Set=Nvs-Qm-EspGcm128|EmbedCtxt=Nvs-Ipsec-DC-Winrm|'
              ValueType = 'String'
              TargetType = 'ComputerConfiguration'
              Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\ConSecRules'
         }

         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\ConSecRules\{6c77dbb9-31bf-45f8-b238-46dcb8a80665}'
         {
              ValueName = '{6c77dbb9-31bf-45f8-b238-46dcb8a80665}'
              ValueData = 'v2.22|Action=SecureServer|Name=Nvs-DC-In-Winrm|Desc=Secure Winrm|Protocol=6|Active=TRUE|Profile=Domain|EP1Port=5985|EP1Port=5986|Auth1Set=Nvs-Mm-Kerb|Auth2Set=Nvs-Em-Kerb-Or-Anon|Crypto2Set=Nvs-Qm-EspGcm128|EmbedCtxt=Nvs-Ipsec-DC-Winrm|'
              ValueType = 'String'
              TargetType = 'ComputerConfiguration'
              Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\ConSecRules'
         }

The operating system the target node is running

Windows Server 2019 or Windows Server 2019 Core (both contains WMF 5.1 by default), English language.,

Version and build of PowerShell the target node is running

Powershell 5.1

Version of the DSC module that was used

GPRegistryPolicyDsc module version 1.2.0

@johlju @jcwalker @gaelcolas @NicolasBn do you have any clue where the problem is, please?

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant