Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADReplicationSiteLink: When ensure absent test-targetresource return false if other parameters are set. #593

Closed
wmaniek123 opened this issue Apr 15, 2020 · 4 comments · Fixed by #594
Closed

ADReplicationSiteLink: When ensure absent test-targetresource return false if other parameters are set. #593

wmaniek123 opened this issue Apr 15, 2020 · 4 comments · Fixed by #594
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.

Comments

@wmaniek123
Copy link
Contributor

wmaniek123 commented Apr 15, 2020
edited by X-Guardian
Loading

When you want to remove the sitelink ensure absent generate false positive test-targetresource false and set-targetresource "site link is not found"

Details of the scenario you tried and the problem that is occurring

I created the site using DSC and now I want to remove them, switching the parameter from present to absent. Site resource is working fine, deletes the site but site link resource is failing because it doesn't have ensure absent scenario implemented properly

Verbose logs showing the problem

$invokeParams = @{
    Name       = 'ADReplicationSiteLink'
    ModuleName = 'ActiveDirectoryDsc'
    Method     = 'Test'
    Property   = @{
        'name'                          = 'DefaultToIsolatedSiteLink';
        'ensure'                        = 'Absent';
        'cost'                          = 100;
        'replicationfrequencyInMinutes' = 120;
        'sitesIncluded'                 = @('Default-First-Site-Name', 'SITE-NAME')
    }
}

Invoke-DscResource -verbose @invokeparams

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceTest,'className' = MSFT_DSCL
ocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DCNAME with user sid S-1-5-21-3783069819-4113108839-4053356624-180474.
VERBOSE: [DCNAME]: LCM:  [ Start  Test     ]  [[ADReplicationSiteLink]DirectResourceAccess]
VERBOSE: [DCNAME]:                            [[ADReplicationSiteLink]DirectResourceAccess] Could not find DefaultToIsolatedSite
Link site link. (ADRSL0008)
VERBOSE: [DCNAME]:                            [[ADReplicationSiteLink]DirectResourceAccess] Site: Default-First-Site-Name not fo
und in SitesIncluded. Current SitesIncluded: . (ADRSL0001)
VERBOSE: [DCNAME]:                            [[ADReplicationSiteLink]DirectResourceAccess] Site: SITE-NAME not 
found in SitesIncluded. Current SitesIncluded: . (ADRSL0001)
VERBOSE: [DCNAME]:                            [[ADReplicationSiteLink]DirectResourceAccess] Cost is not in desired state Current
:  Desired: 100. (ADRSL0003)
VERBOSE: [DCNAME]:                            [[ADReplicationSiteLink]DirectResourceAccess] ReplicationFrequencyInMinutes is not
 in desired state Current:  Desired: 120. (ADRSL0003)
VERBOSE: [DCNAME]: LCM:  [ End    Test     ]  [[ADReplicationSiteLink]DirectResourceAccess] False in 0.3120 seconds.
VERBOSE: [DCNAME]: LCM:  [ End    Set      ]    in  0.6250 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.

InDesiredState 
-------------- 
False          
VERBOSE: Time taken for configuration job to complete is 0.774 seconds

$invokeParams = @{
    Name       = 'ADReplicationSiteLink'
    ModuleName = 'ActiveDirectoryDsc'
    Method     = 'Set'
    Property   = @{
        'name'                          = 'DefaultToIsolatedSiteLink';
        'ensure'                        = 'Absent';
        'cost'                          = 100;
        'replicationfrequencyInMinutes' = 120;
        'sitesIncluded'                 = @('Default-First-Site-Name', 'SITE-NAME')
    }
}

Invoke-DscResource -verbose @invokeparams

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' = MSFT_DSCLo
calConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DCNAME with user sid S-1-5-21-3783069819-4113108839-4053356624-180474.
VERBOSE: [DCNAME]: LCM:  [ Start  Set      ]  [[ADReplicationSiteLink]DirectResourceAccess]
VERBOSE: [DCNAME]:                            [[ADReplicationSiteLink]DirectResourceAccess] Removing AD Site Link DefaultToIsola
tedSiteLink. (ADRSL0007)
Cannot find an object with identity: 'DefaultToIsolatedSiteLink' under: 'CN=Inter-Site 
Transports,CN=Sites,CN=Configuration,DC=DOMAIN,DC=LOC'.
    + CategoryInfo          : ObjectNotFound: (DefaultToIsolatedSiteLink:) [], CimException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Micros 
   oft.ActiveDirectory.Management.Commands.RemoveADReplicationSiteLink
    + PSComputerName        : localhost
 
VERBOSE: [DCNAME]: LCM:  [ End    Set      ]  [[ADReplicationSiteLink]DirectResourceAccess]  in 0.3440 seconds.
The PowerShell DSC resource '[ADReplicationSiteLink]DirectResourceAccess' with SourceInfo '' threw one or more 
non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel 
called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost
 
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.742 seconds

Suggested solution to the issue

Implement same logic as in the ADReplicationSite resource

 if ($getTargetResourceResult.Ensure -eq 'Absent')
    {
        # Site doesn't exist
        if ($getTargetResourceResult.Ensure -eq $Ensure)
        {
            # Site should not exist
            Write-Verbose -Message ($script:localizedData.ReplicationSiteInDesiredState -f $Name)
        }
        else
        {
            #Site should exist
            Write-Verbose -Message ($script:localizedData.ReplicationSiteNotInDesiredState -f $Name)
            $configurationCompliant = $false
        }
    }

The DSC configuration that is used to reproduce the issue (as detailed as possible)

$invokeParams = @{
    Name       = 'ADReplicationSiteLink'
    ModuleName = 'ActiveDirectoryDsc'
    Method     = 'Test' 
    Property   = @{
        'name'                          = 'DefaultToIsolatedSiteLink';
        'ensure'                        = 'Absent';
        'cost'                          = 100;
        'replicationfrequencyInMinutes' = 120;
        'sitesIncluded'                 = @('Default-First-Site-Name', 'Exchange-Config-Isolation')
    }
}

The operating system the target node is running

OsName               : Microsoft Windows Server 2016 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.2999.amd64fre.rs1_release_inmarket.190520-1518
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14393.2969
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.2969
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Manifest   4.2.0.0    ActiveDirectoryDsc                  Find-DomainController

Using this one becasue of the bug in the passwordauthentication property (site link code is the same)
@wmaniek123 wmaniek123 mentioned this issue Apr 15, 2020
Merged
9 tasks
@X-Guardian
Copy link
Contributor

Thank you for raising this issue @wmaniek123. I have edited your issue to format it, but it looks to me as if you have pasted the verbose logs twice. Can you double check and edit as applicable. Also, you don't need to paste the Windows event logs, the DSC verbose output is good enough.

You mention that you are using v4.2 of the module because of another bug. What bug is this and is there an issue already raised for it?

@wmaniek123
Copy link
Contributor Author

wmaniek123 commented Apr 16, 2020
edited
Loading

Thanks for comment @X-Guardian . I'm using this version becasue of #582 witch was closed but still in preview I belive. I cleaned up the logs and raised pull request witch is simple elseif clause.

@X-Guardian
Copy link
Contributor

OK, thanks for spotting that. We released v6.0.1, but it didn't get published to the PowerShell Gallery. I'll get it fixed and published.

@wmaniek123
Copy link
Contributor Author

Thanks a lot. I raised the pull request for this one but don't know if have all nessesary steps added, so the pipeline would not fail.

@johlju johlju added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Apr 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
3 participants
@johlju @X-Guardian @wmaniek123