Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ADKDSKey Resource does does not work #648

Closed
raandree opened this issue Apr 6, 2021 · 2 comments · Fixed by #649
Closed

ADKDSKey Resource does does not work #648

raandree opened this issue Apr 6, 2021 · 2 comments · Fixed by #649
Labels
bug The issue is a bug.

Comments

@raandree
Copy link
Contributor

raandree commented Apr 6, 2021

Details of the scenario you tried and the problem that is occurring

When trying to create a KDS key, the error "String was not recognized as a valid DateTime" is thrown on machines with culture en-us and de-de.

Verbose logs showing the problem

VERBOSE: [JDC1]:                            [[ADKDSKey]Integration_Test] Operation 'Enumerate CimInstances' complete.
VERBOSE: [JDC1]:                            [[ADKDSKey]Integration_Test] Checking if the user 'NT AUTHORITY\SYSTEM' has valid Domain Admin permissions. (KDSK0019)
VERBOSE: [JDC1]:                            [[ADKDSKey]Integration_Test] Checking if the node 'JDC1' is a Domain Controller. The node has a product type of '2'. If the product type is 2, then it is a domain controller. (KDSK0020)
      [-] Should compile and apply the MOF without throwing 4.71s
        Expected no exception to be thrown, but an exception "Exception calling "Parse" with "1" argument(s): "String was not recognized as a valid DateTime."" was thrown from C:\ActiveDirectoryDsc\tests\Integration\MSFT_ADKDSKey.Integration.Tests.ps1:52 char:21
            + ...               Start-DscConfiguration @startDscConfigurationParameters
            +                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
        53:                 } | Should -Not -Throw
        at <ScriptBlock>, C:\ActiveDirectoryDsc\tests\Integration\MSFT_ADKDSKey.Integration.Tests.ps1: line 34
VERBOSE: An LCM method call arrived from computer JDC1 with user sid S-1-5-21-390713990-3731729705-4053435951-1000.
WARNING: [JDC1]:                            [] The GET operation will be carried against a pending configuration since the latest configuration has not converged yet.

Suggested solution to the issue

Not throwing the conversion error.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

The issue can be reproduced when running the integration tests for that resource.

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

WMF51

Version of the DSC module that was used

6.0.1

raandree added a commit to raandree/ActiveDirectoryDsc that referenced this issue Apr 6, 2021
@johlju johlju added bug The issue is a bug. in progress The issue is being actively worked on by someone. labels Apr 10, 2021
@X-Guardian
Copy link
Contributor

@raandree, can you post the output of Get-KdsRootKey so that we can see what values are in the EffectiveTime properties of your keys.

@raandree
Copy link
Contributor Author

@X-Guardian, the error is as mentioned earlier:

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root
/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer JDC1 with user sid S-1-5-21-2514724818-3467446060-1973334297-1000.
VERBOSE: [JDC1]: LCM:  [ Start  Set      ]
VERBOSE: [JDC1]: LCM:  [ Start  Resource ]  [[ADKDSKey]ExampleKDSRootKey]
VERBOSE: [JDC1]: LCM:  [ Start  Test     ]  [[ADKDSKey]ExampleKDSRootKey]
VERBOSE: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] Retrieving KDS Root Key with effective date of '01/01/2027 00:00'. (KDSK0001)
VERBOSE: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\cimv2,'classNa
me' = Win32_OperatingSystem'.
VERBOSE: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] Operation 'Enumerate CimInstances' complete.
VERBOSE: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] Checking if the user 'NT AUTHORITY\SYSTEM' has valid Domain Admin permissions. (KDSK0019)
VERBOSE: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] Checking if the node 'JDC1' is a Domain Controller. The node has a product type of '2'. If the product type 
is 2, then it is a domain controller. (KDSK0020)
Exception calling "Parse" with "1" argument(s): "String was not recognized as a valid DateTime."
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : FormatException
    + PSComputerName        : localhost
 
VERBOSE: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] Found KDS Root Key with the effective date of '01/01/2027 00:00'. (KDSK0010)
WARNING: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] Found more than one KDS Root Keys. This shouldn't be an issue, but having only one key per domain is recomme
nded. (KDSK0009)
VERBOSE: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] Retrieved the root domain distinguished name of 'DC=contoso,DC=com'. (KDSK0021)
VERBOSE: [JDC1]:                            [[ADKDSKey]ExampleKDSRootKey] KDS Root Key with the effective date of '01/01/2027 00:00' is in the desired state. (KDSK0015)
VERBOSE: [JDC1]: LCM:  [ End    Test     ]  [[ADKDSKey]ExampleKDSRootKey]  in 1.3280 seconds.
The PowerShell DSC resource '[ADKDSKey]ExampleKDSRootKey' with SourceInfo 'C:\Users\Install\Desktop\Untitled1.ps1::7::9::ADKDSKey' threw one or more non-terminating errors while 
running the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost
 
VERBOSE: [JDC1]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost
 
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 6.161 seconds

The configuration I use is:

Configuration ADKDSKey_CreateKDSRootKey_Config
{
    Import-DscResource -Module ActiveDirectoryDsc

    Node localhost
    {
        ADKDSKey 'ExampleKDSRootKey'
        {
            Ensure        = 'Present'
            EffectiveTime = '01/01/2025 00:00'
            # Date must be set to at time in the future
        }
    }
}

ADKDSKey_CreateKDSRootKey_Config -OutputPath C:\DSC
Start-DscConfiguration -Path C:\DSC -Wait -Verbose

These are the keys:

PS C:\Users\Install> Get-KdsRootKey


AttributeOfWrongFormat : 
KeyValue               : {158, 111, 148, 234...}
EffectiveTime          : 13.03.2021 08:13:05
CreationTime           : 13.03.2021 18:13:05
IsFormatValid          : True
DomainController       : CN=JDC1,OU=Domain Controllers,DC=contoso,DC=com
ServerConfiguration    : Microsoft.KeyDistributionService.Cmdlets.KdsServerConfiguration
KeyId                  : b17641bf-f9ab-0f53-77ae-e4ce72edb3a7
VersionNumber          : 1

AttributeOfWrongFormat : 
KeyValue               : {141, 122, 108, 178...}
EffectiveTime          : 01.01.2027 00:00:00
CreationTime           : 29.05.2021 18:53:24
IsFormatValid          : True
DomainController       : CN=JDC1,OU=Domain Controllers,DC=contoso,DC=com
ServerConfiguration    : Microsoft.KeyDistributionService.Cmdlets.KdsServerConfiguration
KeyId                  : daa36f7c-431b-e1c4-e05f-220b3d2bf43c
VersionNumber          : 1

Most importantly, the EffectiveTime property is a DateTime object already. Why would you need to run the Parse method on a DateTime object?

johlju pushed a commit that referenced this issue May 1, 2022
@johlju johlju removed the in progress The issue is being actively worked on by someone. label May 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug The issue is a bug.
Projects
None yet
3 participants