Comments (10)
Hi @svenvanrijen - thanks for reporting this. I actually ran across this issue last week on one my servers. So I was going to log this, but you beat me to it. Great work. Are you able to post your config for me (blank out any credentials or other sensitive info of course)?
from certificatedsc.
Hi Daniel, no problem:
configuration Config
{
Import-DscResource -ModuleName xActiveDirectory, `
xNetworking, `
xPendingReboot, `
xDHCPServer, `
PSDesiredStateConfiguration, `
xComputerManagement, `
xAdcsDeployment, `
xCertificate
[pscredential]$domainCred = Get-AutomationPSCredential -Name 'Local domain admin'
Node $AllNodes.Where{$_.Role -eq "DSC HTTPS Pull Server"}.Nodename
{
LocalConfigurationManager
{
ActionAfterReboot = 'ContinueConfiguration'
ConfigurationMode = 'ApplyAndAutoCorrect'
RebootNodeIfNeeded = $true
}
xComputer JoinDomain
{
Name = $Node.NodeName
DomainName = $Node.DomainName
Credential = $domainCred
}
xCertReq SSLCert
{
CARootName = 'xxxxxxx-CA01-CA'
CAServerFQDN = "CA01.xxxxxx.xxx"
Subject = "xxxxxx.xxx"
Exportable = $true
CertificateTemplate = 'WebServer'
AutoRenew = $true
Credential = $domainCred
}
}
}
$ConfigData = @{
AllNodes = @(
@{
Nodename = "*"
DomainName = "xxxxx.xxx"
RetryCount = 20
RetryIntervalSec = 30
PsDscAllowPlainTextPassword = $true
}
@{
Nodename = "xxxx"
Role = "DSC HTTPS Pull Server"
DomainName = "xxxxxxx.xxx"
RetryCount = 20
RetryIntervalSec = 30
PsDscAllowPlainTextPassword = $true
PsDscAllowDomainUser = $true
}
)
}
It's quite a large config, so I just cut and paste the bits for the node that matters. If you need any more info or details, please let me know...
Kind regards,
Sven
from certificatedsc.
Hi!
I've tried to troubleshoot this issue myself this, but unfortunately without any luck.
Guess it has something to do with creating and starting the Win32_Process within the PDT script... When I try this manually, I get an error regarding insufficient rights to start the process.
Anyway, I've got around it by changing my config to not use the $credential parameter and fixing an error in the xCertReq resource (https://github.com/PowerShell/xCertificate/pull/43/files). For now, my config runs smoothly, but the error mentioned above still exists.
xCertReq SSLCert
{
CARootName = 'xxxxxxxxx-CA01-CA'
CAServerFQDN = 'xxxxx.xxxxx.xxxx'
Subject = 'dsc01.xxxxx.xxxx'
KeyLength = '1024'
Exportable = $true
ProviderName = '"Microsoft RSA SChannel Cryptographic Provider"'
OID = '1.3.6.1.5.5.7.3.1'
KeyUsage = '0xa0'
CertificateTemplate = 'WebServer'
AutoRenew = $true
}
Kind regards,
Sven
from certificatedsc.
Hi @svenvanrijen - thanks for the additional info! I'm definitely trying to get to this one. It is right up high on my list.
from certificatedsc.
Hi
I have encountered this exact issue. As with @svenvanrijen removing the $credential, and modifying the xCertReq resource with Sven's code change works. My configuration is pretty much identical to the one Sven is attempting to apply. I'm doing this on Windows Server 2012R2 with all current patches applied.
from certificatedsc.
Hi @rikhepworth and @svenvanrijen - this does look like the solution to the problem. However the $credential
is only required if the template requires an alternate credential to issue - so I don't think you'll need it mostly.
But because there is very little automated integration tests for this resource, I want to be certain that we're not making a breaking change. I've tried to implement some integration test for this resource (https://github.com/PowerShell/xCertificate/blob/dev/Tests/Integration/MSFT_xCertReq.Integration.Tests.ps1), so I'm just going to run these through on my CA's with the changes @svenvanrijen has made. I'm just doing this now and I'll get back to you ASAP.
Thanks again for your help and patience!
from certificatedsc.
@rikhepworth and @svenvanrijen - there is still some sort of issue going on when the $credential parameter is being passed. So even once @svenvanrijen has been merged I'll still keep this issue open till I can figure out what is causing this problem.
from certificatedsc.
Successfully created PR #52
from certificatedsc.
Hi @svenvanrijen - are we able to make this one as closed now?
from certificatedsc.
Yes, we can!
Issue successfully fixed in PR #52
from certificatedsc.
Related Issues (20)
- Rename master branch to main
- Test-TargetResource fails if server language is not English (Get-CertificateTemplateInformation) HOT 1
- PfxImport & CertificateImport: Add base64 content parameter for PFX and certificate import resources HOT 6
- Remove non-mandatory parameters from Get-TargetResource
- Update GitVersion.yml to use latest pattern
- INF file format is wrong HOT 1
- DSC_PfxImport:'Import-PfxCertificateEx' function handles private keys differently then 'Import-PfxCertificate' cmdlet HOT 3
- Tests failing: New-SelfSignedCertificateEx from Script Center is no longer available
- Update Sampler Build Tasks
- Enable Code Coverage Reporting
- PfxImport: Cannot find an overload for "Import" and the argument count: "2" HOT 1
- PfxImport: Keys prevent multiple imports to different locations HOT 1
- When using content option on PfxImport with certificate twice in pfx private key gets lost HOT 1
- Update Azure DevOps Pipeline Images
- Update CI Pipeline Files from Latest Pattern
- Convert to class-based resources
- Convert tests to Pester 5
- Add support to export Cert as Base64 with CredentialExport HOT 2
- CertReq resource cannot request multiple certificates with same subject name HOT 2
- DSC_CertReq failed to execute Set-TargetResource functionality with error message: Cannot add type. The type name 'Source.NativeMethods' already exists
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certificatedsc.