Giter Site home page Giter Site logo

Comments (10)

PlagueHO avatar PlagueHO commented on June 5, 2024

Hi @svenvanrijen - thanks for reporting this. I actually ran across this issue last week on one my servers. So I was going to log this, but you beat me to it. Great work. Are you able to post your config for me (blank out any credentials or other sensitive info of course)?

from certificatedsc.

svenvanrijen avatar svenvanrijen commented on June 5, 2024

Hi Daniel, no problem:

configuration Config            
{
  Import-DscResource -ModuleName xActiveDirectory, `
                                 xNetworking, `
                                 xPendingReboot, `
                                 xDHCPServer, `
                                 PSDesiredStateConfiguration, `
                                 xComputerManagement, `
                                 xAdcsDeployment, `
                                 xCertificate

  [pscredential]$domainCred = Get-AutomationPSCredential -Name 'Local domain admin'
    
  
  Node $AllNodes.Where{$_.Role -eq "DSC HTTPS Pull Server"}.Nodename
 
  {             
            
    LocalConfigurationManager            
    {            
            ActionAfterReboot = 'ContinueConfiguration'            
            ConfigurationMode = 'ApplyAndAutoCorrect'            
            RebootNodeIfNeeded = $true
    }    
  
    xComputer JoinDomain
    {
            Name          = $Node.NodeName
            DomainName    = $Node.DomainName
            Credential    = $domainCred
        }

    xCertReq SSLCert
    {
            CARootName                = 'xxxxxxx-CA01-CA'
            CAServerFQDN              = "CA01.xxxxxx.xxx"
            Subject                   = "xxxxxx.xxx"
            Exportable                = $true
            CertificateTemplate       = 'WebServer'
            AutoRenew                 = $true
            Credential                = $domainCred
        }        
      }   
    }

$ConfigData = @{             
    AllNodes = @(             
        @{             
            Nodename = "*"             
            DomainName = "xxxxx.xxx"             
            RetryCount = 20              
            RetryIntervalSec = 30            
            PsDscAllowPlainTextPassword = $true            
        }

        @{             
            Nodename = "xxxx"
            Role = "DSC HTTPS Pull Server"             
            DomainName = "xxxxxxx.xxx"             
            RetryCount = 20              
            RetryIntervalSec = 30            
            PsDscAllowPlainTextPassword = $true
            PsDscAllowDomainUser = $true            
        }
   )             
}

It's quite a large config, so I just cut and paste the bits for the node that matters. If you need any more info or details, please let me know...

Kind regards,
Sven

from certificatedsc.

svenvanrijen avatar svenvanrijen commented on June 5, 2024

Hi!
I've tried to troubleshoot this issue myself this, but unfortunately without any luck.
Guess it has something to do with creating and starting the Win32_Process within the PDT script... When I try this manually, I get an error regarding insufficient rights to start the process.

Anyway, I've got around it by changing my config to not use the $credential parameter and fixing an error in the xCertReq resource (https://github.com/PowerShell/xCertificate/pull/43/files). For now, my config runs smoothly, but the error mentioned above still exists.

xCertReq SSLCert
        {
            CARootName                = 'xxxxxxxxx-CA01-CA'
            CAServerFQDN              = 'xxxxx.xxxxx.xxxx'
            Subject                   = 'dsc01.xxxxx.xxxx'
            KeyLength                 = '1024'
            Exportable                = $true
            ProviderName              = '"Microsoft RSA SChannel Cryptographic Provider"'
            OID                       = '1.3.6.1.5.5.7.3.1'
            KeyUsage                  = '0xa0'
            CertificateTemplate       = 'WebServer'
            AutoRenew                 = $true
        }

Kind regards,
Sven

from certificatedsc.

PlagueHO avatar PlagueHO commented on June 5, 2024

Hi @svenvanrijen - thanks for the additional info! I'm definitely trying to get to this one. It is right up high on my list.

from certificatedsc.

rikhepworth avatar rikhepworth commented on June 5, 2024

Hi
I have encountered this exact issue. As with @svenvanrijen removing the $credential, and modifying the xCertReq resource with Sven's code change works. My configuration is pretty much identical to the one Sven is attempting to apply. I'm doing this on Windows Server 2012R2 with all current patches applied.

from certificatedsc.

PlagueHO avatar PlagueHO commented on June 5, 2024

Hi @rikhepworth and @svenvanrijen - this does look like the solution to the problem. However the $credential is only required if the template requires an alternate credential to issue - so I don't think you'll need it mostly.

But because there is very little automated integration tests for this resource, I want to be certain that we're not making a breaking change. I've tried to implement some integration test for this resource (https://github.com/PowerShell/xCertificate/blob/dev/Tests/Integration/MSFT_xCertReq.Integration.Tests.ps1), so I'm just going to run these through on my CA's with the changes @svenvanrijen has made. I'm just doing this now and I'll get back to you ASAP.

Thanks again for your help and patience!

from certificatedsc.

PlagueHO avatar PlagueHO commented on June 5, 2024

@rikhepworth and @svenvanrijen - there is still some sort of issue going on when the $credential parameter is being passed. So even once @svenvanrijen has been merged I'll still keep this issue open till I can figure out what is causing this problem.

from certificatedsc.

svenvanrijen avatar svenvanrijen commented on June 5, 2024

Successfully created PR #52

from certificatedsc.

PlagueHO avatar PlagueHO commented on June 5, 2024

Hi @svenvanrijen - are we able to make this one as closed now?

from certificatedsc.

svenvanrijen avatar svenvanrijen commented on June 5, 2024

Yes, we can!
Issue successfully fixed in PR #52

from certificatedsc.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.