PowerShell

The PowerShell forum accepts bug reports as well as feedback and suggestions. For more information, check out the PowerShell Homepage

The following is a list of the states we use to track items.

status meaning
survey We saw this and we are considering it. Please upvote if it’s important to you.
needs more information We don’t understand the issue and need additional details.
investigating We are looking at this internally to understand things like: scenario, reproduction of issue, costing, or other technical details.
in queue The issue is understood and in our unprioritized backlog. Your votes will be used to drive prioritization of this work.
  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. GetResourceState in DSC Proxy class should use TestConfiguration

    In WMF 5 RTM, for the cross-machine synchronization, the WaitForX resources (GetResourceState) use the configuration state cache to return the resource state to the remote node using WaitForX. This is incorrect. This may return the resource state in no time but it is not always accurate and will have impact on the configuration waiting on the resource state.

    For example, consider that there is a web server waiting on the SQL AlwaysOn cluster resource on a remote system. Now, consider that the remote SQL cluster resource went into a non-functional state for some reason and there was no DSC consistency…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow LCM to accomodate module dependencies that get installed by earlier steps in the configuration

    Currently, if you have a configuration that installs a Windows feature then has another step that configures settings using a module that gets installed with that particular feature, the LCM fails its check because that module is not currently present on the node.

    For example, we have a configuration that installs the Web-Server role. There are later steps which use the xWebAdministration resource to configure things like Application Pools and Application Pool defaults. The problem is, when the LCM pulls the configuration and runs it's checks, it fails because the xWebAdministration resource uses cmdlets that are present in the WebAdministration…

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    investigating  ·  Mark Gray responded

    Thanks for the feedback! This behavior is not by design and is not something I have ever seen before. We will look into it and get back with an answer or more questions.

  3. BUG: Cim instances are not compiled correctly into MOF

    I'm trying to create a function that returns the bindinginfo for a website. This is intended to reduce the complexity of my dsc resource file that will have 20/30 websites with similar bindinginfo based on the node name. Anyway, it seems like the dsc compiler doesn't support cim instances. Doing the same thing with credentials actually works, so I wonder why this is the case for binding infos.

    This is an example to reproduce the problem

    configuration DscTest
    {
    Import-DscResource -ModuleName xWebAdministration;

    Node localhost
    {

    xWebsite TestWebSite
    
    {
    Ensure = "Present"
    Name = "TestWebSite"
    PhysicalPath = "C:\inetpub\test"
    BindingInfo = (Get-TestBindingInformation
    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Zachary Alexander responded

    Can you take a look below and leave a comment to let me know if the workaround is sufficient for your purposes? If so, I will close this item. If not, I will keep it marked as survey.

  4. [Bug] Creating Local Users Fails Test-DSCConfiguration if the Users are Disabled

    I can successfully create a disabled local user account on a non-domain joined server which has a password policy enforced.

    If I try to create the disabled account with out a password, or one in violation of the policy, the configuration fails. This is expected.

    If I create a disabled local user account with a password that meets the requirements, the configuration applies. When I run Test-DSCConfiguration the test fails with:
    PowerShell DSC resource MSFT_UserResource failed to execute Test-TargetResource functionality with error message:
    There could be a possible connection error while trying to use the System.DirectoryServices API's.Exception calling
    "ValidateCredentials" with…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Phil,

    Sounds like a valid bug. Thanks for bringing it to our attention. I have opened a bug in our internal system to track this to resolution.

    MarkG

  5. Change the way ConfigurationNames works to accomodate easy management and software provisioning

    TL&DR - Make ConfigurationNames accept multiple values and Accept changes to the values of ConfigurationNames in a Live manner and not just for the initital regisration of the node.

    Today ConfiguratioNames is used on the initial regsitration of the node. Althugh it can accept an array, it wont work with more then one value and issue errors. That value is basically the name of the mof file on the pull server. This allows for friendly names of mof files while still maintaining uniqness of the nodes for reporting purposes that wasnt available in ps v4 using the same GUID.

    Everytime…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  6. DSC: Should allow Credentials with Blank Passwords, so you can use GMSA accounts

    For some reason DSC errors out with a credential object contains a null password. Unfortunately that is the mechanism use to set group managed service accounts.
    Here is a link to a relevant bug in xWebAdministration: https://github.com/PowerShell/xWebAdministration/issues/80#issuecomment-171364644

    And here is an example of the output your recieve when you attempt to use a managed service account:

    "VERBOSE: [COMPUTERNAME]: LCM: [ End Test ] [[xWebAppPool]testpool] in 0.0070 seconds.
    The password supplied to the Desired State Configuration resource MSFT_xWebAppPool is not valid. The password cannot be null or empty.

    + CategoryInfo          : InvalidResult: (:) [], CimException
    
    + FullyQualifiedErrorId : InvalidPassword
    + PSComputerName
    122 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Thanks for the feedback! I have personally heard this request from a number of customers. IMHO having the ability to use GMS accounts would be a quite useful in DSC configurations. If this is an important feature for you as well, vote it up so that we can appropriately prioritize it as we move forward.

    MarkG

  7. DSC File Resource - Modify Attributes Without Having to Delete

    File resource does not allow modifications to the target without first having to delete the target.

    Example:
    File HiddenFiles {

    DestinationPath = "C:\Deploy\HiddenFile.txt"
    
    Contents = "HiddenFile Contents"
    Attributes = "ReadOnly","Hidden","System"
    Ensure = "Present"

    }

    This should change the file attributes but it doesn't unless the file is manually deleted

    File resource does not allow modifications to the target without first having to delete the target.

    Example:
    File HiddenFiles {

    DestinationPath = "C:\Deploy\HiddenFile.txt"
    
    Contents = "HiddenFile Contents"
    Attributes = "ReadOnly"
    Ensure = "Present"

    }

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    investigating  ·  Mark Gray responded

    Josh,

    Thanks for the feedback. The file resource should set the attributes on an existing file. I have not been able to duplicate your issue in Windows 10. If you are still experiencing it, please add more details.

    Thanks,

    MarkG

  8. DSC Pullserver database and High availability

    As a suggestion – would it be possible to let us configure the on-prem Pullserver to use a separate database rather than the ESENT one located on the Pullserver. This would solve the issues around high availability and those databases.

    I’m thinking it would be great to configure multiple Pullservers to use a backend database as we would do for any other web application. Then we could separate the load balancing of the Pullserver from the Database availability.

    Thanks for considering!!

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  9. DSC ESENT Database management

    In a recent change, the new database for the on-prem Pullserver is now ESENT. Had a question for clarification.

    As an old Exchange guy, I have fears that immediately pop into mind. The logs files do not appear to be using circular logging (a way of self cleaning and restricting the amount of log files) – Is this true?

    If so, then I’m guess that the log files will continue to grow until the disk is full – which happens to exchange if the log files are not truncated. Is there a way today or in the future we will…

    36 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    investigating  ·  5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Returning information from DSC Resource to another

    I know this has been discussed, just wanted to make sure to have it in UserVoice. It would be great if it was possible to return information from a resources, so that a later resource could use that information for configuration at runtime.

    Example. My configuration apply a new certificate. I would like to write a resource that can get the new certificate thumbprint so that a future resources in the config can use that thumbprint. This is something that Chef allows.

    So, something like a global variable that lives during runtime of the config.

    Thanks for considering!!

    51 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Class based DSC Description Attribute

    Add a description Attribute or extend the DscProperty and DscResource attributes to allow for descriptions that should be surfaced in the generated MOF file.

    Looking at how the MOF file is currently generated using Reflection this should be easy to implement.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow use "*" as PartialConfiguration property value in LCM

    Currently if we want to add another partial configuration, we have to reconfigure LCM on local machine to target new config.

    If LCM could use "*" (asterisk) as PartialConfiguration property value, then LCM reconfuguration wouldn't be necessary every time when new config was added.

    How it could work from my perspective:

    When LCM was reconfigured to pull every configuration (via asterisk as value) then it connect to PullSrv and pull every mof configuration with his own GUID like *.guid.mof.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add a GET function to DSC Report Server Webservice

    Add a GET method to the DSC webservice so that we can query the database for data other than individual node data which you have to know the Agent ID. If I want to build status dashbaord for all of my DSC nodes I then have to store and manage Agent ID's in another CMDB so I can query the webservice individually for each agent status. We used to have this capability in WMF 4 but it seems this is no longer possible with the reporting changes in WMF 5.

    See https://github.com/PowerShell/xPSDesiredStateConfiguration/issues/98
    and https://github.com/dfinke/ODataExplorer/issues/1

    54 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Thanks for the feedback, Sebastian! I have changed the status to survey to get a better feel for how important this is for customers in general.

    MarkG

  14. Absent Or Stopped for Service DSC Resource

    I am in an environment where sometimes things might get pushed on some machines from other sources. I would like to have a base composite resource that ensures a Service is not running on a machine whether the service is present or not. The service is either Absent or if it is Present it is stopped. Currently, if I just configure "State = 'Stopped'" and do not specify Ensure, then Ensure defaults to present and the configuration fails on machines where the service is absent. In this case, I do not want ensure that it is present or absent just…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  15. KB3000850

    KB3000850 is not part of the Azure SQL 2014 image, and takes over an hour to install (often timing out) before DSC Extension can run. When update fails to install, causes DSC to fail as well. Easy to reproduce - configure VM image based on SQL 2014 and install DSC using templates.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add tar.gz support to Package DSC resource

    It would nice to be able to expand tar.gz packages using DSC

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  17. (WMF 4) Get-DscConfiguration fails to decrypt more than one credential

    Assume you have a DSC configuration which uses two or more resources, each of them having a PSCredential property. The credentials are encrypted using a certificate. The configuration is applied successfully to the target node. However, Get-DscConfiguration fails with the following error message:

    Get-DscConfiguration : Decryption failed.
    At line:1 char:1
    + Get-DscConfiguration
    + ~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
    
    + FullyQualifiedErrorId : Windows System Error -2146893819,Get-DscConfiguration

    Analyzing the problem using a trivial resource which only writes diagnostic messages, it seems the credentials are correctly decrypted for the first resource, but the LCM fails to decrypt them for the…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow WildCard in PartialConfig name

    When a DSC Client Node gets his config from the DSC Pull Server, allow him to filter the config name with WildCards.

    For exemple the DSC Client named 'Target01' should be able to pull DSC configs named Target01.* (Target01.Apps , Target01.OS,...). So we could publish new DSC Configs without the need of re-configuring the target LCM.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    I agree that this experience is not the most streamlined. I would really like to understand how you and other customers are using partial configs when in pull mode. For example why do you use partial configurations instead of composite configurations? Are you using WMF 5.0 RTM Pull functionality or WMF 4.0?

  19. allow DSC nodes to download meta configuration

    when wmf4 initially launched, you could place meta.mof files into the pull server along side the default mof and both would be downloaded by the node and applied. This was rather ideal, as it meant I could create standard LCM configurations, and easily update/enforce them.

    For some reason, this seems to no longer work in WMF5.0. This should be returned. Anyone who's had to edit the settings of hundreds (thousands?) of agents should understand it's way easier to tweak one property.

    Real world example: ask anyone who's ever had to reconfigure the the SCCM agent cache. It's a needlessly complex…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Justin,

    Thanks for you feedback! I What types of things do you find yourself needing to manage in the meta-config after initial deployment? This is not to take away from the need for this, I want to better understand how you and other customers are / want to use it.

    Regards,

    MarkG

  20. BUG: Using ConfigurationNames generates a weak certificate

    If a Node is configured using a RegistrationKey so that ConfigurationNames can be used, then the CertificateID attribute is ignored under the ConfigurationRepositoryWeb block, and instead a self-signed certificate is generated called "DSC-OaaS".

    This certificate is used for both client authentication to the pull server as well as encrypting configuration Mofs at rest on the server host.

    The problem is two fold:


    1. Becuase the CertificateID gets ignored when using CONfigurationNames, admins cannot control the key length or encryption of the files.


    2. The certificate generated is a SHA-1 1024bit length. This is completely unacceptable as 1024 went out of use years…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  3 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base