PowerShell
The PowerShell forum accepts bug reports as well as feedback and suggestions. For more information, check out the PowerShell Homepage
The following is a list of the states we use to track items.
status | meaning |
---|---|
survey | We saw this and we are considering it. Please upvote if it’s important to you. |
needs more information | We don’t understand the issue and need additional details. |
investigating | We are looking at this internally to understand things like: scenario, reproduction of issue, costing, or other technical details. |
in queue | The issue is understood and in our unprioritized backlog. Your votes will be used to drive prioritization of this work. |
-
Bring the Azure Automation DSC MOF encryption into the on-premises DSC pull server
In Azure Automation DSC the whole MOF file gets encrypted without the need to manually issue certificates for every node and then to collect the public keys.
From Azure documentation:
"Keeping credentials secure in node configurations (MOF configuration documents) requires encrypting the credentials in the node configuration MOF file. Azure Automation takes this one step further and encrypts the entire MOF file."This extremely useful feature sould also be implemented in the on-premises DSC pull server. Especially because the needed functionality must alread be in the WMF 5 as nothing more than WMF 5 is needed to use the Azure…
16 votes -
DSC: Should allow Credentials with Blank Passwords, so you can use GMSA accounts
For some reason DSC errors out with a credential object contains a null password. Unfortunately that is the mechanism use to set group managed service accounts.
Here is a link to a relevant bug in xWebAdministration: https://github.com/PowerShell/xWebAdministration/issues/80#issuecomment-171364644And here is an example of the output your recieve when you attempt to use a managed service account:
"VERBOSE: [COMPUTERNAME]: LCM: [ End Test ] [[xWebAppPool]testpool] in 0.0070 seconds.
The password supplied to the Desired State Configuration resource MSFT_xWebAppPool is not valid. The password cannot be null or empty.
…+ CategoryInfo : InvalidResult: (:) [], CimException
+ FullyQualifiedErrorId : InvalidPassword
+ PSComputerName128 votesThanks for the feedback! I have personally heard this request from a number of customers. IMHO having the ability to use GMS accounts would be a quite useful in DSC configurations. If this is an important feature for you as well, vote it up so that we can appropriately prioritize it as we move forward.
MarkG
-
OpenSource the Pull Server
Advances to the current PullServer are, quite frankly, slow and moving in a direction questionable to most MVPs. Microsoft should follow their own lead they took with the DSC modules: opensource it and place it on GitHub so that the community can invest in making a tool that we'd actually like to use.
Example of features still missing that everyone wants:
1. certificate management (use self-signed or pki)
2. web interface for compliance reportingExample of features added that are questionable/actually bad ideas:
1. partial configurations (multiple pull server sources, mofs, and reports all being managed by the node? who…101 votesJustin,
We totally understand that a robust Pull server / central management solution is something that is critical to your success with DSC. We have invested quite heavily in Azure Automation DSC (AA DSC) to fill many of these needs. With that said, I would be very interested to understand if the AA DSC solution does not work for you (and other customers) and why? Vote and comment if this is important to you.
Also interesting feedback on our ‘bad ideas’. Thanks!
MarkG
-
Returning information from DSC Resource to another
I know this has been discussed, just wanted to make sure to have it in UserVoice. It would be great if it was possible to return information from a resources, so that a later resource could use that information for configuration at runtime.
Example. My configuration apply a new certificate. I would like to write a resource that can get the new certificate thumbprint so that a future resources in the config can use that thumbprint. This is something that Chef allows.
So, something like a global variable that lives during runtime of the config.
Thanks for considering!!
51 votes -
Invoke-DSCResource on WindowsFeatureSet fails
As subject says. Example is below
PS C:\Windows\system32> Invoke-DscResource -Name WindowsFeatureSet -Property @{Name = "Storage-Services"; Ensure = "Present" } -Method test -ModuleName PSDesiredStateConfiguration
Invoke-DscResource : Failed to serialize properties into CimInstance.
At line:1 char:1
+ Invoke-DscResource -Name WindowsFeatureSet -Property @{Name = "Storag ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : NotSpecified: (:) [Invoke-DscResource], SerializationException
+ FullyQualifiedErrorId : System.Runtime.Serialization.SerializationException,Microsoft.PowerShell.DesiredStateConfiguration.Commands.InvokeDscResourceMethodCommand
19 votesThanks for the feedback! Based on its current ranking compared to other feedback items and product schedule, work on this item is pending (and will be driven by) further customer input. If you did not open this issue and are also impacted by it, please vote this item up.
MarkG
-
Enable service restart and similar scenarios in DSC configurations
Renamed from "Provide additional resource control methods in DSC" for clarity
Votes from Connect: 13Original Date Submitted: 5/28/2015 12:15:20 AM
Description:
Contact Information
Handle: Ben Gelens
Site Name: PowerShell
Feedback ID: 1373894
Problem Description:
Scenario:
A MOF file is compiled for a node serving a website. The service resource is used to declare the W3SVC service to be started and the file resource is used to copy in the web content.
Next an update is deployed to the website by compiling a new MOF file and for the new content to become active, the W3SVC service needs to be…77 votes -
Allow variable input to be passed to import-dscresource
To keep configurations and composite resources as modular as possible, we should be able to pass an array of module specifications as a parameter.
Consider the following:
[Parameter()]
[System.Collections.Hashtable[]]
$DscResourcesToImport = @(
@{ModuleName='xPSDesiredStateConfiguration'; ModuleVersion='3.9.0.0'},
@{ModuleName='xComputerManagement'; ModuleVersion='1.4.0.0'}
)
)foreach ($Resource in $DscResourcesToImport)
{
$ModuleSpec = @{ModuleName="$Resource.ModuleName"; ModuleVersion="$Resource.ModuleVersion"}
Import-DscResource -ModuleName $ModuleSpec
}This fails with the error: "Arguments must be constant"
Thanks for considering this.
7 votes -
allow DSC nodes to download meta configuration
when wmf4 initially launched, you could place meta.mof files into the pull server along side the default mof and both would be downloaded by the node and applied. This was rather ideal, as it meant I could create standard LCM configurations, and easily update/enforce them.
For some reason, this seems to no longer work in WMF5.0. This should be returned. Anyone who's had to edit the settings of hundreds (thousands?) of agents should understand it's way easier to tweak one property.
Real world example: ask anyone who's ever had to reconfigure the the SCCM agent cache. It's a needlessly complex…
13 votesJustin,
Thanks for you feedback! I What types of things do you find yourself needing to manage in the meta-config after initial deployment? This is not to take away from the need for this, I want to better understand how you and other customers are / want to use it.
Regards,
MarkG
-
BUG: Cim instances are not compiled correctly into MOF
I'm trying to create a function that returns the bindinginfo for a website. This is intended to reduce the complexity of my dsc resource file that will have 20/30 websites with similar bindinginfo based on the node name. Anyway, it seems like the dsc compiler doesn't support cim instances. Doing the same thing with credentials actually works, so I wonder why this is the case for binding infos.
This is an example to reproduce the problem
configuration DscTest
{
Import-DscResource -ModuleName xWebAdministration;Node localhost
{
…xWebsite TestWebSite
{
Ensure = "Present"
Name = "TestWebSite"
PhysicalPath = "C:\inetpub\test"
BindingInfo = (Get-TestBindingInformation4 votesCan you take a look below and leave a comment to let me know if the workaround is sufficient for your purposes? If so, I will close this item. If not, I will keep it marked as survey.
-
Generate DSC from existing servers
For those of us with heavily-configured snowflake servers, it would great if it were possible to generate DSC files from existing builds. This may not be possible in all areas, but perhaps a subset of areas could be supported, with IIS 7.0+ at the top of the list.
14 votes -
[Bug] Creating Local Users Fails Test-DSCConfiguration if the Users are Disabled
I can successfully create a disabled local user account on a non-domain joined server which has a password policy enforced.
If I try to create the disabled account with out a password, or one in violation of the policy, the configuration fails. This is expected.
If I create a disabled local user account with a password that meets the requirements, the configuration applies. When I run Test-DSCConfiguration the test fails with:
PowerShell DSC resource MSFT_UserResource failed to execute Test-TargetResource functionality with error message:
There could be a possible connection error while trying to use the System.DirectoryServices API's.Exception calling
"ValidateCredentials" with…4 votesPhil,
Sounds like a valid bug. Thanks for bringing it to our attention. I have opened a bug in our internal system to track this to resolution.
MarkG
-
Add enhanced reporting, allowing you to view the status of all nodes instead of one at a time.
Currently, the DSC reporting server only offers the ability to query a single node at a time. I think for any environment, it would be crucial to get a list of the last reported compliance for all nodes. I'd really like to see this feature added in a future release.
2 votesEric,
Thanks for the feedback! This is something that we are aware of. We intentionally did not want to do this without having a way to authenticate the requests.
Have you seen this community project? It should help you get the functionality that you are looking for including authentication:
https://github.com/claudiospizzi/DSCPullServerWebMarkG
-
ConfigurationAST should include resource modules being imported
The ConfigurationAST added in v4 for PowerShell DSC does a good job at providing resource configuration details. However, to determine what modules are being imported, we should still use the keyword AST to find the resource module names from the Import-DSCResource command. While this is a workaround, it will be easier if ConfigurationAST can provide this information for simplicity.
14 votes -
DSC registry resource support '/' in the registry path.
DSC registry resource support '/' in the registry path.
If you use a path containing a / e.g. "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128" then the builtin registry resource you end up with an error or the wrong registry path being created.
This config will not work. I've have to create my own module to create the folder and then us the registry resource to create the actual key.
Registry "DisableCipherRC240128"
{
Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128"
ValueName = "Enabled"
ValueType = "Dword"
ValueData = "0"
Ensure = "Present"
Force = $true
}The register resource should support / in the path.
5 votes -
Node with large configurations fails to send status report to the Report Server
Testing out WMF 5.0 and when I tried one of our existing configurations, which has a good amount of resources in it, the following error is logged in the event log after each consistency check:
Job {%JobID%} :
Http Client {%AgentID%} failed for WebReportManager for configuration The attempt to send status report to the server https://johntestx02/PSDSCPullServer.svc/Nodes(AgentId={%AgentID%}')/SendReport returned unexpected response code RequestEntityTooLarge..I assume this is because of the amount of resources the node is trying to report on back to the report server. Has anyone else run into this? Can the Report Server configuration be adjusted to accept lager amounts…
12 votes -
There is no step by step documenation in place how to install SQL server using xsqlps module
There is no step by step documenation in place how to install SQL server using xsqlps module
1 voteThanks for the feedback. I filed this issue on GitHub, where you can track it if you like. https://github.com/PowerShell/xSQLServer/issues/176
-
Add a GET function to DSC Report Server Webservice
Add a GET method to the DSC webservice so that we can query the database for data other than individual node data which you have to know the Agent ID. If I want to build status dashbaord for all of my DSC nodes I then have to store and manage Agent ID's in another CMDB so I can query the webservice individually for each agent status. We used to have this capability in WMF 4 but it seems this is no longer possible with the reporting changes in WMF 5.
See https://github.com/PowerShell/xPSDesiredStateConfiguration/issues/98
and https://github.com/dfinke/ODataExplorer/issues/154 votesThanks for the feedback, Sebastian! I have changed the status to survey to get a better feel for how important this is for customers in general.
MarkG
-
Invoke-DscResource String to Boolean conversion Failure
Invoking command:
Invoke-DscResource -Name cDtc -Method Test -Property @{'Name'='Local';'Ensure'='Present';'AuthenticationLevel'='NoAuth';'Status'='Started';'InboundTransactionsEnabled'='True';'OutboundTransactionsEnabled'='True';'RemoteClientAccessEnabled'='True';'RemoteAdministrationAccessEnabled'='False';'XATransactionsEnabled'='True';'LUTransactionsEnabled'='False'} -ModuleName cDtcResource
Cause PowerShell to fail.
Convert property 'OutboundTransactionsEnabled' value from type 'STRING' to type 'BOOLEAN' failed
At line:17, char:2
Buffer:
essEnabled = "False";
};^1 vote -
Class based DSC Description Attribute
Add a description Attribute or extend the DscProperty and DscResource attributes to allow for descriptions that should be surfaced in the generated MOF file.
Looking at how the MOF file is currently generated using Reflection this should be easy to implement.
11 votes -
Partial Configurations should support validating ExclusiveResource reservations during publish or pull
In the current implementation for Partial Configurations, the ExclusiveResources in the configuration fragment can be used to reserve resource modules or resources to a specific fragment. However, this is not validated until runtime. So, if there are two fragments that are using same resource modules and one fragment has those resources exclusively locked, the configuration enact will fail during runtime.
These exclusive resource reservation checks should be done either at the publish time (push) or before enacting the configuration after a pull is complete.
5 votes
- Don't see your idea?