WebAdministrationDsc
WebAdministrationDsc copied to clipboard
xWebApplication fails obtain desired state if multiple SSL flags are specified.
Details of the scenario you tried and the problem that is occurring If multiple
If the 'SSLFlags' parameter of an xWebApplication instance contains multiple flags, the "Test" method always fails.
The site will be properly configured. However a test of the resource will fail. So if DSC is configured to run in "Monitor" mode, this resource will always be marked as "Not In Desired State".
Verbose logs showing the problem
PS C:\> Invoke-DscResource -ModuleName 'xWebAdministration' -Name 'xWebApplication' -Method 'Set' -Property @{
Name = '[obfuscated]'
PhysicalPath = 'D:\inetpub\wwwroot\[obfuscated]'
WebAppPool = '[obfuscated]'
Website = '[obfuscated]'
PreloadEnabled = $true
ServiceAutoStartEnabled = $true
SSLFlags = @('Ssl', 'Ssl128')
Ensure = 'Present'
} -verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer SC-WTEXASVA with user sid S-1-5-21-1704754919-1788290416-935202900-1000.
VERBOSE: [SC-WTEXASVA]: LCM: [ Start Set ] [[xWebApplication]DirectResourceAccess]
VERBOSE: [SC-WTEXASVA]: [[xWebApplication]DirectResourceAccess] Updating SslFlags for Web application "[obfuscated]".
VERBOSE: [SC-WTEXASVA]: LCM: [ End Set ] [[xWebApplication]DirectResourceAccess] in 1.1000 seconds.
VERBOSE: [SC-WTEXASVA]: LCM: [ End Set ] in 1.1400 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
RebootRequired
--------------
False
VERBOSE: Time taken for configuration job to complete is 1.211 seconds
PS C:\> Invoke-DscResource -ModuleName 'xWebAdministration' -Name 'xWebApplication' -Method 'Test' -Property @{
Name = '[obfuscated]'
PhysicalPath = 'D:\inetpub\wwwroot\[obfuscated]'
WebAppPool = '[obfuscated]'
Website = '[obfuscated]'
PreloadEnabled = $true
ServiceAutoStartEnabled = $true
SSLFlags = @('Ssl', 'Ssl128')
Ensure = 'Present'
} -verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceTest,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer SC-WTEXASVA with user sid S-1-5-21-1704754919-1788290416-935202900-1000.
VERBOSE: [SC-WTEXASVA]: LCM: [ Start Test ] [[xWebApplication]DirectResourceAccess]
VERBOSE: [SC-WTEXASVA]: [[xWebApplication]DirectResourceAccess] SslFlags for web application "[obfuscated]" are not in the desired state.
VERBOSE: [SC-WTEXASVA]: LCM: [ End Test ] [[xWebApplication]DirectResourceAccess] False in 0.0600 seconds.
VERBOSE: [SC-WTEXASVA]: LCM: [ End Set ] in 0.1050 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
InDesiredState
--------------
False
VERBOSE: Time taken for configuration job to complete is 0.182 seconds
PS C:\> Invoke-DscResource -ModuleName 'xWebAdministration' -Name 'xWebApplication' -Method 'Get' -Property @{
Name = '[obfuscated]'
PhysicalPath = 'D:\inetpub\wwwroot\[obfuscated]'
WebAppPool = '[obfuscated]'
Website = '[obfuscated]'
PreloadEnabled = $true
ServiceAutoStartEnabled = $true
SSLFlags = @('Ssl', 'Ssl128')
Ensure = 'Present'
} -verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceGet,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer SC-WTEXASVA with user sid S-1-5-21-1704754919-1788290416-935202900-1000.
VERBOSE: [SC-WTEXASVA]: [[xWebApplication]DirectResourceAccess] Get-TargetResource has been run.
VERBOSE: [SC-WTEXASVA]: LCM: [ End Get ] [[xWebApplication]DirectResourceAccess] in 0.0950 seconds.
VERBOSE: [SC-WTEXASVA]: LCM: [ End Set ] in 0.1350 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
ConfigurationName :
DependsOn :
ModuleName : xWebAdministration
ModuleVersion : 3.2.0
PsDscRunAsCredential :
ResourceId :
SourceInfo :
ApplicationType :
AuthenticationInfo : MSFT_xWebApplicationAuthenticationInformation
EnabledProtocols : {http}
Ensure : Present
Name : [obfuscated]
PhysicalPath : D:\inetpub\wwwroot\[obfuscated]
PreloadEnabled : True
ServiceAutoStartEnabled : True
ServiceAutoStartProvider :
SslFlags : {Ssl,Ssl128}
WebAppPool : [obfuscated]
Website : [obfuscated]
PSComputerName : localhost
VERBOSE: Time taken for configuration job to complete is 0.217 seconds
Suggested solution to the issue
The problem appears to be with the helper function 'Get-SslFlags' which does not split the string 'Ssl,Ssl128'. Consequentially, the helper function 'Test-SslFlags' compares the array @('Ssl','Ssl128) with the string 'Ssl,Ssl128' and always returns false.
The DSC configuration that is used to reproduce the issue (as detailed as possible)
xWebApplication WebApp {
Name = '[obfuscated]'
PhysicalPath = 'D:\inetpub\wwwroot\[obfuscated]'
WebAppPool = '[obfuscated]'
Website = '[obfuscated]'
PreloadEnabled = $true
ServiceAutoStartEnabled = $true
SSLFlags = @('Ssl', 'Ssl128')
Ensure = 'Present'
}
The operating system the target node is running
OsName : Microsoft Windows 10 Enterprise LTSC OsOperatingSystemSKU : 125 OsArchitecture : 64-bit WindowsVersion : 1809 WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434 OsLanguage : en-US OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
Name Value
PSVersion 5.1.17763.1490 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.17763.1490 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1
Version of the DSC module that was used
3.2.0