xPSDesiredStateConfiguration icon indicating copy to clipboard operation
xPSDesiredStateConfiguration copied to clipboard
verified publisher icon dsccommunity

xGroup: Inconsistent behavior in Azure VM deployments (dscextension)

Open msft-jasonparker opened this issue 5 years ago • 1 comments

Details of the scenario you tried and the problem that is occurring

Deploying Azure resource (dscextension) on existing VM (is domain joined). Fairly large DSC configuration (using PSDesiredStateConfiguration, xPSDesiredStateConfiguration, CertificateDsc, and ComputerManagementDsc). The first section of the local node configuration is xGroup for modifying the local administrators group members.

VM is joined to domain.local

Resource fails intermittently between different VMs. All VMs joined to same domain. Last issue was 2 VM deployment, 1 of 2 VMs failed with xGroup resource. Checked the VM and the group was added regardless the failure.

Verbose logs showing the problem

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'dscextension'. Error message: \\\"DSC Configuration 'Win10Config' completed with error(s). Following are the first few: PowerShell DSC resource DSC_xGroupResource failed to execute Test-TargetResource functionality with error message: Unable to resolve account 'domain.local\\\\MyGroup'. Failed with message: Exception calling \\\"FindByIdentity\\\" with \\\"2\\\" argument(s): \\\"The user name or password is incorrect.\\r\\n\\\" (error code=-2146233087)\\r\\nParameter name: domain.local\\\\MyGroup \\\"\\r\\n\\r\\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot \"\r\n }\r\n ]\r\n }\r\n}"}]}

Suggested solution to the issue

The DSC configuration that is used to reproduce the issue (as detailed as possible)

xGroup 'Local Administrators Group Members' {
    GroupName = "Administrators"
    Ensure = "Present"
    MembersToInclude = "domain.local\MyGroup"
}

The operating system the target node is running

OsName : Microsoft Windows 10 Enterprise for Virtual Desktops OsOperatingSystemSKU : 175 OsArchitecture : 64-bit WindowsVersion : 1909 WindowsBuildLabEx : 18362.1.amd64fre.19h1_release.190318-1202 OsLanguage : en-US OsMuiLanguages : {en-US)

Version and build of PowerShell the target node is running

Name Value

PSVersion 5.1.18362.752 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.18362.752 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1

Version of the DSC module that was used

Latest (07/2020)

msft-jasonparker avatar Jul 23 '20 16:07 msft-jasonparker

Hi @msft-jasonparker - it sounds like this could be an intermittent connectivity issue with the DC. Is the DC a VM in Azure or Azure ADDS or an on-prem DC?

You could try adding a WaitForADDoman before the call to the xGroup resource: https://github.com/dsccommunity/ActiveDirectoryDsc/wiki/WaitForADDomain

This would first wait for a DC to be contactable before moving on to the xGroup resource.

PlagueHO avatar Aug 04 '20 07:08 PlagueHO