search

X-Guardian / AdfsDsc

DSC resources for deployment and configuration of Active Directory Federation Services
MIT License
9 stars 5 forks source link

AdfsGlobalAuthenticationPolicy: Errors with older Versions of ADFS #41

Closed rchristman89 closed 3 years ago

rchristman89 commented 4 years ago

Details of the scenario you tried and the problem that is occurring

When specifying PrimaryExtranetAuthenticationProvider & PrimaryIntranetAuthenticationProvider an error occurs. It appears to be looking for properties that do not exist in my environment, I am assuming due to the version. It seems like the compare is comparing parameters that are not being passed when using Windows Server 2012 R2.

Verbose logs showing the problem

VERBOSE: [ADFS01]: LCM:  [ Start  Resource ]  [[AdfsGlobalAuthenticationPolicy]GlobalAuthenticationPolicy]
VERBOSE: [ADFS01]: LCM:  [ Start  Test     ]  [[AdfsGlobalAuthenticationPolicy]GlobalAuthenticationPolicy]
VERBOSE: [ADFS01]:                            [[AdfsGlobalAuthenticationPolicy]GlobalAuthenticationPolicy] Testing 'sts.contoso.com'. (GAP002
)
VERBOSE: [ADFS01]:                            [[AdfsGlobalAuthenticationPolicy]GlobalAuthenticationPolicy] Getting 'sts.contoso.com'. (GAP001
)
The property 'AllowAdditionalAuthenticationAsPrimary' cannot be found on this object. Verify that the property exists.
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : PropertyNotFoundStrict
    + PSComputerName        : ADFS01

Cannot bind argument to parameter 'CurrentValues' because it is null.
    + CategoryInfo          : InvalidData: (:) [], CimException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Compare-ResourcePropertyState
    + PSComputerName        : ADFS01

VERBOSE: [ADFS01]:                            [[AdfsGlobalAuthenticationPolicy]GlobalAuthenticationPolicy] 'sts.contoso.com' is in the desire
d state. (GAP005)
VERBOSE: [ADFS01]: LCM:  [ End    Test     ]  [[AdfsGlobalAuthenticationPolicy]GlobalAuthenticationPolicy]  in 0.7660 seconds.
The PowerShell DSC resource '[AdfsGlobalAuthenticationPolicy]GlobalAuthenticationPolicy' with SourceInfo 
'C:\temp\ADFSConfig.ps1::57::9::AdfsGlobalAuthenticationPolicy' threw one or more non-terminating errors while running the 
Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this 
channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : ADFS01

VERBOSE: [ADFS01]: LCM:  [ End    Set      ]

Suggested solution to the issue

The DSC configuration that is used to reproduce the issue (as detailed as possible)

AdfsGlobalAuthenticationPolicy GlobalAuthenticationPolicy
{
    FederationServiceName                  = $node.FederationServiceName
    PrimaryExtranetAuthenticationProvider  = 'CertificateAuthentication'
    PrimaryIntranetAuthenticationProvider  = 'WindowsAuthentication'
}

The operating system the target node is running

OsName               : Microsoft Windows Server 2012 R2 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 9600.19761.amd64fre.winblue_ltsb.200610-0600
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value                                                                                                        
----                           -----                                                                                                        
PSVersion                      5.1.14409.1005                                                                                               
PSEdition                      Desktop                                                                                                      
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                      
BuildVersion                   10.0.14409.1005                                                                                              
CLRVersion                     4.0.30319.42000                                                                                              
WSManStackVersion              3.0                                                                                                          
PSRemotingProtocolVersion      2.3                                                                                                          
SerializationVersion           1.1.0.1

Version of the DSC module that was used

1.0.0

X-Guardian commented 4 years ago

Hi @rchristman89, thanks for reporting this issue. Can you post the output of Get-AdfsGlobalAuthenticationPolicy on your Windows 2012 R2 server so I can see what properties are available.