search

X-Guardian / AdfsDsc

DSC resources for deployment and configuration of Active Directory Federation Services
MIT License
9 stars 5 forks source link

AdfsProperties: The property 'AdditionalErrorPageInfo' cannot be found on this object #51

Closed shurick81 closed 3 years ago

shurick81 commented 3 years ago

Details of the scenario you tried and the problem that is occurring

Tried to apply the MonitoringInterval but got an error when applying.

Verbose logs showing the problem

2021-04-08T10:44:56.0757773Z VERBOSE: Operation 'Invoke CimMethod' complete.
2021-04-08T10:44:56.0776905Z VERBOSE: Set-DscLocalConfigurationManager finished in 0.133 seconds.
2021-04-08T10:44:56.0988928Z VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = 
2021-04-08T10:44:56.0990018Z SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = 
2021-04-08T10:44:56.0990891Z root/Microsoft/Windows/DesiredStateConfiguration'.
2021-04-08T10:44:56.1093095Z VERBOSE: An LCM method call arrived from computer SOP-STAGE-APP03 with user sid 
2021-04-08T10:44:56.1098768Z S-1-5-21-2909328277-3842075283-3334363682-1364.
2021-04-08T10:44:56.1161952Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ Start  Set      ]
2021-04-08T10:44:56.4059235Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ Start  Resource ]  [[AdfsProperties]CommonAdfsProperties]
2021-04-08T10:44:56.4064873Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ Start  Test     ]  [[AdfsProperties]CommonAdfsProperties]
2021-04-08T10:44:56.4190014Z VERBOSE: [SOP-STAGE-ADFS1]:                            [[AdfsProperties]CommonAdfsProperties] Testing 
2021-04-08T10:44:56.4190472Z 'adfs-stage.contosocrm.se'. (PRO002)
2021-04-08T10:44:56.4238864Z VERBOSE: [SOP-STAGE-ADFS1]:                            [[AdfsProperties]CommonAdfsProperties] Getting 
2021-04-08T10:44:56.4241754Z 'adfs-stage.contosocrm.se'. (PRO001)
2021-04-08T10:44:57.2267313Z The property 'AdditionalErrorPageInfo' cannot be found on this object. Verify that the property exists.
2021-04-08T10:44:57.2267826Z     + CategoryInfo          : NotSpecified: (:) [], CimException
2021-04-08T10:44:57.2268154Z     + FullyQualifiedErrorId : PropertyNotFoundStrict
2021-04-08T10:44:57.2269666Z     + PSComputerName        : sop-stage-adfs1.stagead.contosocrm.se
2021-04-08T10:44:57.2269958Z  
2021-04-08T10:44:57.2282809Z Cannot bind argument to parameter 'CurrentValues' because it is null.
2021-04-08T10:44:57.2283433Z     + CategoryInfo          : InvalidData: (:) [], CimException
2021-04-08T10:44:57.2283792Z     + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Compare-ResourcePropertyState
2021-04-08T10:44:57.2284159Z     + PSComputerName        : sop-stage-adfs1.stagead.contosocrm.se
2021-04-08T10:44:57.2284384Z  
2021-04-08T10:44:57.2292272Z VERBOSE: [SOP-STAGE-ADFS1]:                            [[AdfsProperties]CommonAdfsProperties] 'adfs-stage.contosocrm.se'
2021-04-08T10:44:57.2293599Z  is in the desired state. (PRO005)
2021-04-08T10:44:57.2304969Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ End    Test     ]  [[AdfsProperties]CommonAdfsProperties]  in 0.8130 seconds.
2021-04-08T10:44:57.2419254Z The PowerShell DSC resource '[AdfsProperties]CommonAdfsProperties' with SourceInfo 'C:\AzurePipelineAgent\_work\1\platf
2021-04-08T10:44:57.2419830Z orm\src\platform\configuration\adfs-config.ps1::19::9::AdfsProperties' threw one or more non-terminating errors while r
2021-04-08T10:44:57.2420284Z unning the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/O
2021-04-08T10:44:57.2420600Z perational. Refer to this channel for more details.
2021-04-08T10:44:57.2420916Z     + CategoryInfo          : InvalidOperation: (:) [], CimException
2021-04-08T10:44:57.2421220Z     + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
2021-04-08T10:44:57.2421607Z     + PSComputerName        : sop-stage-adfs1.stagead.contosocrm.se
2021-04-08T10:44:57.2421844Z  
2021-04-08T10:44:57.2563915Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ Start  Resource ]  [[Script]KronobergClaimProvider]
2021-04-08T10:44:57.2569399Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ Start  Test     ]  [[Script]KronobergClaimProvider]
2021-04-08T10:44:57.3041154Z VERBOSE: [SOP-STAGE-ADFS1]:                            [[Script]KronobergClaimProvider] AdfsClaimsProviderTrust found
2021-04-08T10:44:57.3071594Z VERBOSE: [SOP-STAGE-ADFS1]:                            [[Script]KronobergClaimProvider] MetadataUrl matches
2021-04-08T10:44:57.3093652Z VERBOSE: [SOP-STAGE-ADFS1]:                            [[Script]KronobergClaimProvider] MonitoringEnabled is true
2021-04-08T10:44:57.3114280Z VERBOSE: [SOP-STAGE-ADFS1]:                            [[Script]KronobergClaimProvider] AutoUpdateEnabled is true
2021-04-08T10:44:57.3231471Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ End    Test     ]  [[Script]KronobergClaimProvider]  in 0.1250 seconds.
2021-04-08T10:44:57.3242442Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ Skip   Set      ]  [[Script]KronobergClaimProvider]
2021-04-08T10:44:57.3250453Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ End    Resource ]  [[Script]KronobergClaimProvider]
2021-04-08T10:44:57.3257729Z VERBOSE: [SOP-STAGE-ADFS1]: LCM:  [ End    Set      ]
2021-04-08T10:44:57.3560301Z The SendConfigurationApply function did not succeed.
2021-04-08T10:44:57.3561083Z     + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
2021-04-08T10:44:57.3561648Z     + FullyQualifiedErrorId : MI RESULT 1
2021-04-08T10:44:57.3563105Z     + PSComputerName        : sop-stage-adfs1.stagead.contosocrm.se
2021-04-08T10:44:57.3563491Z  
2021-04-08T10:44:57.3573997Z VERBOSE: Operation 'Invoke CimMethod' complete.
2021-04-08T10:44:57.3580709Z VERBOSE: Time taken for configuration job to complete is 1.276 seconds

Suggested solution to the issue

Implement more flexibility in the code for those installations of ADFS where AdditionalErrorPageInfo does not exist in the configuration. Perhaps it might depend on the Windows/ADFS version. In some installations that I maintain, $(Get-AdfsProperties).AdditionalErrorPageInfo returns a value, on the other it returns $null.

The same code works on a Windows 2019 machine without the issue.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

AdfsProperties CommonAdfsProperties
{
    FederationServiceName   = "adfs-stage.contoso.se"
    MonitoringInterval      = 10
}

The operating system the target node is running

OsName               : Microsoft Windows Server 2016 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.4283.amd64fre.rs1_release.210303-1802
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14393.3866
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.3866
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

1.1.0

X-Guardian commented 3 years ago

What OS version is the ADFS server running that your are running this DSC config on? The ADFS AdditionalErrorPageInfo property was added to Windows Server 2016 and above.

shurick81 commented 3 years ago

it is Windows Server 2016 that I tried it with. Now I also created a test environment in Azure from "2016-Datacenter-smalldisk" sku, installed ADFS and I can see that it returns null on $(Get-AdfsProperties).AdditionalErrorPageInfo. Do you need to install WIndows/ADFS in any special way for that?

X-Guardian commented 3 years ago

Hi @shurick81, I've done some more testing on this and you are right, the AdditionalErrorPageInfo property was only introduced in Windows Server 2019. I'll raise a PR to resolve this.