search

cloudfoundry / diego-windows-release

Apache License 2.0
9 stars 13 forks source link

setup.ps1 failed to run if ‘$’ character in user names #18

Closed David-VMware closed 8 years ago

David-VMware commented 8 years ago

Hi,

Hit the following error when run setup.ps1.

The SendConfigurationApply function did not succeed. PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: Cannot convert value "\\E2SBDIEGO01\root\cimv2:Win32_UserAccount.Domain= (file://E2SBDIEGO01/root/cimv2:Win32_UserAccount.Domain=) "SILICON",Name="E2APPV01$"" to type "System.Management.ManagementObject". Error: "Not found "

This issue is solved by commenting user check in setup.ps1. The commented lines are starting with "#". I paste the code here. `SetScript = { $admins = New-Object System.Security.Principal.NTAccount("Administrators") $adminsSid = $admins.Translate([System.Security.Principal.SecurityIdentifier]) $LocalUser = "D:(A;;CC;;;$adminsSid)"

$otherAdmins = Get-WmiObject win32_groupuser |`

# Where-Object { $_.GroupComponent -match 'administrators' } | # ForEach-Object { [wmi]$_.PartComponent } #foreach($admin in $otherAdmins) #{ # $ntAccount = New-Object System.Security.Principal.NTAccount($admin.Name) # $sid = $ntAccount.Translate([System.Security.Principal.SecurityIdentifier]).Value # $LocalUser = $LocalUser + "(A;;CC;;;$sid)" #}

New-NetFirewallRule -Name CFAllowAdmins -DisplayName "Allow admins" -Description "Allow admin users" -RemotePort Any -LocalPort Any -LocalAddress Any -RemoteAddress Any -Enabled True -Profile Any -Action Allow -Direction Outbound -LocalUser $LocalUser

Set-NetFirewallProfile -All -DefaultInboundAction Allow -DefaultOutboundAction Block -Enabled True

} GetScript = { Get-NetFirewallProfile } }

So my question is whether the root cause is the ‘$’ character in user names? I tried to reproduce this issue by creating a local adminsitrator with name as "E2APPV01$"but failed. This issue might be only reproduced under a domain network.

cf-gitbot commented 8 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/127339343

The labels on this github issue will be updated when the story is started.

mavenraven commented 8 years ago

Hi @David-Pivotal, we do not support domain joining the cells. If you can reproduce this without being domain joined, we'll re-open and investigate. Thanks!