search

dsccommunity / ActiveDirectoryDsc

This module contains DSC resources for deployment and configuration of Active Directory Domain Services.
MIT License
344 stars 142 forks source link

ADDomain invalid password after windows update #694

Closed CodeGlitcher closed 2 years ago

CodeGlitcher commented 2 years ago

Problem description

We are using azure arm templates with a DSC extention to deploy a windows AD in our test environment. For the last few years this worked without issue but since last week we cant deploy new environments. Because of the following error message: The password supplied to the Desired State Configuration resource MSFT_ADDomain is not valid. The password cannot be null or empty. error.

We are having this issue on both 2016-Datacenter and 2022-Datacenter. When we use a older azure image reference the dsc configuration works. 

                    "imageReference": {
                        "publisher": "MicrosoftWindowsServer",
                        "offer": "WindowsServer",
                        "sku": "2016-Datacenter",
                        "version": "14393.5125.220505"
                    },

But if we redeploy the configuration after the machine is up for a few hours and it had installed the lasted windows updates the configuraiton no longer works

Verbose logs

Azure deployment log:
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'CreateADForest'. Error message: \"DSC Configuration 'CreateADPDC' completed with error(s). Following are the first few: The password supplied to the Desired State Configuration resource MSFT_ADDomain is not valid. The password cannot be null or empty. The SendConfigurationApply function did not succeed.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot "}]}

DSC extension handler log:
VERBOSE: [2022-06-20 07:53:48Z] Extension request for sequence number 3 
attempting to create lock.3 mutex
VERBOSE: [2022-06-20 07:53:48Z] Attempting to grab mutex 
DscExtensionHandler_Lock for sequence number 3
VERBOSE: [2022-06-20 07:53:48Z] Acquired lock for extension instance for 
sequence number 3
VERBOSE: [2022-06-20 07:53:48Z] Attempting to acquire extension lock
VERBOSE: [2022-06-20 07:53:48Z] Attempting to grab mutex 
DscExtensionHandler_Lock
VERBOSE: [2022-06-20 07:53:48Z] Acquired lock for extension
VERBOSE: [2022-06-20 07:53:48Z] lock does not exist: begin processing
VERBOSE: [2022-06-20 07:53:48Z] Starting DSC Extension ...
VERBOSE: [2022-06-20 07:53:48Z] Getting handler execution status 
HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.83.2.0\Status ...
VERBOSE: [2022-06-20 07:53:48Z] Updating execution status 
(HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.83.2.0\Status)
VERBOSE: [2022-06-20 07:53:48Z] Transitioning to DataValidation state ...
VERBOSE: [2022-06-20 07:53:48Z] Settings handler status to 'transitioning' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:53:48Z] Retrieving system information ...
VERBOSE: [2022-06-20 07:53:55Z]     OS Version : 10.0
VERBOSE: [2022-06-20 07:53:55Z]     Server OS  : True
VERBOSE: [2022-06-20 07:53:55Z]     64-bit OS  : True
VERBOSE: [2022-06-20 07:53:55Z]     PS Version : 5.1.14393.5127
VERBOSE: [2022-06-20 07:53:55Z] Validating user provided settings for the DSC 
Extension Handler ...
VERBOSE: [2022-06-20 07:53:55Z] Reading handler settings from 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\RuntimeSettings\3.setting
s
VERBOSE: [2022-06-20 07:53:55Z] Found protected settings on Azure VM. 
Decrypting.
VERBOSE: [2022-06-20 07:53:59Z] Updating user preference for Data Collection 
......
VERBOSE: [2022-06-20 07:53:59Z] Get DSC Extension Handler install status  ...
VERBOSE: [2022-06-20 07:53:59Z]  Status: Installed
VERBOSE: [2022-06-20 07:53:59Z] Updating execution status 
(HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.83.2.0\Status)
VERBOSE: [2022-06-20 07:53:59Z] Transitioning to ProcessConfiguration state 
...
VERBOSE: [2022-06-20 07:53:59Z] Getting handler execution status 
HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.83.2.0\Status ...
VERBOSE: [2022-06-20 07:54:00Z] Getting handler execution status 
HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.83.2.0\Status ...
VERBOSE: [2022-06-20 07:54:00Z] Settings handler status to 'transitioning' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:54:00Z] Applying DSC configuration:
VERBOSE: [2022-06-20 07:54:00Z]     Sequence Number:              3
VERBOSE: [2022-06-20 07:54:00Z]     Configuration URL:            
https://slvdr7azure7filecopy.blob.core.windows.net/tqjkpal6qjgb2/DSC/CreateADPD
C.zip?sv=2015-04-05&sr=c&sig=eU6xOvyNFK3Xu0%2FbfLTwfQMj%2BPI48etbS3I6QUu8QTY%3D
&se=2022-06-20T08%3A53%3A18Z&sp=r
VERBOSE: [2022-06-20 07:54:00Z]     Configuration Script:         
CreateADPDC.ps1
VERBOSE: [2022-06-20 07:54:00Z]     Configuration Function:       CreateADPDC
VERBOSE: [2022-06-20 07:54:00Z] Creating Working directory: 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\bin\..\DSCWork\CreateADPD
C.3
VERBOSE: [2022-06-20 07:54:00Z] Downloading configuration package
VERBOSE: [2022-06-20 07:54:00Z] Downloading 
https://slvdr7azure7filecopy.blob.core.windows.net/tqjkpal6qjgb2/DSC/CreateADPD
C.zip to 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\bin\..\DSCWork\CreateADPD
C.3\CreateADPDC.zip
VERBOSE: [2022-06-20 07:54:00Z] Extracting CreateADPDC.zip
VERBOSE: [2022-06-20 07:54:05Z] Installing custom DSC resource modules to 
C:\Program Files\WindowsPowerShell\Modules
VERBOSE: [2022-06-20 07:54:05Z] Installing custom DSC resource module 
ActiveDirectoryDsc
VERBOSE: [2022-06-20 07:54:05Z] Copying 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\DSCWork\CreateADPDC.3\Act
iveDirectoryDsc to C:\Program 
Files\WindowsPowerShell\Modules\ActiveDirectoryDsc ...
VERBOSE: [2022-06-20 07:54:06Z] Installing custom DSC resource module xStorage
VERBOSE: [2022-06-20 07:54:06Z] DSC resource module xStorage already exists. 
Removing it first ...
VERBOSE: [2022-06-20 07:54:06Z] Copying 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\DSCWork\CreateADPDC.3\xSt
orage to C:\Program Files\WindowsPowerShell\Modules\xStorage ...
VERBOSE: [2022-06-20 07:54:06Z] Installing custom DSC resource module 
xNetworking
VERBOSE: [2022-06-20 07:54:06Z] DSC resource module xNetworking already exists.
 Removing it first ...
VERBOSE: [2022-06-20 07:54:06Z] Copying 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\DSCWork\CreateADPDC.3\xNe
tworking to C:\Program Files\WindowsPowerShell\Modules\xNetworking ...
VERBOSE: [2022-06-20 07:54:07Z] Installing custom DSC resource module 
xPendingReboot
VERBOSE: [2022-06-20 07:54:07Z] DSC resource module xPendingReboot already 
exists. Removing it first ...
VERBOSE: [2022-06-20 07:54:07Z] Copying 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\DSCWork\CreateADPDC.3\xPe
ndingReboot to C:\Program Files\WindowsPowerShell\Modules\xPendingReboot ...
VERBOSE: [2022-06-20 07:54:07Z] Installing custom DSC resource module 
xComputerManagement
VERBOSE: [2022-06-20 07:54:07Z] DSC resource module xComputerManagement already
 exists. Removing it first ...
VERBOSE: [2022-06-20 07:54:07Z] Copying 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\DSCWork\CreateADPDC.3\xCo
mputerManagement to C:\Program 
Files\WindowsPowerShell\Modules\xComputerManagement ...
VERBOSE: [2022-06-20 07:54:07Z] Looking for the definition of the configuration
 function.
VERBOSE: [2022-06-20 07:54:07Z] Executing 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\bin\..\DSCWork\CreateADPD
C.3\CreateADPDC.ps1
VERBOSE: [2022-06-20 07:54:08Z] Preparing configuration arguments and 
configuration data.
VERBOSE: [2022-06-20 07:54:08Z] Adding encryption certificate 
E9927E07C416C05E8EBF380AB2CF1D6F90BC348D to the configuration data
VERBOSE: [2022-06-20 07:54:08Z] Creating MOF files.
VERBOSE: [2022-06-20 07:54:08Z] Executing the configuration function to 
generate the MOF files.
WARNING: It is not recommended to use domain credential for node 'localhost'. 
In order to suppress the warning, you can add a property named 
'PSDscAllowDomainUser' with a value of $true to your DSC configuration data for
 node 'localhost'.
VERBOSE: [2022-06-20 07:54:17Z] Meta configuration found. Injecting 
Thumbprint.
VERBOSE: [2022-06-20 07:54:18Z] CertificateID not present in existing meta 
configuration; inserting E9927E07C416C05E8EBF380AB2CF1D6F90BC348D.
VERBOSE: [2022-06-20 07:54:18Z] Verifying metaconfiguration for reboot 
information...
VERBOSE: [2022-06-20 07:54:18Z] Backing up 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\DSCWork\CreateADPDC.3\Cre
ateADPDC\localhost.meta.mof
VERBOSE: [2022-06-20 07:54:18Z] No match for RegistrationKey found in the meta 
mof file
VERBOSE: [2022-06-20 07:54:18Z] WMF 5 or newer, Injecting RebootNodeIfNeeded = 
False and ActionAfterReboot = "StopConfiguration"
VERBOSE: [2022-06-20 07:54:18Z] Executing Set-DscLocalConfigurationManager...
VERBOSE: [2022-06-20 07:54:18Z] Settings handler status to 'transitioning' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] Performing the operation 
"Start-DscConfiguration: SendMetaConfigurationApply" on target 
"MSFT_DSCLocalConfigurationManager".
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] Perform operation 'Invoke CimMethod' 
with following parameters, ''methodName' = 
SendMetaConfigurationApply,'className' = 
MSFT_DSCLocalConfigurationManager,'namespaceName' = 
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] An LCM method call arrived from 
computer ad-server with user sid S-1-5-18.
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] [ad-server]: LCM:  [ Start  Set      
]
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [MSFT_DSCMetaConfiguration]
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] [ad-server]: LCM:  [ Start  Set      
]  [MSFT_DSCMetaConfiguration]
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] [ad-server]: LCM:  [ End    Set      
]  [MSFT_DSCMetaConfiguration]  in 0.0150 seconds.
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [MSFT_DSCMetaConfiguration]
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] [ad-server]: LCM:  [ End    Set      
]
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] [ad-server]: LCM:  [ End    Set      
]    in  0.1250 seconds.
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] Operation 'Invoke CimMethod' 
complete.
VERBOSE: [2022-06-20 07:54:19Z] [VERBOSE] Set-DscLocalConfigurationManager 
finished in 0.287 seconds.
VERBOSE: [2022-06-20 07:54:20Z] Settings handler status to 'transitioning' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:54:20Z] Get-DscLocalConfigurationManager: 

ActionAfterReboot              : StopConfiguration

AgentId                        : 48E78DA1-EEEA-11EC-A80F-000D3A29B478

AllowModuleOverWrite           : False

CertificateID                  : E9927E07C416C05E8EBF380AB2CF1D6F90BC348D

ConfigurationDownloadManagers  : {}

ConfigurationID                : 

ConfigurationMode              : ApplyAndMonitor

ConfigurationModeFrequencyMins : 15

Credential                     : 

DebugMode                      : {NONE}

DownloadManagerCustomData      : 

DownloadManagerName            : 

LCMCompatibleVersions          : {1.0, 2.0}

LCMState                       : PendingConfiguration

LCMStateDetail                 : 

LCMVersion                     : 2.0

StatusRetentionTimeInDays      : 10

SignatureValidationPolicy      : NONE

SignatureValidations           : {}

MaximumDownloadSizeMB          : 500

PartialConfigurations          : 

RebootNodeIfNeeded             : False

RefreshFrequencyMins           : 30

RefreshMode                    : PUSH

ReportManagers                 : {}

ResourceModuleManagers         : {}

PSComputerName                 : 

VERBOSE: [2022-06-20 07:54:20Z] Executing Start-DscConfiguration...
VERBOSE: [2022-06-20 07:54:21Z] Settings handler status to 'transitioning' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:54:22Z] [VERBOSE] Perform operation 'Invoke CimMethod' 
with following parameters, ''methodName' = SendConfigurationApply,'className' =
 MSFT_DSCLocalConfigurationManager,'namespaceName' = 
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: [2022-06-20 07:54:22Z] [VERBOSE] An LCM method call arrived from 
computer ad-server with user sid S-1-5-18.
VERBOSE: [2022-06-20 07:54:22Z] [VERBOSE] [ad-server]: LCM:  [ Start  Set      
]
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[WindowsFeature]DNS]
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[WindowsFeature]DNS]
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]DNS] The operation 'Get-WindowsFeature' started: DNS
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]DNS] The operation 'Get-WindowsFeature' succeeded: DNS
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[WindowsFeature]DNS]  in 0.6560 seconds.
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]: LCM:  [ Skip   Set      
]  [[WindowsFeature]DNS]
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[WindowsFeature]DNS]
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[Script]EnableDNSDiags]
VERBOSE: [2022-06-20 07:54:24Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[Script]EnableDNSDiags]
VERBOSE: [2022-06-20 07:54:25Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[Script]EnableDNSDiags]  in 0.0620 seconds.
VERBOSE: [2022-06-20 07:54:25Z] [VERBOSE] [ad-server]: LCM:  [ Start  Set      
]  [[Script]EnableDNSDiags]
VERBOSE: [2022-06-20 07:54:25Z] [VERBOSE] [ad-server]:                         
   [[Script]EnableDNSDiags] Performing the operation "Set-TargetResource" on 
target "Executing the SetScript with the user supplied credential".
VERBOSE: [2022-06-20 07:54:26Z] [VERBOSE] [ad-server]:                         
   [[Script]EnableDNSDiags] Enabling DNS client diagnostics
VERBOSE: [2022-06-20 07:54:26Z] [VERBOSE] [ad-server]: LCM:  [ End    Set      
]  [[Script]EnableDNSDiags]  in 1.9070 seconds.
VERBOSE: [2022-06-20 07:54:26Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[Script]EnableDNSDiags]
VERBOSE: [2022-06-20 07:54:26Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[WindowsFeature]DnsTools]
VERBOSE: [2022-06-20 07:54:26Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[WindowsFeature]DnsTools]
VERBOSE: [2022-06-20 07:54:26Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]DnsTools] The operation 'Get-WindowsFeature' started: 
RSAT-DNS-Server
VERBOSE: [2022-06-20 07:54:27Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]DnsTools] The operation 'Get-WindowsFeature' succeeded: 
RSAT-DNS-Server
VERBOSE: [2022-06-20 07:54:27Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[WindowsFeature]DnsTools]  in 0.4380 seconds.
VERBOSE: [2022-06-20 07:54:27Z] [VERBOSE] [ad-server]: LCM:  [ Skip   Set      
]  [[WindowsFeature]DnsTools]
VERBOSE: [2022-06-20 07:54:27Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[WindowsFeature]DnsTools]
VERBOSE: [2022-06-20 07:54:27Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[xDNSServerAddress]DnsServerAddress]
VERBOSE: [2022-06-20 07:54:27Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[xDNSServerAddress]DnsServerAddress]
VERBOSE: [2022-06-20 07:54:27Z] [VERBOSE] [ad-server]:                         
   [[xDNSServerAddress]DnsServerAddress] Test-TargetResource: Checking the DNS 
server addresses.
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]:                         
   [[xDNSServerAddress]DnsServerAddress] Get-DnsClientServerStaticAddress: 
Getting staticly assigned DNS server IPv4 address for interface alias 
'Ethernet'.
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]:                         
   [[xDNSServerAddress]DnsServerAddress] Get-DnsClientServerStaticAddress: 
Statically assigned DNS server IPv4 address for interface alias 'Ethernet' is 
'127.0.0.1,168.63.129.16'.
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]:                         
   [[xDNSServerAddress]DnsServerAddress] Test-TargetResource: DNS server 
addresses are set correctly.
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[xDNSServerAddress]DnsServerAddress]  in 1.1720 seconds.
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]: LCM:  [ Skip   Set      
]  [[xDNSServerAddress]DnsServerAddress]
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[xDNSServerAddress]DnsServerAddress]
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[xWaitForDisk]Disk2]
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[xWaitForDisk]Disk2]
VERBOSE: [2022-06-20 07:54:28Z] [VERBOSE] [ad-server]:                         
   [[xWaitForDisk]Disk2] Test-TargetResource: Checking for disk with Number 
'2'.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]:                         
   [[xWaitForDisk]Disk2] Test-TargetResource: Found disk with Number '2' named 
'Msft Virtual Disk'.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[xWaitForDisk]Disk2]  in 1.5620 seconds.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Skip   Set      
]  [[xWaitForDisk]Disk2]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[xWaitForDisk]Disk2]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[xDisk]ADDataDisk]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[xDisk]ADDataDisk]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]:                         
   [[xDisk]ADDataDisk] Test-TargetResource: Testing disk with Number '2' status
 for drive letter 'F'.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]:                         
   [[xDisk]ADDataDisk] Test-TargetResource: Checking if disk with Number '2' is
 initialized.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]:                         
   [[xDisk]ADDataDisk] Perform operation 'Query CimInstances' with following 
parameters, ''queryExpression' = SELECT BlockSize from Win32_Volume WHERE 
DriveLetter = 'F:','queryDialect' = WQL,'namespaceName' = root\cimv2'.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]:                         
   [[xDisk]ADDataDisk] Operation 'Query CimInstances' complete.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[xDisk]ADDataDisk]  in 0.3280 seconds.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Skip   Set      
]  [[xDisk]ADDataDisk]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[xDisk]ADDataDisk]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[WindowsFeature]ADDSInstall]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[WindowsFeature]ADDSInstall]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]ADDSInstall] The operation 'Get-WindowsFeature' started: 
AD-Domain-Services
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]ADDSInstall] The operation 'Get-WindowsFeature' succeeded: 
AD-Domain-Services
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[WindowsFeature]ADDSInstall]  in 0.3440 seconds.
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Skip   Set      
]  [[WindowsFeature]ADDSInstall]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[WindowsFeature]ADDSInstall]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[WindowsFeature]ADDSTools]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[WindowsFeature]ADDSTools]
VERBOSE: [2022-06-20 07:54:30Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]ADDSTools] The operation 'Get-WindowsFeature' started: 
RSAT-ADDS-Tools
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]ADDSTools] The operation 'Get-WindowsFeature' succeeded: 
RSAT-ADDS-Tools
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[WindowsFeature]ADDSTools]  in 0.4690 seconds.
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ Skip   Set      
]  [[WindowsFeature]ADDSTools]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[WindowsFeature]ADDSTools]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[WindowsFeature]ADAdminCenter]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[WindowsFeature]ADAdminCenter]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]ADAdminCenter] The operation 'Get-WindowsFeature' started: 
RSAT-AD-AdminCenter
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]:                         
   [[WindowsFeature]ADAdminCenter] The operation 'Get-WindowsFeature' 
succeeded: RSAT-AD-AdminCenter
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[WindowsFeature]ADAdminCenter]  in 0.3280 seconds.
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ Skip   Set      
]  [[WindowsFeature]ADAdminCenter]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [[WindowsFeature]ADAdminCenter]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [[ADDomain]FirstDS]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ Start  Test     
]  [[ADDomain]FirstDS]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ End    Test     
]  [[ADDomain]FirstDS]  in 0.0310 seconds.
VERBOSE: [2022-06-20 07:54:31Z] [ERROR] The password supplied to the Desired 
State Configuration resource MSFT_ADDomain is not valid. The password cannot be
 null or empty.
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] [ad-server]: LCM:  [ End    Set      
]
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] Time taken for configuration job to 
complete is 9.073 seconds
VERBOSE: [2022-06-20 07:54:31Z] [ERROR] The SendConfigurationApply function did
 not succeed.
VERBOSE: [2022-06-20 07:54:31Z] [VERBOSE] Operation 'Invoke CimMethod' 
complete.
VERBOSE: [2022-06-20 07:54:32Z] Settings handler status to 'transitioning' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:54:32Z] Updating execution status 
(HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.83.2.0\Status)
VERBOSE: [2022-06-20 07:54:32Z] LCM state is PendingConfiguration
VERBOSE: [2022-06-20 07:55:33Z] DSC configuration completed.
VERBOSE: [2022-06-20 07:55:33Z] Resetting metaconfiguration...
VERBOSE: [2022-06-20 07:55:33Z] Restoring 
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\DSCWork\CreateADPDC.3\Cre
ateADPDC\localhost.meta.mof.bk...
VERBOSE: [2022-06-20 07:55:33Z] Executing Set-DscLocalConfigurationManager...
VERBOSE: [2022-06-20 07:55:33Z] Settings handler status to 'transitioning' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] Performing the operation 
"Start-DscConfiguration: SendMetaConfigurationApply" on target 
"MSFT_DSCLocalConfigurationManager".
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] Perform operation 'Invoke CimMethod' 
with following parameters, ''methodName' = 
SendMetaConfigurationApply,'className' = 
MSFT_DSCLocalConfigurationManager,'namespaceName' = 
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] An LCM method call arrived from 
computer ad-server with user sid S-1-5-18.
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] [ad-server]: LCM:  [ Start  Set      
]
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] [ad-server]: LCM:  [ Start  Resource 
]  [MSFT_DSCMetaConfiguration]
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] [ad-server]: LCM:  [ Start  Set      
]  [MSFT_DSCMetaConfiguration]
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] [ad-server]: LCM:  [ End    Set      
]  [MSFT_DSCMetaConfiguration]  in 0.0150 seconds.
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] [ad-server]: LCM:  [ End    Resource 
]  [MSFT_DSCMetaConfiguration]
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] [ad-server]: LCM:  [ End    Set      
]
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] [ad-server]: LCM:  [ End    Set      
]    in  0.0940 seconds.
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] Operation 'Invoke CimMethod' 
complete.
VERBOSE: [2022-06-20 07:55:36Z] [VERBOSE] Set-DscLocalConfigurationManager 
finished in 0.205 seconds.
VERBOSE: [2022-06-20 07:55:37Z] Settings handler status to 'transitioning' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:55:37Z] Get-DscLocalConfigurationManager: 

ActionAfterReboot              : ContinueConfiguration

AgentId                        : 48E78DA1-EEEA-11EC-A80F-000D3A29B478

AllowModuleOverWrite           : False

CertificateID                  : E9927E07C416C05E8EBF380AB2CF1D6F90BC348D

ConfigurationDownloadManagers  : {}

ConfigurationID                : 

ConfigurationMode              : ApplyAndMonitor

ConfigurationModeFrequencyMins : 15

Credential                     : 

DebugMode                      : {NONE}

DownloadManagerCustomData      : 

DownloadManagerName            : 

LCMCompatibleVersions          : {1.0, 2.0}

LCMState                       : PendingConfiguration

LCMStateDetail                 : 

LCMVersion                     : 2.0

StatusRetentionTimeInDays      : 10

SignatureValidationPolicy      : NONE

SignatureValidations           : {}

MaximumDownloadSizeMB          : 500

PartialConfigurations          : 

RebootNodeIfNeeded             : True

RefreshFrequencyMins           : 30

RefreshMode                    : PUSH

ReportManagers                 : {}

ResourceModuleManagers         : {}

PSComputerName                 : 

VERBOSE: [2022-06-20 07:55:37Z] Settings handler status to 'error' 
(C:\Packages\Plugins\Microsoft.Powershell.DSC\2.83.2.0\Status\3.status)
VERBOSE: [2022-06-20 07:55:37Z] Loading VM agent telemetry assemblies ...
VERBOSE: [2022-06-20 07:55:37Z] [ERROR] while enabling MDS telemetry... [MDS 
Telemetry] 
C:\WindowsAzure\GuestAgent_2.7.41491.1057_2022-06-18_094615\WindowsAzureEventSo
urce.dll does not exist ...
VERBOSE: [2022-06-20 07:55:37Z] Getting handler execution status 
HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.83.2.0\Status ...
VERBOSE: [2022-06-20 07:55:37Z] Updating execution status 
(HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.83.2.0\Status)
VERBOSE: [2022-06-20 07:55:37Z] Transitioning to Completed state ...
VERBOSE: [2022-06-20 07:55:37Z] Releasing SameSeq mutex
VERBOSE: [2022-06-20 07:55:37Z] Releasing mutex DscExtensionHandler_Lock

DSC configuration

# Powershell desired state script to install AD, Adfs
# This script also creates a new AD forest. 
configuration CreateADPDC 
{ 
   param 
   ( 
        [Parameter(Mandatory)]
        [String]$DomainName,

        [Parameter(Mandatory)]
        [System.Management.Automation.PSCredential]$Admincreds,

        [Int]$RetryCount=30,
        [Int]$RetryIntervalSec=30
    )
    # After editing this file run this command to recreate CreateADPDC.zip
    #      Publish-AzureRmVMDscConfiguration CreateADPDC.ps1 -OutputArchivePath CreateADPDC.zip -Force -Verbose
    # required modules:
    # powershell core: Publish-AzureVMDscConfiguration CreateADPDC.ps1 -ConfigurationArchivePath  CreateADPDC.zip -Force
    #  Install-Module -Name PSDesiredStateConfiguration -Repository PSGallery
    # Install-Module -Name xComputerManagement
    # Install-Module -Name xPendingReboot
    # Install-Module -Name xNetworking
    # Install-Module -Name xActiveDirectory
    # Install-Module -Name xStorage
    #Import-DscResource -ModuleName xActiveDirectory, xStorage, xNetworking, PSDesiredStateConfiguration, xPendingReboot, xComputerManagement
    Import-DscResource -ModuleName ActiveDirectoryDsc, xStorage, xNetworking, PSDesiredStateConfiguration, xPendingReboot, xComputerManagement
    [System.Management.Automation.PSCredential ]$DomainCreds = New-Object System.Management.Automation.PSCredential ("${DomainName}\$($Admincreds.UserName)", $Admincreds.Password)
    $Interface=Get-NetAdapter|Where Name -Like "Ethernet*"|Select-Object -First 1
    $InterfaceAlias=$($Interface.Name)

    Node localhost
    {
        LocalConfigurationManager 
        {
            RebootNodeIfNeeded = $true
        }

        WindowsFeature DNS 
        { 
            Ensure = "Present" 
            Name = "DNS"        
        }

        Script EnableDNSDiags
        {
            SetScript = { 
                Set-DnsServerDiagnostics -All $true
                Write-Verbose -Verbose "Enabling DNS client diagnostics" 
            }
            GetScript =  { @{} }
            TestScript = { $false }
            DependsOn = "[WindowsFeature]DNS"
        }

        WindowsFeature DnsTools
        {
            Ensure = "Present"
            Name = "RSAT-DNS-Server"
            DependsOn = "[WindowsFeature]DNS"
        }

        xDnsServerAddress DnsServerAddress 
        { 
            # https://docs.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16
            Address        = '127.0.0.1', '168.63.129.16'
            InterfaceAlias = $InterfaceAlias
            AddressFamily  = 'IPv4'
            DependsOn = "[WindowsFeature]DNS"
        }

        xWaitforDisk Disk2
        {
            DiskId = 2
            RetryIntervalSec =$RetryIntervalSec
            RetryCount = $RetryCount
        }

        xDisk ADDataDisk {
            DiskId = 2
            DriveLetter = "F"
            DependsOn = "[xWaitForDisk]Disk2"
        }

        WindowsFeature ADDSInstall 
        { 
            Ensure = "Present" 
            Name = "AD-Domain-Services"
            DependsOn="[WindowsFeature]DNS" 
        } 

        WindowsFeature ADDSTools
        {
            Ensure = "Present"
            Name = "RSAT-ADDS-Tools"
            DependsOn = "[WindowsFeature]ADDSInstall"
        }

        WindowsFeature ADAdminCenter
        {
            Ensure = "Present"
            Name = "RSAT-AD-AdminCenter"
            DependsOn = "[WindowsFeature]ADDSInstall"
        }

        ADDomain FirstDS 
        {
            DomainName = $DomainName
            Credential = $DomainCreds
            SafemodeAdministratorPassword = $DomainCreds
            DatabasePath = "F:\NTDS"
            LogPath = "F:\NTDS"
            SysvolPath = "F:\SYSVOL"
            DependsOn = @("[xDisk]ADDataDisk", "[WindowsFeature]ADDSInstall")
        }

        # wait vor AD to be ready
        WaitForADDomain DscForestWait 
        { 
           DomainName = $DomainName 
           Credential= $DomainCreds
           WaitForValidCredentials = $true
           DependsOn = "[ADDomain]FirstDS"
        }

        # Ensure no pending reboots
        xPendingReboot Reboot1
        { 
            Name = "RebootServer"
            DependsOn = "[WaitForADDomain]DscForestWait"
        }

        #install ADFS
        WindowsFeature installADFS  
        {
            Ensure = "Present"
            Name   = "ADFS-Federation"
            DependsOn = "[xPendingReboot]Reboot1"
        }
   }
}

Suggested solution

I have tried changing the OS. (using 2022-datacenter latest) I have updated the to the latest version of ActiveDirectoryDsc We were using xADDomain 3.0.0.0 but that looked like a older version. I have tried changing the ADDomain credentails to not included domain information. (Just username:password instead of domain/username:password) But everything leads to the same error.

Does anyone have any clue how I can fix this?

Operating system the target node is running

OsName               : Microsoft Windows Server 2016 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.5192.amd64fre.rs1_release.220610-1622
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14393.5127
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.5127
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

ActiveDirectoryDsc version

ActiveDirectoryDsc 6.2.0   C:\Program Files\WindowsPowerShell\Modules\ActiveDirectoryDsc\ActiveDirectoryDsc.psd1
mikaelgz5 commented 2 years ago

I have same issues as you do,. This is not only related to ActiveDirectoryDSC, got same issues with WapConfiguration, ADFS etc. I had to go back to last month image.

CodeGlitcher commented 2 years ago

After removing windows update KB5014702 I can run our configuration aggain. Trying to find what they changed but cannot find anything yet.

johlju commented 2 years ago

Join the #dsc channel, there are mentions of similar there: https://dsccommunity.org/community/contact/

abezverkov commented 2 years ago

We are having the same problem with customers using new 2016-Datacenter images on azure. We narrowed it down to the latest version (14393.5192.220612). The previous version (14393.5125.220505) continues to work. We dont yet know which KB in that release is causing it.

peterschen commented 2 years ago

Same problem occurs on Windows Server 2022 Datacenter running 10.0.20348.643. Removing KB5014678 fixes the The password cannot be null or empty issue observed.

CodeGlitcher commented 2 years ago

As a work around we are deploying our test environment with the older image. And then use a automated powershell script to disable windows update 

sc.exe config wuauserv start=disabled
sc.exe stop wuauserv

Since we are not using this for a production scenario this is acceptable for us. Does any know if it help to make some sort of support request to Microsoft or do we juist have to wait and hope the problem is fixed in the next update?

@johlju the slack link is no longer active? is discord the only chat that is used? (maybe the slack link should then be removed) This link is no longer active To join this workspace, you’ll need to ask the person who originally invited you for a new link.

johlju commented 2 years ago

Suggest open a support case with MS.

Also join the community channel mentioned above, and talk to others having the same issue. @mgreenegit is also in the community channel and have seen that there is an issue for users.

johlju commented 2 years ago

@CodeGlitcher I reported that the Slack link no longer works, Slack and Discord are bridged, so use Discord for now.

neilpeterson commented 2 years ago

Just happened upon this issue while looking for something else. I also experienced this issue and have confirmed that the issue has been resolved with one of the updates released yesterday.

Cc: @mgreenegit

johlju commented 2 years ago

Yes, @mgreenegit messaged on the #dsc channel that that the fix was released. When the build workers get the patch I will close this issue.

johlju commented 2 years ago

The Azure DevOps build workers has gotten the patch now, that means that this issue is fixed . Closing this.