search

dsccommunity / ComputerManagementDsc

DSC resources for for configuration of a Windows computer. These DSC resources allow you to perform computer management tasks, such as renaming the computer, joining a domain and scheduling tasks as well as configuring items such as virtual memory, event logs, time zones and power settings.
https://dsccommunity.org
MIT License
295 stars 81 forks source link

ScheduledTask with ExecuteAsCredential stopped working #388

Closed bdeb1337 closed 1 year ago

bdeb1337 commented 2 years ago

Problem description

Hello,

Since installing the updates of last patch Tuesday 14 Jun 2022, KB5014702, all of our Scheduled Task deployment that use an ExecuteAsCredential started throwing the same error, stating that "The password cannot be null or empty." I've tested with our current in use module 8.1.0 and also with 8.5.0, added printouts of the variables to confirm the PsCredential contains a password, which it does, but it keeps on throwing the error below with both module versions.

Thanks in advance for any help.

Kind regards

Verbose logs

VERBOSE: [Computername]: LCM:  [ Start  Resource ]  [[ScheduledTask]TaskName]
VERBOSE: [Computername]: LCM:  [ Start  Test     ]  [[ScheduledTask]TaskName]
VERBOSE: [Computername]: LCM:  [ End    Test     ]  [[ScheduledTask]TaskName]  in 0.0780 seconds.
The password supplied to the Desired State Configuration resource DSC_ScheduledTask is not valid. The password cannot b
e null or empty.
    + CategoryInfo          : InvalidResult: (:) [], CimException
    + FullyQualifiedErrorId : InvalidPassword
    + PSComputerName        : Computername

VERBOSE: [Computername]: LCM:  [ End    Set      ]

DSC configuration

ScheduledTask "TaskName"
        {
            TaskName = "TaskName"
            ActionExecutable = "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe"
            ActionArguments = "-File `"C:\Task.Ps1`""
            Description = "Do a specific task"
            ScheduleType = 'Daily'
            StartTime = $(Get-Date ("22:30:00"))
            ExecuteAsCredential = New-Object System.Management.Automation.PsCredential "Contoso\AccountName",$(ConvertTo-SecureString "Password" -AsPlainText -Force)
            MultipleInstances = "IgnoreNew"
        }

Suggested solution

/

Operating system the target node is running

OsName               : Microsoft Windows Server 2016 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.5192.amd64fre.rs1_release.220610-1622
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14393.5127
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.5127
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

ComputerManagementDsc version

Name                  Version Path
----                  ------- ----
ComputerManagementDsc 8.1.0   C:\Program Files\WindowsPowerShell\Modules\ComputerManagementDsc\8.1.0\ComputerManagementDsc.psd1

But also tested with 8.5.0 which has the same behaviour.
BooBob commented 2 years ago

+1 It seems that decryption of the mof file does not work after the windows update

johlju commented 2 years ago

Join the #dsc channel, there are mentions of similar there: https://dsccommunity.org/community/contact/

bdeb1337 commented 1 year ago

Fixed as of 12 July 2022's OS patch releases. Thank you for the quick response and handling.