search

dsccommunity / DscWorkshop

Blueprint for a full featured DSC project for Push / Pull with or without CI/CD
MIT License
203 stars 162 forks source link

Domain join does not work? #144

Closed fabricesemti80 closed 1 year ago

fabricesemti80 commented 2 years ago

Hi!

I have a question rather than a problem this time.

I implemented this on AZURE (pipeline and release is in place), and created two servers (DSCDC01 and DSCFile01) for testing. The automation account kicks in and applies most of the config, but fails on the "Computer" part.

image

image

image

image

The domain controller is configured, and a domain admin account install was created to facilitate the joining.

image

image

Is there anything I missed?

Thanks, F.

PS: Otherwise great job, really appreciate the effort put into this

fabricesemti80 commented 2 years ago 
TimeCreated  : 9/29/2022 12:25:01 PM
ProviderName : Microsoft-Windows-DSC
Id           : 4508
Message      : Job {B4D36778-3FF1-11ED-A810-0022489A36E6} : 
               Attempting to send the status report using Report Manager WebDownloadManager. AgentId is 07809499-3FF1-11ED-A810-0022489A36E6.

TimeCreated  : 9/29/2022 12:25:01 PM
ProviderName : Microsoft-Windows-DSC
Id           : 4252
Message      : Job {B4D36778-3FF1-11ED-A810-0022489A36E6} : 
               MIResult: 1
               Error Message: Computer 'DSCFile01' failed to join domain 'contoso.com' from its current workgroup 'WORKGROUP' with following error message: The system cannot find the file specified.
               Message ID: FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand
               Error Category: 14
               Error Code: 14
               Error Type: MI

TimeCreated  : 9/29/2022 12:25:01 PM
ProviderName : Microsoft-Windows-DSC
Id           : 4103
Message      : Job {B4D36778-3FF1-11ED-A810-0022489A36E6} : 
               This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on DSC_Computer DSC resource. FullyQualifiedErrorId is 
               FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand. Error Message is Computer 'DSCFile01' failed to join domain 'contoso.com' from its current workgroup 'WORKGROUP' with following error 
               message: The system cannot find the file specified..

TimeCreated  : 9/29/2022 12:24:53 PM
ProviderName : Microsoft-Windows-DSC
Id           : 4332
Message      : Job {B4D36778-3FF1-11ED-A810-0022489A36E6} : 
                Resource execution sequence :: [File]file_Z__DoesNotWork::[FilesAndFolders]FilesAndFolders, [File]file_C__Test_Dev_Environment::[FilesAndFolders]FilesAndFolders, 
               [File]file_C__Test_Frankfurt::[FilesAndFolders]FilesAndFolders, [File]file_C__Test::[FilesAndFolders]FilesAndFolders, [File]file_C__Test_Test1File1.txt::[FilesAndFolders]FilesAndFolders, 
               [File]file_C__Test_Test1File2.txt::[FilesAndFolders]FilesAndFolders, [File]file_C__GpoBackup::[FilesAndFolders]FilesAndFolders, 
               [xRegistry]HKEY_LOCAL_MACHINE_SYSTEM_CurrentControlSet_Services_Netlogon_Parameters__DBFlag::[RegistryValues]RegistryValues, 
               [xRegistry]HKEY_LOCAL_MACHINE_SYSTEM_CurrentControlSet_Services_W32Time_Parameters__NtpServer::[RegistryValues]RegistryValues, [WindowsFeature]File-Services::[WindowsFeatures]WindowsFeatures, 
               [WindowsFeature]Telnet-Client::[WindowsFeatures]WindowsFeatures, [xWindowsFeature]DisableSmbV1::[SecurityBase]SecurityBase, [PowerShellExecutionPolicy]ExecutionPolicyAllSigned::[SecurityBase]SecurityBase, 
               [UserRightsAssignment]DenyLogonLocallyForAdministrator::[SecurityBase]SecurityBase, [UserRightsAssignment]AllowLogonLocally::[SecurityBase]SecurityBase, 
               [Computer]ComputerDSCFile01::[ComputerSettings]ComputerSettings, [TimeZone]TimeZone::[ComputerSettings]ComputerSettings, [NetIPInterface]DisableDhcp_DscWorkshop 0::[NetworkIpConfiguration]NetworkIpConfiguration, 
               [IPAddress]NetworkIp_DscWorkshop 0::[NetworkIpConfiguration]NetworkIpConfiguration, [DefaultGatewayAddress]DefaultGateway_DscWorkshop 0::[NetworkIpConfiguration]NetworkIpConfiguration, 
               [DnsServerAddress]DnsServers_DscWorkshop 0::[NetworkIpConfiguration]NetworkIpConfiguration, [WinsSetting]LmhostsLookup_DscWorkshop 0::[NetworkIpConfiguration]NetworkIpConfiguration, 
               [WindowsEventLog]System::[WindowsEventLogs]WindowsEventLogs, [WindowsEventLog]Application::[WindowsEventLogs]WindowsEventLogs, [WindowsEventLog]Security::[WindowsEventLogs]WindowsEventLogs, 
               [xRegistry]DscLcmController_MaintenanceWindowMode::[DscLcmController]DscLcmController, [xRegistry]DscLcmController_MonitorInterval::[DscLcmController]DscLcmController, 
               [xRegistry]DscLcmController_AutoCorrectInterval::[DscLcmController]DscLcmController, [xRegistry]DscLcmController_AutoCorrectIntervalOverride::[DscLcmController]DscLcmController, 
               [xRegistry]DscLcmController_RefreshInterval::[DscLcmController]DscLcmController, [xRegistry]DscLcmController_RefreshIntervalOverride::[DscLcmController]DscLcmController, 
               [xRegistry]DscLcmController_ControllerInterval::[DscLcmController]DscLcmController, [xRegistry]DscLcmController_MaintenanceWindowOverride::[DscLcmController]DscLcmController, 
               [xRegistry]DscLcmController_WriteTranscripts::[DscLcmController]DscLcmController, [xRegistry]DscLcmController_MaxLcmRuntime::[DscLcmController]DscLcmController, 
               [xRegistry]DscLcmController_LogHistoryTimeSpan::[DscLcmController]DscLcmController, [xRegistry]DscLcmController_SendDscTaggingData::[DscLcmController]DscLcmController, 
               [File]DscLcmControllerScript::[DscLcmController]DscLcmController, [ScheduledTask]DscControllerTask::[DscLcmController]DscLcmController, 
               [Script]MaintenanceWindowsCheck::[DscLcmMaintenanceWindows]DscLcmMaintenanceWindows, [xRegistry]StartTime_Always::[DscLcmMaintenanceWindows]DscLcmMaintenanceWindows, 
               [xRegistry]Timespan_Always::[DscLcmMaintenanceWindows]DscLcmMaintenanceWindows, [xRegistry]DayOfWeek_Always::[DscLcmMaintenanceWindows]DscLcmMaintenanceWindows, 
               [xRegistry]On_Always::[DscLcmMaintenanceWindows]DscLcmMaintenanceWindows, [xRegistry]DscVersion::[DscTagging]DscTagging, [xRegistry]DscEnvironment::[DscTagging]DscTagging, 
               [xRegistry]DscBuildDate::[DscTagging]DscTagging, [xRegistry]DscBuildNumber::[DscTagging]DscTagging, [xRegistry]DscModules::[DscTagging]DscTagging, 
               [JeaRoleCapabilities]ReadDiagnosticRole::[DscDiagnostic]DscDiagnostic, [JeaSessionConfiguration]DscEndpoint::[DscDiagnostic]DscDiagnostic.

This seems to be the log from event view

raandree commented 2 years ago

This has more to do with the DSC resource that handles the domain join than with the DscWorkshop.

How do the parameters look like that you pass on to the resource? Can you provide the section of the RSOP files? Does a domain join work when using the UI or the cmdlet Add-Computer?

fabricesemti80 commented 2 years ago

Please keep this open - I will come back to this - I think I have some notion on what went wrong; to be fair I am a bit struggling with how to use the certificate for encryption, once I got that sorted I test this.

raandree commented 1 year ago

Did it work?