search

dsccommunity / FailoverClusterDsc

This module contains DSC resources for deployment and configuration of Windows Server Failover Cluster.
MIT License
60 stars 54 forks source link

Cluster: When using distinguished naming of cluster, second pass of DSC fails. #256

Open IlleNilsson opened 3 years ago

IlleNilsson commented 3 years ago

I want to create the AD Cluster object in a specific OU

Verbose logs showing the problem

PSComputerName       : SRV70031
RunspaceId           : 83a68bc5-290c-46d9-8521-4b55093d7bb9
ConfigurationName    : QSClusterDsc
DependsOn            : {[WindowsFeature]WSCS}
ModuleName           : xFailoverCluster
ModuleVersion        : 1.16.0
PsDscRunAsCredential :
ResourceId           : [xCluster]PrepareCluster
SourceInfo           : \\tsclient\E\IGEL\Source\Platform\DSC\~Config\QSClusterDSC.ps1::223::13::xCluster
DurationInSeconds    : 9.353
Error                : {
                           "Exception":  {
                                             "Message":  "PowerShell DSC resource MSFT_xCluster  failed to execute
                       Set-TargetResource functionality with error message: There was an error adding node
                       \u0027SRV70031\u0027 to the cluster ",
                                             "Data":  {

                                                      },
                                             "InnerException":  {
                                                                    "SerializedRemoteException":
                       "Microsoft.FailoverClusters.PowerShell.ClusterCmdletException: T**here was an error adding node
                       \u0027SRV70031\u0027 to the cluster ---\u003e**
                       Microsoft.FailoverClusters.PowerShell.ClusterCmdletException: T**he computer
                       \u0027SRV70031.rd01.local\u0027 is joined to a cluster**.\r\n   --- End of inner exception stack
                       trace ---",
                                                                    "SerializedRemoteInvocationInfo":
                       "System.Management.Automation.InvocationInfo",
                                                                    "ErrorRecord":  "There was an error adding node
                       \u0027SRV70031\u0027 to the cluster\n    The computer \u0027SRV70031.rd01.local\u0027 is joined
                       to a cluster.",
                                                                    "WasThrownFromThrowStatement":  false,
                                                                    "Message":  "There was an error adding node
                       \u0027SRV70031\u0027 to the cluster",
                                                                    "Data":
                       "System.Collections.ListDictionaryInternal",
                                                                    "InnerException":  null,
                                                                    "TargetSite":  "Void EndInvoke()",
                                                                    "StackTrace":  "   at
                       System.Management.Automation.Runspaces.AsyncResult.EndInvoke()\r\n   at System.Management.Automa
                       tion.PowerShell.CoreInvokeRemoteHelper[TInput,TOutput](PSDataCollection`1 input,
                       PSDataCollection`1 output, PSInvocationSettings settings)\r\n   at
                       System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input,
                       PSDataCollection`1 output, PSInvocationSettings settings)\r\n   at
                       System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings
                       settings)\r\n   at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapt
                       er.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd,
                       List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration,
                       LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32\u0026
                       resultStatusHandle, Collection`1\u0026 result, ErrorRecord\u0026 errorRecord, PSModuleInfo
                       localRunSpaceModuleInfo)",
                                                                    "HelpLink":  null,
                                                                    "Source":  "System.Management.Automation",
                                                                    "HResult":  -2146233087
                                                                },
                                             "TargetSite":  null,
                                             "StackTrace":  null,
                                             "HelpLink":  null,
                                             "Source":  null,
                                             "HResult":  -2146233079
                                         },
                           "TargetObject":  null,
                           "CategoryInfo":  {
                                                "Category":  7,
                                                "Activity":  "",
                                                "Reason":  "InvalidOperationException",
                                                "TargetName":  "",
                                                "TargetType":  ""
                                            },
                           "FullyQualifiedErrorId":  "ProviderOperationExecutionFailure",
                           "ErrorDetails":  null,
                           "InvocationInfo":  null,
                           "ScriptStackTrace":  null,
                           "PipelineIterationInfo":  [

                                                     ]
                       }
FinalState           :
InDesiredState       : False
InitialState         :
InstanceName         : PrepareCluster
RebootRequested      : False
ResourceName         : xCluster
StartDate            : 4/12/2021 11:58:00 AM
StateChanged         : False

Suggested solution to the issue

The DSC configuration that is used to reproduce the issue (as detailed as possible)

        if ($Node.Replica -eq 'Primary') {
            xCluster 'PrepareCluster' {
                PsDscRunAsCredential = $SetupCredential
                DomainAdministratorCredential = $SetupCredential
                Name = $Node.FailoverClusterName
                StaticIPAddress = $Node.FailoverClusterIPAddress
                IgnoreNetwork = $Node.FailoverClusterIgnoreNetwork
                DependsOn = @('[WindowsFeature]WSCS')
            }
         } else {
            $FailoverClusterName = ((($Node.FailoverClusterName -split ',')[0]) -split '=')[1]
            xCluster 'PrepareCluster' {
                PsDscRunAsCredential = $SetupCredential
                DomainAdministratorCredential = $SetupCredential
                Name = $FailoverClusterName
                StaticIPAddress = $Node.FailoverClusterIPAddress
                IgnoreNetwork = $Node.FailoverClusterIgnoreNetwork
                DependsOn = @('[xWaitForCluster]WaitForCluster')
            }
            xWaitForCluster 'WaitForCluster' {
                PsDscRunAsCredential = $SetupCredential
                Name = $FailoverClusterName
                RetryIntervalSec = 5
                RetryCount = 15
                DependsOn = @('[WindowsFeature]WSCS')
            }

--First Nodes MOF

instance of MSFT_xCluster as $MSFT_xCluster1ref
{
ResourceID = "[xCluster]PrepareCluster";
 PsDscRunAsCredential = $MSFT_Credential1ref;
 IgnoreNetwork = {
    "10.50.0.0/16"
};
 StaticIPAddress = "192.168.1.20";
 DomainAdministratorCredential = $MSFT_Credential2ref;
 SourceInfo = "\\\\tsclient\\E\\IGEL\\Source\\Platform\\DSC\\~Config\\QSClusterDSC.ps1::223::13::xCluster";
 Name = "CN=SRV70CLU,OU=Computers,OU=Admin,OU=Resources,DC=rd01,DC=local";
 ModuleName = "xFailoverCluster";
 ModuleVersion = "1.16.0";

DependsOn = {

    "[WindowsFeature]WSCS"};

 ConfigurationName = "QSClusterDsc";

};

--Second Nodes MOF

instance of MSFT_xCluster as $MSFT_xCluster1ref
{
ResourceID = "[xCluster]PrepareCluster";
 PsDscRunAsCredential = $MSFT_Credential1ref;
 IgnoreNetwork = {
    "10.50.0.0/16"
};
 StaticIPAddress = "192.168.1.20";
 DomainAdministratorCredential = $MSFT_Credential2ref;
 SourceInfo = "\\\\tsclient\\E\\IGEL\\Source\\Platform\\DSC\\~Config\\QSClusterDSC.ps1::233::13::xCluster";
 Name = "SRV70CLU";
 ModuleName = "xFailoverCluster";
 ModuleVersion = "1.16.0";

DependsOn = {

    "[xWaitForCluster]WaitForCluster"};

 ConfigurationName = "QSClusterDsc";

};

instance of MSFT_xWaitForCluster as $MSFT_xWaitForCluster1ref
{
ResourceID = "[xWaitForCluster]WaitForCluster";
 PsDscRunAsCredential = $MSFT_Credential3ref;
 RetryCount = 15;
 SourceInfo = "\\\\tsclient\\E\\IGEL\\Source\\Platform\\DSC\\~Config\\QSClusterDSC.ps1::241::13::xWaitForCluster";
 Name = "SRV70CLU";
 ModuleName = "xFailoverCluster";
 RetryIntervalSec = 5;
 ModuleVersion = "1.16.0";

DependsOn = {

    "[WindowsFeature]WSCS"};

 ConfigurationName = "QSClusterDsc";

};

The operating system the target node is running

OsName : Microsoft Windows Server 2019 Datacenter OsOperatingSystemSKU : DatacenterServerEdition OsArchitecture : 64-bit WindowsVersion : 1809 WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434 OsLanguage : en-US OsMuiLanguages : {en-US}

Version and build of PowerShell the target node is running

SVersion 5.1.17763.1490 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.17763.1490 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1

Version of the DSC module that was used

1.16.0

johlju commented 3 years ago

In the first node you have:

 Name = "CN=SRV70CLU,OU=Computers,OU=Admin,OU=Resources,DC=rd01,DC=local";

In the second node you have:

Name = "SRV70CLU";
johlju commented 3 years ago

By "second pass" do you mean that the first node creates the CNO in the OU, but when the configuration runs Test-TargetResource it fails (when it enforces the configuration and checks current state against desired state)?

IlleNilsson commented 3 years ago

Yes, and that is on the first pass of cluster node one and two. On the first pass it all works. Ont the second pass the first node falls. The one with a distibgusihed name

From: Johan Ljunggren @.> Sent: Monday, April 12, 2021 5:58:25 PM To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)

By "second pass" do you mean that the first node creates the CNO in the OU, but when the configuration runs Test-TargetResource it fails (when it enforces the configuration and checks current state against desired state)?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-817928443, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4DROTJ2EPCHMSQ4VH3TIMKCDANCNFSM42Y7CW5Q.

johlju commented 3 years ago

I have used pre-staged accounts so never seen this. Sounds like there is an issue when using the full distinguished name.

johlju commented 3 years ago

Happy to review a pull request that fixes this.

IlleNilsson commented 3 years ago

I’ll try powershell in DSC format is not my thing.

From: Johan Ljunggren @.> Sent: Monday, April 12, 2021 9:08:48 PM To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)

Happy to review a pull request that fixes this.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-818062944, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4CF3OMUWUXVLVECU53TINAMBANCNFSM42Y7CW5Q.

IlleNilsson commented 3 years ago

Well I've made my best, but when i try to push my branch i get this:

E:\IGEL\Source\xFailoverCluster [fix_to_use_distinguised_name]> git push --set-upstream origin fix_to_use_distinguised_name info: please complete authentication in your browser... remote: Permission to dsccommunity/xFailOverCluster.git denied to IlleNilsson. fatal: unable to access 'https://github.com/dsccommunity/xFailOverCluster.git/': The requested URL returned error: 403 E:\IGEL\Source\xFailoverCluster [fix_to_use_distinguised_name]>

And yes i got a browser to autenticate with, and it said, Success :(

johlju commented 3 years ago

You need to fork the main repository. On the repository page there is a button “Fork” at top right. Once you forked you need to make a remote my to the fork, in the local repository folder. Then you push to the remote. From there you make the pull request.

Read how to do it here https://dsccommunity.org/guidelines/getting-started/#forking-a-repository-on-github

IlleNilsson commented 3 years ago

Thats intendent, when you do create-cluster it is valid to use distinguished name, not when searching to add nodes

From: Johan Ljunggren @.> Sent: Saturday, April 17, 2021 5:33:55 PM To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)

You need to fork the main repository. On the repository page there is a button “Fork” at top right. Once you forked you need to make a remote my to the fork, in the local repository folder. Then you push to the remote. From there you make the pull request.

Read how to do it here https://dsccommunity.org/guidelines/getting-started/#forking-a-repository-on-github

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-821841344, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4ESMBTD4SUJ4GAUKVDTJGS6HANCNFSM42Y7CW5Q.

IlleNilsson commented 3 years ago

Here we go, a fork IlleNilsson/xFailOverCluster. There is at least one thing I'm not happy with. I added a function named Convert-DistinguishedNameToSimpleName. I could not find a common place to put it, so it is in all Resources, not optimal.

johlju commented 3 years ago

Great! Now you need to go to your fork an create a pull request. Got to https://github.com/IlleNilsson/xFailOverCluster/pulls and click on new pull request. Base repository should be dsccommunity/xFailOverCluster and base should be main. The head repository should be IlleNilsson/xFailOverCluster and compare should be the working branch where you pushed the changes.

I could not find a common place to put it, so it is in all Resources, not optimal.

We could add a new common module FailoverCluster.Common similar to here: https://github.com/dsccommunity/DnsServerDsc/tree/main/source/Modules/DnsServerDsc.Common We also need to copy it during build by changing build.yaml: https://github.com/dsccommunity/DnsServerDsc/blob/97f6ef720def5fc0d920c63607f3ed2f8e03f9fb/build.yaml#L8 The we just need to import the module in the resource code like line 2 and 5 here: https://github.com/dsccommunity/DnsServerDsc/blob/97f6ef720def5fc0d920c63607f3ed2f8e03f9fb/source/DSCResources/DSC_DnsServerADZone/DSC_DnsServerADZone.psm1#L2-L5

IlleNilsson commented 3 years ago

You said "we could", does that mean me? I'm not up to speed on building DSC Resources. Can we do it togheter?

johlju commented 3 years ago

We could, as in the community could. That can be resolved in another PR, or I could see if I have time to add an empty module where we can move the code.

IlleNilsson commented 3 years ago

I would like to get it done, l’m changing assignment and I’m afraid the customer won’t resolve this issue without me. So whatever I can do, let me know.

From: Johan Ljunggren @.> Sent: Thursday, April 22, 2021 7:25:21 PM To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)

We could, as in the community could. That can be resolved in another PR, or I could see if I have time to add an empty module where we can move the code.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-825043823, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4BX5D2FZLGYSOHS3LLTKBLYDANCNFSM42Y7CW5Q.

IlleNilsson commented 3 years ago

Done this, getting...

Tests completed in 77.33s Tests Passed: 289, Failed: 0, Skipped: 4, Pending: 0, Inconclusive: 0

Code coverage report: Covered 99.38% of 649 analyzed Commands in 8 Files. Missed commands:

File Class Function Line Command

Modules\FailoverCluster.Common\FailoverCluster.Common.psm1 Convert-DistinguishedNameToSimpleName 29 $returnV... Modules\FailoverCluster.Common\FailoverCluster.Common.psm1 Convert-DistinguishedNameToSimpleName 29 (($Disti... Modules\FailoverCluster.Common\FailoverCluster.Common.psm1 Convert-DistinguishedNameToSimpleName 29 ($Distin... Modules\FailoverCluster.Common\FailoverCluster.Common.psm1 Convert-DistinguishedNameToSimpleName 29 $Disting...

Any hints for me to resolve this?

From: Johan Ljunggren @.> Sent: Sunday, 18 April 2021 12:51 To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)

Great! Now you need to go to your fork an create a pull request. Got to https://github.com/IlleNilsson/xFailOverCluster/pulls and click on new pull request. Base repository should be dsccommunity/xFailOverCluster and base should be main. The head repository should be IlleNilsson/xFailOverCluster and compare should be the working branch where you pushed the changes.

I could not find a common place to put it, so it is in all Resources, not optimal.

We could add a new common module FailoverCluster.Common similar to here: https://github.com/dsccommunity/DnsServerDsc/tree/main/source/Modules/DnsServerDsc.Common We also need to copy it during build by changing build.yaml: https://github.com/dsccommunity/DnsServerDsc/blob/97f6ef720def5fc0d920c63607f3ed2f8e03f9fb/build.yaml#L8 The we just need to import the module in the resource code like line 2 and 5 here: https://github.com/dsccommunity/DnsServerDsc/blob/97f6ef720def5fc0d920c63607f3ed2f8e03f9fb/source/DSCResources/DSC_DnsServerADZone/DSC_DnsServerADZone.psm1#L2-L5

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-821972104, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4D2SWOBBDH5VLWG2VTTJK2STANCNFSM42Y7CW5Q.