search

dsccommunity / GPRegistryPolicyDsc

DSC resources used to apply and manage local group policies by modifying the respective .pol file.
MIT License
21 stars 7 forks source link

Usage of the module doesn´t allow Azure DSC machines to finish configuration #33

Open weiner22 opened 1 year ago

weiner22 commented 1 year ago

Details of the scenario you tried and the problem that is occurring

Hello, I´ve updated fully working DSC code by Local Security Policy (GPO), by using GPRegistryPolicyDSC Module.

Verbose logs showing the problem

Machine in Azure DSC is still in-progress status, never finishes the configuration (normally configured in 10min including software installations) Error from Azure DSC RAW Report: Index was out of range. Must be non-negative and less than the size of the collection. xDSCDiagnostics module points to this particular module.

Suggested solution to the issue

Let the module to finish the configuration and configure the policies accordingly.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# insert configuration here (only part of the code here, whole has about 7k lines)
 RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PolicyVersion'
         {
              ValueName = 'PolicyVersion'
              ValueData = 534
              ValueType = 'Dword'
              TargetType = 'ComputerConfiguration'
              Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall'
         }

         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\ConSecRules\{e571f044-8183-493e-ad47-3fd714e619b9}'
         {
              ValueName = '{e571f044-8183-493e-ad47-3fd714e619b9}'
              ValueData = 'v2.22|Action=SecureServer|Name=Nvs-DC-Out-Winrm|Desc=Secure Winrm|Protocol=6|Active=TRUE|Profile=Domain|EP2Port=5985|EP2Port=5986|Auth1Set=Nvs-Mm-Kerb|Auth2Set=Nvs-Em-Kerb-Or-Anon|Crypto2Set=Nvs-Qm-EspGcm128|EmbedCtxt=Nvs-Ipsec-DC-Winrm|'
              ValueType = 'String'
              TargetType = 'ComputerConfiguration'
              Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\ConSecRules'
         }

         RegistryPolicyFile 'Registry(POL): HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\ConSecRules\{6c77dbb9-31bf-45f8-b238-46dcb8a80665}'
         {
              ValueName = '{6c77dbb9-31bf-45f8-b238-46dcb8a80665}'
              ValueData = 'v2.22|Action=SecureServer|Name=Nvs-DC-In-Winrm|Desc=Secure Winrm|Protocol=6|Active=TRUE|Profile=Domain|EP1Port=5985|EP1Port=5986|Auth1Set=Nvs-Mm-Kerb|Auth2Set=Nvs-Em-Kerb-Or-Anon|Crypto2Set=Nvs-Qm-EspGcm128|EmbedCtxt=Nvs-Ipsec-DC-Winrm|'
              ValueType = 'String'
              TargetType = 'ComputerConfiguration'
              Key = 'SOFTWARE\Policies\Microsoft\WindowsFirewall\ConSecRules'
         }

The operating system the target node is running

Windows Server 2019 or Windows Server 2019 Core (both contains WMF 5.1 by default), English language.,

Version and build of PowerShell the target node is running

Powershell 5.1

Version of the DSC module that was used

GPRegistryPolicyDsc module version 1.2.0

@johlju @jcwalker @gaelcolas @NicolasBn do you have any clue where the problem is, please?