Validation strings for the item value do not match the strings that apply to registry.
Setting: Domain_controller_LDAP_server_signing_requirements
Correct values (checked on Server 2016): None, Require signing
Current validation strings: [Write, ValueMap{"None","Require Signature"}, Values{"None","Require Signature"}] String Domain_controller_LDAP_server_signing_requirements;
Current registry strings: "Domain_controller_LDAP_server_signing_requirements" = @{ Value = "MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity" Section = 'Registry Values' Option = @{ 'None' = '4,1' 'Require Signing' = '4,2' } }
Commit 8ba0cfe seemed to inadvertently introduce the requirement with the incorrect string:
https://github.com/PowerShell/SecurityPolicyDsc/commit/8ba0cfe4c171e8c689b42275b0c13319ac3475f3#diff-0c166052c748e9bb455bb1181a5d65ca
Verbose logs showing the problem
The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: At least one of the values 'Require signing' is not supported or valid for property 'Domain_controller_LDAP_server_signing_requirements' on class 'SecurityOption'. Please specify only supported values:
None, Require Signature.
Suggested solution to the issue
DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.schema.mof
Change Line 30 to:
[Write, ValueMap{"None","Require Signing"}, Values{"None","Require Signing"}] String Domain_controller_LDAP_server_signing_requirements;
The DSC configuration that is used to reproduce the issue (as detailed as possible)
Validation strings for the item value do not match the strings that apply to registry.
Setting: Domain_controller_LDAP_server_signing_requirements Correct values (checked on Server 2016): None, Require signing Current validation strings:
[Write, ValueMap{"None","Require Signature"}, Values{"None","Require Signature"}] String Domain_controller_LDAP_server_signing_requirements;
Current registry strings:"Domain_controller_LDAP_server_signing_requirements" = @{ Value = "MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity" Section = 'Registry Values' Option = @{ 'None' = '4,1' 'Require Signing' = '4,2' } }
Commit 8ba0cfe seemed to inadvertently introduce the requirement with the incorrect string: https://github.com/PowerShell/SecurityPolicyDsc/commit/8ba0cfe4c171e8c689b42275b0c13319ac3475f3#diff-0c166052c748e9bb455bb1181a5d65caVerbose logs showing the problem
The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: At least one of the values 'Require signing' is not supported or valid for property 'Domain_controller_LDAP_server_signing_requirements' on class 'SecurityOption'. Please specify only supported values: None, Require Signature.
Suggested solution to the issue
DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.schema.mof Change Line 30 to:
[Write, ValueMap{"None","Require Signing"}, Values{"None","Require Signing"}] String Domain_controller_LDAP_server_signing_requirements;
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
OsName : OsOperatingSystemSKU : OsArchitecture : WindowsBuildLabEx : 14393.2906.amd64fre.rs1_release_inmarket.190401-180 OsLanguage : OsMuiLanguages :
Version and build of PowerShell the target node is running
Name Value
PSVersion 5.1.14393.2879 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.14393.2879 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1
Version of the DSC module that was used ('dev' if using current dev branch)
published (master)