[xPSEndpoint] Exception thrown with 'Set-DSCMachineRebootRequired' not recognised

[ricohomewood]

Details of the scenario you tried and the problem that is occurring

Using Azure Automation as the pullserver with xPSDesiredStateConfiguration imported.

Setting a PSSessionConfiguration using the xPSEndpoint DSC resource as per below configuration example on an Azure IaaS VM running Windows Server 2016 Core returns an exception on the inital run stating that is cannot find the Set-DSCMachineRebootRequired cmdlet as part of the initial Set-TargetResource functionality.

This eventually corrects itself after the next convergence of DSC but is not ideal in a scenario if using terraform etc to configure DSC on an IaaS VM which crashes out the Terraform run as a result of the DSC extension throwing a transition failure.

Verbose logs showing the problem

Job {EC17F768-D55A-11E9-BB34-000D3A4A58AD} :
MIResult: 1
Error Message: The SendConfigurationApply function did not succeed.
Message ID: MI RESULT 1
Error Category: 0
Error Code: 1
Error Type: MI
Job {EC17F768-D55A-11E9-BB34-000D3A4A58AD} :
MIResult: 1
Error Message: The PowerShell DSC resource '[xPSEndpoint]RemotePSEndpointConfig' with SourceInfo '::359::9::xPSEndpoint' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
Message ID: NonTerminatingErrorFromProvider
Error Category: 7
Error Code: 1
Error Type: MI
Job {EC17F768-D55A-11E9-BB34-000D3A4A58AD} :
MIResult: 1
Error Message: The term 'Set-DSCMachineRebootRequired' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Message ID: CommandNotFoundException
Error Category: 13
Error Code: 13
Error Type: MI
Job {26D6569C-D558-11E9-BB34-000D3A4A58AD} :
MIResult: 1
Error Message: The SendConfigurationApply function did not succeed.
Message ID: MI RESULT 1
Error Category: 0
Error Code: 1
Error Type: MI
Job {26D6569C-D558-11E9-BB34-000D3A4A58AD} :
MIResult: 1
Error Message: PowerShell DSC resource MSFT_xPSSessionConfiguration  failed to execute Set-TargetResource functionality with error message: System.Management.Automation.PSInvalidOperationException: Cannot write the shell configuration data into the temporary file C:\windows\system32\config\systemprofile\AppData\Local\Temp\ytro1ghx.5ogpsshell.xml. Reason for failure: Could not find a part of the path 'C:\windows\system32\config\systemprofile\AppData\Local\Temp\ytro1ghx.5ogpsshell.xml'..
   at Microsoft.PowerShell.Commands.RegisterPSSessionConfigurationCommand.ConstructTemporaryFile(String pluginContent)
   at Microsoft.PowerShell.Commands.RegisterPSSessionConfigurationCommand.ProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
Message ID: ProviderOperationExecutionFailure
Error Category: 7
Error Code: 1
Error Type: MI

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Configuration ConfigureAndDeployWebServers
{
param (
          [Parameter(Mandatory)]
          [string]$SomeSecret
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration

$SomeRunAsCredential = New-Object System.Management.Automation.PSCredential("someuser", (ConvertTo-SecureString $SomeSecret -AsPlainText -Force))

Node somenodename
{
....
xPSEndpoint RemotePSEndpointConfig
        {
            Ensure          = 'Present'
            Name            = 'RemotePS'
            RunAsCredential = $SomeRunAsCredential
        }
    }
}

The operating system the target node is running

OsName               : Microsoft Windows Server 2016 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 14393.3143.amd64fre.rs1_release.190725-1725
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14393.3053
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.3053
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

8.6.0.0 imported from Powershellgallery into Azure Automation Modules.

[ricohomewood]

@PlagueHO Any update to this bug? it makes xPsEndpoint unusable in Azure Automation DSC

[PlagueHO]

Sorry, @ricohomewood - I misses this. I'll take a look.

[PlagueHO]

Hi @ricohomewood - have you tried with the latest version of this module - 9.1.0? It looks like the problem shouldn't exist there and make have been fixed when the module was updated to the new structure (although there doesn't appear to be an entry - it may have been fixed as a side affect when I got all the tests working).

The function Set-DscMachineRebootRequired is declared in the xPSDesiredStateConfiguration.Common module and exported. It is imported in the DSC_xPSSessionConfiguration resource.

[ricohomewood]

Thanks @PlagueHO The updated version seems to have cleared that error but another does happen:

[2020-04-07 14:01:02Z] [web2]:[[xPSEndpoint]RemotePSEndpointConfig] Session configuration SpxRemotePS is absent
[2020-04-07 14:01:02Z] [WARNING] [web2]: [[xPSEndpoint]RemotePSEndpointConfig] When RunAs is enabled in a Windows PowerShell session configuration, the Windows security model cannot enforce a security boundary between different user sessions that are created by using this endpoint. Verify that the Windows PowerShell runspace configuration is restricted to only the necessary set of cmdlets and capabilities.
[2020-04-07 14:01:04Z] [WARNING] [WSManNetworkFailureDetected] The network connection to localhost has been interrupted. Attempting to reconnect for up to 4 minutes... 
[2020-04-07 14:01:09Z] [WARNING] [WSManConnectionRetryAttempt] Attempting to reconnect to localhost ... 
[2020-04-07 14:01:09Z] [WARNING] [WSManConnectionRetrySucceeded] The network connection to localhost has been restored.
[2020-04-07 14:01:09Z] [ERROR] The WS-Management service cannot process the operation. The operation is being attempted on a client session that is unusable.  This may be related to a recent restart of the WS-Management service. Please create a new client session and retry the operation if re-executing the operation does not have undesired behavior.
[2020-04-07 14:01:09Z] [VERBOSE] Operation 'Invoke CimMethod' complete.
[2020-04-07 14:01:09Z] [VERBOSE] Time taken for configuration job to complete is 286.001 seconds"

The restart of the WS-Management service causes the above. Not sure if there is a different way this should be handled?

[PlagueHO]

Hi @ricohomewood - Yes, I'd expect the WS-Man service restart to behave this way, however it isn't ideal that it is throwing an error during the process. It actually appears to be the DSC subsystem that it throwing the error itself, rather than the resource. One thing to note is that the resource suppresses the service WSMan Service restart - instead relying on the machine restart. Which from memory was to prevent this problem.

How did you apply the config? Was it Push over PS Remoting or via Pull Server?

Is the config you're testing above creating a new PS Endpoint or modifying an existing one?

One thing I should note about this resource: It hasn't been updated to HQRM so doesn't have any integration tests. This should be prioritized for this resource (something on the my very long backlog :cry: ). So it is possible there are issues like this that need to be sorted.

[ricohomewood]

Thanks for the info ...

This is running as a pull server (Azure Automation) the client running on an Azure Windows 2016 Server Core VM. It was trying to create a new session endpoint BUT what is strange, running it on another VM it didn't error so can't explain that? Maybe a race condition?

I'll run some more on some other new VM's I need to create in Azure and see if that happens again. Thanks