search

dsccommunity / xPSDesiredStateConfiguration

DSC resources for configuring common operating systems features, files and settings.
https://dsccommunity.org
MIT License
199 stars 132 forks source link

xUser: Returns 'The variable '$user' cannot be retrieved' error inside Windows 2022 Server Core container #757

Open dk-ebeisecker opened 1 year ago

dk-ebeisecker commented 1 year ago

Problem description

When I attempt to run the xUser resource inside a Docker build of Windows 2022 Server Core, I get the following error

Docker image mcr.microsoft.com/windows/servercore ltsc2022 b53d206693f6 

PS C:\> Invoke-DscResource @user -Verbose                                                                                                                                                                                                 cmdlet Invoke-DscResource at command pipeline position 1                                                            
Supply values for the following parameters:                                                                          
Method: Test                                                                                                         
PowerShell DSC resource DSC_xUserResource  failed to 
execute Test-TargetResource functionality with error message:   The variable '$user' cannot be retrieved because it has not been set.                                                    
+ CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException              
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName        : localhost

Verbose logs

PS C:\> Invoke-DscResource @user -Verbose

cmdlet Invoke-DscResource at command pipeline position 1
Supply values for the following parameters:
Method: Test
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceTest,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer 3796F4E274AA with user sid S-1-5-93-2-1.
VERBOSE: [3796F4E274AA]: LCM:  [ Start  Test     ]  [[xUser]DirectResourceAccess]
VERBOSE: [3796F4E274AA]: LCM:  [ End    Test     ]  [[xUser]DirectResourceAccess] False in 0.1720 seconds.
PowerShell DSC resource DSC_xUserResource  failed to execute Test-TargetResource functionality with error message: The variable '$user'
cannot be retrieved because it has not been set.
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.321 seconds
PS C:\> Invoke-DscResource @user -Verbose

cmdlet Invoke-DscResource at command pipeline position 1
Supply values for the following parameters:
Method: Set
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer 3796F4E274AA with user sid S-1-5-93-2-1.
VERBOSE: [3796F4E274AA]: LCM:  [ Start  Set      ]  [[xUser]DirectResourceAccess]
VERBOSE: [3796F4E274AA]:                            [[xUser]DirectResourceAccess] Configuration of user MyNewUser started.
VERBOSE: [3796F4E274AA]: LCM:  [ End    Set      ]  [[xUser]DirectResourceAccess]  in 0.1720 seconds.
PowerShell DSC resource DSC_xUserResource  failed to execute Set-TargetResource functionality with error message: The variable '$user'
cannot be retrieved because it has not been set.
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.317 seconds

DSC configuration

$user = @{                                                                                                                         
  Name = 'xUser'                                                                                                                          
  ModuleName = 'xPSDesiredStateConfiguration'                                                                                            
  Property = @{                                                                                                                           
    UserName = 'MyNewUser'                                                                                                                  
    Password = New-Object System.Management.Automation.PSCredential('Bamboo',(ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force))  
}                                                                                                                                       
}

Suggested solution

I'm not sure what the problem is

Operating system the target node is running

OsName               : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.859.amd64fre.fe_release_svc_prod2.220707-1832
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.20348.1366
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.1366
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

xPSDesiredStateConfiguration version

Name                         Version Path
----                         ------- ----
xPSDesiredStateConfiguration 9.1.0   C:\Program Files\WindowsPowerShell\Modules\xPSDesiredStateConfiguration\9.1.0\xPSDesiredStateConf...
johlju commented 1 year ago

Verify that these lines work setting the variable $user.

https://github.com/dsccommunity/xPSDesiredStateConfiguration/blob/7703bb11324d26c97d80684bdc4fe46cb982b0ca/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1#L661-L666

dk-ebeisecker commented 1 year ago

The first line fails

PS C:\> $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Machine)

Unable to find type [System.DirectoryServices.AccountManagement.ContextType].
At line:1 char:107
+ ... gumentList ([System.DirectoryServices.AccountManagement.ContextType]: ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Director...ent.ContextType:TypeName) [], RuntimeException
    + FullyQualifiedErrorId : TypeNotFound
johlju commented 1 year ago

So then the current implementation is not supported in a container.

The following line is used on a Nano server, does it work in the container?

https://github.com/dsccommunity/xPSDesiredStateConfiguration/blob/7703bb11324d26c97d80684bdc4fe46cb982b0ca/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1#L1135

If that works, can you see what this outputs?

(Get-CimInstance -ClassName Win32_OperatingSystem).OperatingSystemSKU
dk-ebeisecker commented 1 year ago

Yes, that line works fine inside the container


PS C:\> [Microsoft.PowerShell.Commands.LocalUser] $user = Get-LocalUser -Name 'Guest' -ErrorAction Stop
PS C:\> $user

Name  Enabled Description
----  ------- -----------
Guest False   Built-in account for guest access to the computer/domain

PS C:\> (Get-CimInstance -ClassName Win32_OperatingSystem).OperatingSystemSKU
8
johlju commented 1 year ago

Okay so then the resource might need to switch to the same logic as used in a Nano server.

Looking at the list of SKUs here https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-operatingsystem the container reports as a normal Desktop Experience. Must be some other why to determine that it runs in a container. 🤔

But if you want to test out the full functionality of when running in Nano (might be other problems) you could replace the following lines in your local installed module to if ($true) so the Nano-logic is ran.

https://github.com/dsccommunity/xPSDesiredStateConfiguration/blob/7703bb11324d26c97d80684bdc4fe46cb982b0ca/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1#L45

https://github.com/dsccommunity/xPSDesiredStateConfiguration/blob/7703bb11324d26c97d80684bdc4fe46cb982b0ca/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1#L144

https://github.com/dsccommunity/xPSDesiredStateConfiguration/blob/7703bb11324d26c97d80684bdc4fe46cb982b0ca/source/DSCResources/DSC_xUserResource/DSC_xUserResource.psm1#L239

johlju commented 1 year ago

So what we need is new logic to test if running in a container and then run the same logic as Nano (if it works) or other logic that is needed for a Windows container.