search

microsoft / BaselineManagement

Conversion tool used to Convert Group Policy baselines into DSC
MIT License
266 stars 52 forks source link

Kerberos SupportedEncryptionTypes reg key breaks dsc conversion #65

Open mzarglis opened 2 years ago

mzarglis commented 2 years ago 
Write-DSCString : The Write-DSCString command was called but the parameters block is missing a property name
At C:\Program Files (x86)\WindowsPowerShell\Modules\BaselineManagement\4.1.1\Parsers\GPO\Registry.ps1:360 char:5
+     Write-DSCString -Resource -Name "Registry(POL): $(Join-Path -Path ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Write-DSCString

Write-DSCString : The Write-DSCString command was called but the parameters block is missing a property name
At C:\Program Files (x86)\WindowsPowerShell\Modules\BaselineManagement\4.1.1\Parsers\GPO\Registry.ps1:360 char:5
+     Write-DSCString -Resource -Name "Registry(POL): $(Join-Path -Path ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Write-DSCString

SecurityPolicyDsc\SecurityOption : At least one of the values '2147483640' is not supported or valid for property 'Network_security_Configure_encryption_types_allowed_for_Kerberos' on class 'SecurityOption'. Please specify only supported
values:
DES_CBC_CRC, DES_CBC_MD5, RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, FUTURE.
At line:2975 char:10
+          SecurityOption 'SecurityRegistry(INF): Network_security_Conf ...
+          ~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Write-Error], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnsupportedValueForProperty,SecurityPolicyDsc\SecurityOption

Compilation errors occurred while processing configuration 'DSCFromGPO'. Please review the errors reported in error stream and modify your configuration code appropriately.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3917 char:5
+     throw $ErrorRecord
+     ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (DSCFromGPO:String) [], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessConfiguration

Removing MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypes

solves the issue

gnuhow commented 2 years ago

I had the same issue.