search

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.52k stars 458 forks source link

InvalidOperation: The PowerShell DSC resource MSFT_AADApplication from module <Microsoft365DSC,1.24.710.2> does not exist at the PowerShell module path nor is it registered as a WMI DSC resource. #4868

Open DylanWoodhead opened 1 month ago

DylanWoodhead commented 1 month ago

Description of the issue

Hi, I'm trying to run Start-DSCConfiguration -Path .\M365TenantConfig\ -Wait -Verbose -Force where .\M365TenantConfig\ contains the localhost.mof file from exporting a tenant. However, I'm getting this error: InvalidOperation: The PowerShell DSC resource MSFT_AADApplication from module <Microsoft365DSC,1.24.710.2> does not exist at the PowerShell module path nor is it registered as a WMI DSC resource. I've done a quick google and haven't been able to find anything that helps.

Thanks in advance for any support!

Microsoft 365 DSC Version

1.24.703.1

Which workloads are affected

other

The DSC configuration

Start-DSCConfiguration -Path .\M365TenantConfig\ -Wait -Verbose -Force

Verbose logs showing the problem

InvalidOperation: The PowerShell DSC resource MSFT_AADApplication from module <Microsoft365DSC,1.24.710.2> does not exist at the PowerShell module path nor is it registered as a WMI DSC resource.

Environment Information + PowerShell Version

OsName               : Microsoft Windows 10 Business
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : en-GB
OsMuiLanguages       : {en-GB}

Name                           Value
----                           -----
PSVersion                      7.4.2
PSEdition                      Core
GitCommitId                    7.4.2
OS                             Microsoft Windows 10.0.19045
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0
FabienTschanz commented 1 month ago

@DylanWoodhead Where are the Microsoft365DSC and the necessary PowerShell modules installed? They must be installed in the WindowsPowerShell module directory, which can be accomplished by running the command Install-Module Microsoft365DSC and Update-M365DSCModule -Scope AllUsers from inside a PowerShell 5 session. After that, you can switch to PowerShell 7 again.

See PowerShell 7 Support for more information why and what issues are possible.

DylanWoodhead commented 1 month ago

@FabienTschanz Thanks for your reply. I've tried installing in a PowerShell 5 session and still getting the same error. I have run get-module -ListAvailable | Where-object {$_.Name -like '*Microsoft365DSC*'} and it's returned the below that shows I have 365DSC installed 3 times in 2 different locations, not sure if this is correct.

image

FabienTschanz commented 1 month ago

@DylanWoodhead Unfortunately Microsoft365DSC only works when the PowerShell modules are installed in the WindowsPowerShell directory. Please uninstall all modules and then in a PowerShell 5 session, install them again. Make sure that before installing it again after uninstalling, no modules are listed.

DylanWoodhead commented 1 month ago

@FabienTschanz Ah thank you! I have uninstalled/removed all current modules for 365DSC and then installed in PowerShell 5 as an administrator. When running Start-DSCConfiguration -Path .\M365TenantConfig\ -Wait -Verbose -Force I am still getting the error of InvalidOperation: The PowerShell DSC resource MSFT_AADApplication from module <Microsoft365DSC,1.24.710.2> does not exist at the PowerShell module path nor is it registered as a WMI DSC resource. I have checked what module is installed and it says I have Version 1.24.710.3. In the error it mentions 1.24.710.2. Could this be the reason for the error message potentially?

image

ricmestre commented 1 month ago

You exported the blueprint still using 1.24.710.2 hence why you get that error message, in order to solve it pick one below

DylanWoodhead commented 1 month ago

@ricmestre Hi, thanks for that! I followed what you suggested and when I run Start-DSCConfiguration -Path .\M365TenantConfig\ -Wait -Verbose -Force in an Admin powershell 7, I now get this error,

`InvalidOperation: PowerShell DSC resource MSFT_AADApplication failed to execute Test-TargetResource functionality with error message: The following dependencies need updating:

If I run Update-M365DSCDependencies with scope "currentUser", it actually uninstalls all Graph modules. I tried running the Start-DSCConfiguration -Path .\M365TenantConfig\ -Wait -Verbose -Force as non-admin and I get this different error LimitsExceeded: The WinRM client sent a request to the remote WS-Management service and was notified that the request size exceeded the configured MaxEnvelopeSize quota..

Appreciate all the help!

FabienTschanz commented 1 month ago

@DylanWoodhead The command Update-M365DSCDependencies should be run either without any parameters or with Scope AllUsers in a Windows PowerShell 5 session, since that's the only supported way that all required modules will be available afterwards.

And Start-DSCConfiguration requires administrative privileges to send the configuration to the DSC provider.

ricmestre commented 1 month ago

Do yourself a favor and use PS5 instead of PS7. Start from scratch and just remove all modules, install M365DSC and its dependencies and always use PS5 with admin rights.

DylanWoodhead commented 1 month ago

@ricmestre Thanks for the suggestion! I've uninstalled/removed all modules for M365DSC, re-installed on PS5 only. However when I get to Start-DscConfiguration, this is the response I get;

image

I've googled about the MaxEnvelopeSize error and increased it but still getting the error. Thanks for any suggestions about this.

FabienTschanz commented 1 month ago

@DylanWoodhead Did you do it the same way as described in https://github.com/microsoft/Microsoft365DSC/issues/4779#issuecomment-2228947648? Does Get-Item -Path WSMan:\localhost\MaxEnvelopeSizeKb report 8192 as the value if you set it to that?

DylanWoodhead commented 1 month ago

@FabienTschanz this is the response from that.

image

ricmestre commented 1 month ago

8MB (8192) might not be enough for your configuration, I always set mine to 64MB (65536).

DylanWoodhead commented 1 month ago

Ah thanks @ricmestre, I've changed it and it seems to run. However, now when running Start-DscConfiguration -Path ".\EntraID-Intune-Export\" -Wait -Verbose -Force, I'm getting 2 consistent different errors.

image

The error about specifying certificate stuff is probably straight forward and I might've missed something in the docs to set this up or apply so any help regarding that would be great. I have no idea about the other error.

Thanks!

ricmestre commented 1 month ago

LCM runs with the SYSTEM account therefore you need to store the certificates in the LocalMachine store, not your user account. If they're already in LocalMachine remove all of them and re-import them with the correct private key and permissions.

DylanWoodhead commented 2 weeks ago

Hi, I've just picked this up again. I've moved the certificate to the LocalMachine, however still getting the error. I've done some digging and noticed that it's a registry location for the certificate in the error message and I have noticed that the cert thumbprint from the M365DSC.cer file doesn't match the thumbprint that's being created in the registry.

I'm assuming why I'm getting the 'Cannot find path' error is because of this, but not too sure how to resolve this. Any ideas would be appreciated, thank you!

FabienTschanz commented 2 weeks ago

@DylanWoodhead Am I right that your M365TenantConfig.ps1 specifies the use of CertificateThumbprint? Can you update the certificate thumbprint property in the ConfigurationData.psd1 file to the one of your M365DSC.cer file?

DylanWoodhead commented 2 weeks ago

@FabienTschanz Yes, my M365TenantConfig.ps1 export specifies the use of a thumbprint. I have updated the thumbprint property in the .psd1 file to the one I found in the .cer file but still running into the same error I'm afraid. Appreciate your help!

DylanWoodhead commented 2 weeks ago

I re-generated the mof file with the changed thumbprint and now I'm getting this error. It looks like it's looking at the application ID of my 1st tenant but is that correct when it should only be adding to a completely different tenant?

image

FabienTschanz commented 2 weeks ago

Your M365DSC.cer must be added to the App Registration as a certificate for authentication, see the error message The certificatae with identifier used to sign the client assertion is not registered on application.

That means you have to find your App registration, add the certificate to it, and then try again. It seems like your M365DSC.cer is not the same as the one that was previously registered on the App Registration.

Edit: Or if you want to to add the configuration to a completely different tenant, then you have to update the Tenant Id in the ConfigurationData.psd1 and regenerate the mof file. Then you can apply the configuration, if the certificate is registered on an App Registration and that Client Id is also correct for the tenant you want it to apply to.

DylanWoodhead commented 2 weeks ago

@FabienTschanz thank you for the heads up, I'll look into that. In the meantime, I started from scratch again but not using an app registration, instead I wanted to try with my user credentials, everything was going smooth when cloning to a new tenant but I'm now getting a different error where it's asking me to Authentication needed. Please call Connect-MgGraph.

Not too sure why it's asking me this as I've entered my credentials in and then it asked me to authenticate with MFA which I assumed was connecting to Graph.

image