search

puppetlabs / ruby-pwsh

A ruby gem for interacting with PowerShell
MIT License
15 stars 23 forks source link

PowerShell resources erroring out #196

Open AmarettoSlim opened 2 years ago

AmarettoSlim commented 2 years ago

Hi puppetlabs,

I'm hoping someone could help me out here, I have a system that is exhibiting the same behavior (powershell resources erroring out) and message reported in issue #188, but we're already running the latest version of ruby-pwsh. I confirmed the code that prevents SystemRoot from being cleaned up is present on the box. We have "PowerShell Script Block Logging" enabled but do not use ""Protected Event Logging".

I recognize that because I don't know what setting(s) are causing this, reproducing is difficult / impossible but if someone could share how I can troubleshoot this on the machine, that would be appreciated.

Thanks!

Error Sample `PS C:\Users> puppet agent -t -v Info: Using environment 'ex_production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for server100.sub.domain.com Info: Applying configuration version '1664544632'

<Thread:0x000000000a41ae10 C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:561 run> terminated with exception (repor

t_on_exception is true): Traceback (most recent call last): 1: from C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:563:in block in read_streams' C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:563:insysread': end of file reached (EOFError)

<Thread:0x0000000009dd7ee0 C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:561 run> terminated with exception (repor

t_on_exception is true):`

chelnak commented 2 years ago

Hey thanks for raising this issue.

Reproducing this kind of error in an environment where you can capture the full error is a little tricky to be honest. I talk about it a bit in #188.

It also may not be related to #188 at all. The error returned by ruby-pwsh is just saying that "something pretty bad happened".

If you could provide some more information about your environment I can look at this next week.

I'd be looking for the following:

AmarettoSlim commented 2 years ago

Hi @chelnak - thanks for the reply, here is the information you're looking for:

ruby-pwsh version - 0.10.2 Operating System - Windows Server 2016 Datacenter (10.0.14393 Build 14393) Puppet Version - 7.4.2 Puppet Agent Version - 7.13.1

kenyon commented 4 months ago

@AmarettoSlim did you figure this out? I started getting something very similar tothis on some newly-provisioned Windows 10 21H2 machines. Nothing in my Puppet environment related to PowerShell has changed AFAIK, and my Windows team hasn't reported any GPO changes.

During "applying configuration" part of the Puppet run:

C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:558 run terminated with exception (report_on_exception is true):
C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:560:in `sysread': end of file reached (EOFError)
        from C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:560:in `block in read_streams'
C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:234:in `close': Broken pipe @ fptr_finalize_flush - \\.\pipe\a99ea6c-0d38-40f1-b0e3-87a866bed945PsHost (Errno::EPIPE)
        from C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:234:in `exit'
        from C:/ProgramData/PuppetLabs/puppet/cache/lib/pwsh.rb:172:in `block in initialize'
kenyon commented 4 months ago

Turns out my problem was caused by our allowlisting security software Airlock Digital 😢. It was preventing access to RubyPwsh.cs, which I determined by running init.ps1 manually and seeing the powershell "access to the path is denied" error/exception.