PowerShell Desired State Configuration (DSC) Journey – Day 22

Update 4/15/2014:  I retyped this exact Configuration in a new PowerShell window this morning and everything works fine.  I have compared them side by side and the code is absolutely identical.  The one from yesterday still errors, the one from today compiles like it should.  Frustration level = high.

In my last post I talked about what my next plans were.  To that end I have put together a list of the steps I think need to be done to make it happen.  First step is the creation of a Template disk to use in Virtual Machine Manager (VMM).  This template is Server 2012 R2 with all the latest updates.  There are a lot of articles you can find out there on how to create a template so I am not going to go into those steps.  One other thing I have done is created an Application Profile, a Guest OS Profile, and a Hardware Profile to be used for my DSC Template.

My current thoughts on “first steps” is the following:

  • Build the server template with nothing but the OS.  This template is called SERVER2012R2_DSC_TEMPLATE
  • Build the simple Configuration I want to test with
  • Push the Configuration server template
  • Ensure changes are made to the Configuration
  • Revert those changes back to the way it was originally
  • Follow the steps in Option 1 in this article to inject the DSC Configuration into a .VHD
  • Convert my server template into a VMM template
  • Deploy a server from this template and see if the Configuration actually happens

My server template is built and completely updated.  The only things that I have modified are:

  • It has a DHCP Address
  • All Windows Firewall’s have been disabled
  • The time zone is set to Central Standard Time
  • IE ESC is set to Off
  • Windows Updates are set to download only

Here is the Configuration I am going to test with.  The lack of parameters in the Configuration is by design.  I am trying to keep things as simple as possible for now.  Of course all I want to do is set an IP Address and join to the domain.  But do you think I can get my Configuration to a .MOF?  Of course not, because no matter what I do, all it tells me is that

ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Credential' OF TYPE 'xComputer': Converting and storing encrypted passwords as plain text is not 
recommended for security reasons. If you understand the risks, you can add a property named “PSDscAllowPlainTextPassword” with a value of “$true” to your DSC configuration data, for each 
node where you want to allow plain text passwords. For more information about DSC configuration data, see the TechNet Library topic, http://go.microsoft.com/fwlink/?LinkId=386620.
At line:35 char:9
+   xComputer
At line:180 char:16
+     $aliasId = ConvertTo-MOFInstance $keywordName $canonicalizedValue
+                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Write-Error], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessProperty,ConvertTo-MOFInstance
Errors occurred while processing configuration 'DSCTemplate'.
At C:\windows\system32\windowspowershell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:2203 char:5
+     throw $errorRecord
+     ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (DSCTemplate:String) [], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessConfiguration

Even though I have this is my ConfigData setup:

$ConfigData = @{
                 AllNodes = @(
                             @{
                                 NodeName = "localhost";
                                 PSDscAllowPlainTextPassword = $true;
                             }
                            )
                 }

I’ve tried everything I can possibly think of, and absolutely cannot get anything but this freaking error.  Unbelievable.  If I run it without the -Credential parameter it creates the .MOF with no problems.  I’ve tried all manner of formatting and placement within the Configuration.  I’ve copied and pasted from TechNet articles and Steve Murawski’s example here.  I just don’t get it.  It shouldn’t be this hard.

Funny enough, if I Google search for “Converting and storing encrypted passwords as plain text is not recommended for security reasons. If you understand the risks, you can add a property named “PSDscAllowPlainTextPassword” ” the only thing that comes up is my previous blog article.  Which is certainly not encouraging.

I am running all of this on my Windows 8.1 computer that has WMF 5.0 Preview installed.  Hoping for some better insight (or that maybe WMF 5.0 is causing this issue) I run the exact same Configuration script on a Windows 2012 R2 server (without WMF 5.0).  This is what I got for the error.

ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Credential' OF TYPE 'xComputer': Converting and storing an encrypted password as plaintext is allowed only if 
PSDscAllowPlainTextPassword is set to true.
At line:32 char:9
+   xComputer
At line:164 char:16
+     $aliasId = ConvertTo-MOFInstance $keywordName $canonicalizedValue
+                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Write-Error], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessProperty,ConvertTo-MOFInstance
Errors occurred while processing configuration 'DSCTemplate'.
At C:\windows\system32\windowspowershell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:2088 char:5
+     throw $errorRecord
+     ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (DSCTemplate:String) [], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessConfiguration

A slightly different error message here but the same issue still stands.  I have it set as $true.  I have also tried $True and it doesn’t matter.  I really don’t understand what I am doing wrong here.

I mean look, I am clearly not crazy here:

PS C:\Windows\system32> 
$ConfigData = @{  
                AllNodes = @(       
                                @{
                                 NodeName = "localhost"
                                 PSDscAllowPlainTextPassword = $true    
                                 }
                             ) 
}

PS C:\Windows\system32> $ConfigData

Name                           Value                                                                                                                                                                                 
----                           -----                                                                                                                                                                                 
AllNodes                       {System.Collections.Hashtable}                                                                                                                                                        

PS C:\Windows\system32> $ConfigData.AllNodes

Name                           Value                                                                                                                                                                                 
----                           -----                                                                                                                                                                                 
NodeName                       localhost                                                                                                                                                                             
PSDscAllowPlainTextPassword    True

As a last ditch effort, on my Pull server (2012R2) I downloaded version 1.0 of the xComputerManagement Resource and restarted the server.  I am hoping that Version 1.2 is the problem I guess, because I am completely out of ideas.  And..nope.  Exact same freaking error. I am done for the day.

 

  • Hi Jacob,

    Are you still experiencing this issue? I’d been battling with it today as well, and finally found out what my problem was. I had defined my $configData, and this was good:

    $ConfigData = @{
    AllNodes = @(
    @{
    NodeName = ‘localhost’
    PSDscAllowPlainTextPassword = $true
    RebootNodeIfNeeded = $true
    ConfigurationMode = ‘ApplyOnly’
    RefreshFrequencyMins = 30
    }
    )
    }

    However, i had forgotten to ensure that the configuration for the nodes was within node branch, so only the LocalConfigManager section was being applied to all nodes :

    node $Allnodes.NodeName {
    LocalConfigurationManager
    {
    ConfigurationMode = ‘ApplyOnly’
    RefreshFrequencyMins = 30
    RebootNodeIfNeeded = $true
    }
    }

    What i should have done along the lines of the following example, making sure that the node $Allnodes.NodeName { branch didn’t close until the end of the configuration.

    node $Allnodes.NodeName {
    LocalConfigurationManager
    {
    ConfigurationMode = ‘ApplyOnly’
    RefreshFrequencyMins = 30
    RebootNodeIfNeeded = $true
    }

    WindowsFeature AD {
    Ensure = ‘Present’
    Name = ‘AD-Domain-Services’
    }

    etc
    etc
    }

    Not sure if this is the same problem you were encountering.

    cheers,

    Tim