dsccommunity
Cluster: When using distinguished naming of cluster, second pass of DSC fails.
I want to create the AD Cluster object in a specific OU
Verbose logs showing the problem
PSComputerName : SRV70031
RunspaceId : 83a68bc5-290c-46d9-8521-4b55093d7bb9
ConfigurationName : QSClusterDsc
DependsOn : {[WindowsFeature]WSCS}
ModuleName : xFailoverCluster
ModuleVersion : 1.16.0
PsDscRunAsCredential :
ResourceId : [xCluster]PrepareCluster
SourceInfo : \\tsclient\E\IGEL\Source\Platform\DSC\~Config\QSClusterDSC.ps1::223::13::xCluster
DurationInSeconds : 9.353
Error : {
"Exception": {
"Message": "PowerShell DSC resource MSFT_xCluster failed to execute
Set-TargetResource functionality with error message: There was an error adding node
\u0027SRV70031\u0027 to the cluster ",
"Data": {
},
"InnerException": {
"SerializedRemoteException":
"Microsoft.FailoverClusters.PowerShell.ClusterCmdletException: T**here was an error adding node
\u0027SRV70031\u0027 to the cluster ---\u003e**
Microsoft.FailoverClusters.PowerShell.ClusterCmdletException: T**he computer
\u0027SRV70031.rd01.local\u0027 is joined to a cluster**.\r\n --- End of inner exception stack
trace ---",
"SerializedRemoteInvocationInfo":
"System.Management.Automation.InvocationInfo",
"ErrorRecord": "There was an error adding node
\u0027SRV70031\u0027 to the cluster\n The computer \u0027SRV70031.rd01.local\u0027 is joined
to a cluster.",
"WasThrownFromThrowStatement": false,
"Message": "There was an error adding node
\u0027SRV70031\u0027 to the cluster",
"Data":
"System.Collections.ListDictionaryInternal",
"InnerException": null,
"TargetSite": "Void EndInvoke()",
"StackTrace": " at
System.Management.Automation.Runspaces.AsyncResult.EndInvoke()\r\n at System.Management.Automa
tion.PowerShell.CoreInvokeRemoteHelper[TInput,TOutput](PSDataCollection`1 input,
PSDataCollection`1 output, PSInvocationSettings settings)\r\n at
System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input,
PSDataCollection`1 output, PSInvocationSettings settings)\r\n at
System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings
settings)\r\n at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapt
er.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd,
List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration,
LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32\u0026
resultStatusHandle, Collection`1\u0026 result, ErrorRecord\u0026 errorRecord, PSModuleInfo
localRunSpaceModuleInfo)",
"HelpLink": null,
"Source": "System.Management.Automation",
"HResult": -2146233087
},
"TargetSite": null,
"StackTrace": null,
"HelpLink": null,
"Source": null,
"HResult": -2146233079
},
"TargetObject": null,
"CategoryInfo": {
"Category": 7,
"Activity": "",
"Reason": "InvalidOperationException",
"TargetName": "",
"TargetType": ""
},
"FullyQualifiedErrorId": "ProviderOperationExecutionFailure",
"ErrorDetails": null,
"InvocationInfo": null,
"ScriptStackTrace": null,
"PipelineIterationInfo": [
]
}
FinalState :
InDesiredState : False
InitialState :
InstanceName : PrepareCluster
RebootRequested : False
ResourceName : xCluster
StartDate : 4/12/2021 11:58:00 AM
StateChanged : False
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
if ($Node.Replica -eq 'Primary') {
xCluster 'PrepareCluster' {
PsDscRunAsCredential = $SetupCredential
DomainAdministratorCredential = $SetupCredential
Name = $Node.FailoverClusterName
StaticIPAddress = $Node.FailoverClusterIPAddress
IgnoreNetwork = $Node.FailoverClusterIgnoreNetwork
DependsOn = @('[WindowsFeature]WSCS')
}
} else {
$FailoverClusterName = ((($Node.FailoverClusterName -split ',')[0]) -split '=')[1]
xCluster 'PrepareCluster' {
PsDscRunAsCredential = $SetupCredential
DomainAdministratorCredential = $SetupCredential
Name = $FailoverClusterName
StaticIPAddress = $Node.FailoverClusterIPAddress
IgnoreNetwork = $Node.FailoverClusterIgnoreNetwork
DependsOn = @('[xWaitForCluster]WaitForCluster')
}
xWaitForCluster 'WaitForCluster' {
PsDscRunAsCredential = $SetupCredential
Name = $FailoverClusterName
RetryIntervalSec = 5
RetryCount = 15
DependsOn = @('[WindowsFeature]WSCS')
}
--First Nodes MOF
instance of MSFT_xCluster as $MSFT_xCluster1ref
{
ResourceID = "[xCluster]PrepareCluster";
PsDscRunAsCredential = $MSFT_Credential1ref;
IgnoreNetwork = {
"10.50.0.0/16"
};
StaticIPAddress = "192.168.1.20";
DomainAdministratorCredential = $MSFT_Credential2ref;
SourceInfo = "\\\\tsclient\\E\\IGEL\\Source\\Platform\\DSC\\~Config\\QSClusterDSC.ps1::223::13::xCluster";
Name = "CN=SRV70CLU,OU=Computers,OU=Admin,OU=Resources,DC=rd01,DC=local";
ModuleName = "xFailoverCluster";
ModuleVersion = "1.16.0";
DependsOn = {
"[WindowsFeature]WSCS"};
ConfigurationName = "QSClusterDsc";
};
--Second Nodes MOF
instance of MSFT_xCluster as $MSFT_xCluster1ref
{
ResourceID = "[xCluster]PrepareCluster";
PsDscRunAsCredential = $MSFT_Credential1ref;
IgnoreNetwork = {
"10.50.0.0/16"
};
StaticIPAddress = "192.168.1.20";
DomainAdministratorCredential = $MSFT_Credential2ref;
SourceInfo = "\\\\tsclient\\E\\IGEL\\Source\\Platform\\DSC\\~Config\\QSClusterDSC.ps1::233::13::xCluster";
Name = "SRV70CLU";
ModuleName = "xFailoverCluster";
ModuleVersion = "1.16.0";
DependsOn = {
"[xWaitForCluster]WaitForCluster"};
ConfigurationName = "QSClusterDsc";
};
instance of MSFT_xWaitForCluster as $MSFT_xWaitForCluster1ref
{
ResourceID = "[xWaitForCluster]WaitForCluster";
PsDscRunAsCredential = $MSFT_Credential3ref;
RetryCount = 15;
SourceInfo = "\\\\tsclient\\E\\IGEL\\Source\\Platform\\DSC\\~Config\\QSClusterDSC.ps1::241::13::xWaitForCluster";
Name = "SRV70CLU";
ModuleName = "xFailoverCluster";
RetryIntervalSec = 5;
ModuleVersion = "1.16.0";
DependsOn = {
"[WindowsFeature]WSCS"};
ConfigurationName = "QSClusterDsc";
};
The operating system the target node is running
OsName : Microsoft Windows Server 2019 Datacenter OsOperatingSystemSKU : DatacenterServerEdition OsArchitecture : 64-bit WindowsVersion : 1809 WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434 OsLanguage : en-US OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
SVersion 5.1.17763.1490 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.17763.1490 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1
Version of the DSC module that was used
1.16.0
In the first node you have:
Name = "CN=SRV70CLU,OU=Computers,OU=Admin,OU=Resources,DC=rd01,DC=local";
In the second node you have:
Name = "SRV70CLU";
By "second pass" do you mean that the first node creates the CNO in the OU, but when the configuration runs Test-TargetResource it fails (when it enforces the configuration and checks current state against desired state)?
Yes, and that is on the first pass of cluster node one and two. On the first pass it all works. Ont the second pass the first node falls. The one with a distibgusihed name
From: Johan Ljunggren @.> Sent: Monday, April 12, 2021 5:58:25 PM To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)
By "second pass" do you mean that the first node creates the CNO in the OU, but when the configuration runs Test-TargetResource it fails (when it enforces the configuration and checks current state against desired state)?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-817928443, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4DROTJ2EPCHMSQ4VH3TIMKCDANCNFSM42Y7CW5Q.
I have used pre-staged accounts so never seen this. Sounds like there is an issue when using the full distinguished name.
I’ll try powershell in DSC format is not my thing.
From: Johan Ljunggren @.> Sent: Monday, April 12, 2021 9:08:48 PM To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)
Happy to review a pull request that fixes this.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-818062944, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4CF3OMUWUXVLVECU53TINAMBANCNFSM42Y7CW5Q.
Well I've made my best, but when i try to push my branch i get this:
E:\IGEL\Source\xFailoverCluster [fix_to_use_distinguised_name]> git push --set-upstream origin fix_to_use_distinguised_name info: please complete authentication in your browser... remote: Permission to dsccommunity/xFailOverCluster.git denied to IlleNilsson. fatal: unable to access 'https://github.com/dsccommunity/xFailOverCluster.git/': The requested URL returned error: 403 E:\IGEL\Source\xFailoverCluster [fix_to_use_distinguised_name]>
And yes i got a browser to autenticate with, and it said, Success :(
You need to fork the main repository. On the repository page there is a button “Fork” at top right. Once you forked you need to make a remote my to the fork, in the local repository folder. Then you push to the remote. From there you make the pull request.
Read how to do it here https://dsccommunity.org/guidelines/getting-started/#forking-a-repository-on-github
Thats intendent, when you do create-cluster it is valid to use distinguished name, not when searching to add nodes
From: Johan Ljunggren @.> Sent: Saturday, April 17, 2021 5:33:55 PM To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)
You need to fork the main repository. On the repository page there is a button “Fork” at top right. Once you forked you need to make a remote my to the fork, in the local repository folder. Then you push to the remote. From there you make the pull request.
Read how to do it here https://dsccommunity.org/guidelines/getting-started/#forking-a-repository-on-github
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-821841344, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4ESMBTD4SUJ4GAUKVDTJGS6HANCNFSM42Y7CW5Q.
Here we go, a fork IlleNilsson/xFailOverCluster. There is at least one thing I'm not happy with. I added a function named Convert-DistinguishedNameToSimpleName. I could not find a common place to put it, so it is in all Resources, not optimal.
Great! Now you need to go to your fork an create a pull request. Got to https://github.com/IlleNilsson/xFailOverCluster/pulls and click on new pull request. Base repository should be dsccommunity/xFailOverCluster and base should be main. The head repository should be IlleNilsson/xFailOverCluster and compare should be the working branch where you pushed the changes.
I could not find a common place to put it, so it is in all Resources, not optimal.
We could add a new common module FailoverCluster.Common similar to here: https://github.com/dsccommunity/DnsServerDsc/tree/main/source/Modules/DnsServerDsc.Common
We also need to copy it during build by changing build.yaml:
https://github.com/dsccommunity/DnsServerDsc/blob/97f6ef720def5fc0d920c63607f3ed2f8e03f9fb/build.yaml#L8
The we just need to import the module in the resource code like line 2 and 5 here:
https://github.com/dsccommunity/DnsServerDsc/blob/97f6ef720def5fc0d920c63607f3ed2f8e03f9fb/source/DSCResources/DSC_DnsServerADZone/DSC_DnsServerADZone.psm1#L2-L5
You said "we could", does that mean me? I'm not up to speed on building DSC Resources. Can we do it togheter?
We could, as in the community could. That can be resolved in another PR, or I could see if I have time to add an empty module where we can move the code.
I would like to get it done, l’m changing assignment and I’m afraid the customer won’t resolve this issue without me. So whatever I can do, let me know.
From: Johan Ljunggren @.> Sent: Thursday, April 22, 2021 7:25:21 PM To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)
We could, as in the community could. That can be resolved in another PR, or I could see if I have time to add an empty module where we can move the code.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-825043823, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4BX5D2FZLGYSOHS3LLTKBLYDANCNFSM42Y7CW5Q.
Done this, getting...
Tests completed in 77.33s Tests Passed: 289, Failed: 0, Skipped: 4, Pending: 0, Inconclusive: 0
Code coverage report: Covered 99.38% of 649 analyzed Commands in 8 Files. Missed commands:
File Class Function Line Command
Modules\FailoverCluster.Common\FailoverCluster.Common.psm1 Convert-DistinguishedNameToSimpleName 29 $returnV... Modules\FailoverCluster.Common\FailoverCluster.Common.psm1 Convert-DistinguishedNameToSimpleName 29 (($Disti... Modules\FailoverCluster.Common\FailoverCluster.Common.psm1 Convert-DistinguishedNameToSimpleName 29 ($Distin... Modules\FailoverCluster.Common\FailoverCluster.Common.psm1 Convert-DistinguishedNameToSimpleName 29 $Disting...
Any hints for me to resolve this?
From: Johan Ljunggren @.> Sent: Sunday, 18 April 2021 12:51 To: dsccommunity/xFailOverCluster @.> Cc: Ilian Nilsson @.>; Author @.> Subject: Re: [dsccommunity/xFailOverCluster] xCluster: When using distinguished naming of cluster, second pass of DSC fails. (#256)
Great! Now you need to go to your fork an create a pull request. Got to https://github.com/IlleNilsson/xFailOverCluster/pulls and click on new pull request. Base repository should be dsccommunity/xFailOverCluster and base should be main. The head repository should be IlleNilsson/xFailOverCluster and compare should be the working branch where you pushed the changes.
I could not find a common place to put it, so it is in all Resources, not optimal.
We could add a new common module FailoverCluster.Common similar to here: https://github.com/dsccommunity/DnsServerDsc/tree/main/source/Modules/DnsServerDsc.Common We also need to copy it during build by changing build.yaml: https://github.com/dsccommunity/DnsServerDsc/blob/97f6ef720def5fc0d920c63607f3ed2f8e03f9fb/build.yaml#L8 The we just need to import the module in the resource code like line 2 and 5 here: https://github.com/dsccommunity/DnsServerDsc/blob/97f6ef720def5fc0d920c63607f3ed2f8e03f9fb/source/DSCResources/DSC_DnsServerADZone/DSC_DnsServerADZone.psm1#L2-L5
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/dsccommunity/xFailOverCluster/issues/256#issuecomment-821972104, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AID6F4D2SWOBBDH5VLWG2VTTJK2STANCNFSM42Y7CW5Q.