PowerStig icon indicating copy to clipboard operation
PowerStig copied to clipboard
verified publisher icon microsoft

After 4.26 release getting error: Could not find mandatory property Thumbprint. Add this property and try again.

Open JeffZhu-E2006182 opened this issue 7 months ago • 15 comments

Good day!

Below was working but not after 4.26 release. Please help me understand why and how to fix. thanks!

Configuration STIG_Windows_MS_baseline {

Import-DscResource -ModuleName PowerSTIG
$TechnologyVersion
$StigVersion
Node 'localhost' {
    WindowsServer BaseLine {
        OsVersion   = $TechnologyVersion
        OsRole      = 'MS'
        StigVersion = $StigVersion
        ## Example 
        ## Exception   = @{'V-1075'= @{'ValueData'='1'} }
        Exception   = @{

            'V-254439' = @{Identity = 'Guests' }
            'V-254435' = @{Identity = 'Guests' }
            'V-254436' = @{Identity = 'Guests' }
            'V-254438' = @{Identity = 'Guests' }

        }
        #SkipRule    = @('V-254353', 'V-254354')
    }
   
}

} Test-DscConfiguration D:\Support\STIG

STIG_Windows_MS_baseline -OutputPath:"D:\Support\STIG" Could not find mandatory property Thumbprint. Add this property and try again. CategoryInfo : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException FullyQualifiedErrorId : MI RESULT 6 PSComputerName : localhost

JeffZhu-E2006182 avatar Jul 03 '25 14:07 JeffZhu-E2006182

Please test with V4.27 and Confirm issue has been resolved or not.

MrAutomater avatar Sep 04 '25 20:09 MrAutomater

@MrAutomater, it looks like the issue is the processing of the Windows Server 2022 MS .xml. In v2.4 there's one missing entry: https://github.com/microsoft/PowerStig/blob/81b70faff07124ffb2aa019e9105a7f6c5e8d5ca/source/StigData/Processed/WindowsServer-2022-MS-2.4.xml#L5529 and in v2.5 there are two: https://github.com/microsoft/PowerStig/blob/81b70faff07124ffb2aa019e9105a7f6c5e8d5ca/source/StigData/Processed/WindowsServer-2022-MS-2.5.xml#L5529 and https://github.com/microsoft/PowerStig/blob/81b70faff07124ffb2aa019e9105a7f6c5e8d5ca/source/StigData/Processed/WindowsServer-2022-MS-2.5.xml#L5544

brianwest avatar Oct 31 '25 17:10 brianwest

Please test with V4.27 and Confirm issue has been resolved or not.

I tried with 4.27 and same issue. I have been testing for few days and only stumped on this issue today. Having the same thumbprint issue for Windows 2022. Works well for Windows 2019

RKSelvi avatar Nov 04 '25 16:11 RKSelvi

I believe this should be corrected in the newly release 4.28.0 build. The Thumbprint was missing from XML file as the conversion was incorrect. Updated the XML files to have the completed Thumbprints for both 2.5 and 2.6 XML versions.

Please confirm resolution before Closing Issue.

MrAutomater avatar Dec 05 '25 23:12 MrAutomater

I believe this should be corrected in the newly release 4.28.0 build. The Thumbprint was missing from XML file as the conversion was incorrect. Updated the XML files to have the completed Thumbprints for both 2.5 and 2.6 XML versions.

Please confirm resolution before Closing Issue.

Will test and keep you posted. Thank you

RKSelvi avatar Dec 05 '25 23:12 RKSelvi

I believe this should be corrected in the newly release 4.28.0 build. The Thumbprint was missing from XML file as the conversion was incorrect. Updated the XML files to have the completed Thumbprints for both 2.5 and 2.6 XML versions. Please confirm resolution before Closing Issue.

Will test and keep you posted. Thank you

I updated the PowerSTIG version and gave it a test and now the Thumbprint is not in the error message but the error message still persists. I can test more later and also in Windows 2019. This issue was only in Win 2022

Error message Could not find mandatory property Path. Add this property and try again.

RKSelvi avatar Dec 06 '25 00:12 RKSelvi

Good day!

I believe this is the same error that Selvi having,

Test-DscConfiguration D:\Support\STIG -Verbose VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = TestConfiguration,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. VERBOSE: An LCM method call arrived from computer pkrvmx3r302uk1i with user sid S-1-5-21-1616886967-2572171649-1638228303-500. VERBOSE: [pkrvmx3r302uk1i]: LCM: [ Start Compare ] VERBOSE: [pkrvmx3r302uk1i]: LCM: [ FAILEDCompare ] Completed processing compare operation. The operation returned False. Could not find mandatory property Path. Add this property and try again. + CategoryInfo : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException + FullyQualifiedErrorId : MI RESULT 6 + PSComputerName : localhost

VERBOSE: Operation 'Invoke CimMethod' complete. VERBOSE: Time taken for configuration job to complete is 2.108 seconds

JeffZhu-E2006182 avatar Dec 08 '25 08:12 JeffZhu-E2006182

Windows 2019 is good with PowerSTIG 4.28, but Windows 2022 still has the problem

Error message Could not find mandatory property Path. Add this property and try again.

RKSelvi avatar Dec 08 '25 22:12 RKSelvi

I can repro the error. I am using a tool I wrote to look for issues with the MOF and it looks like we have NULL paths for 2 rules.

Image

The tool is an exe written in c# (.net required) and allows you to view the contents of a MOF. If you are interested in the tool, here is the link, there is a compiled x64 exe under releases.

https://github.com/MrasmussenGit/MofInspector

I also have a PowerStigConverter UI that is a work in progress, I haven't published an exe yet.

MrasmussenGit avatar Dec 10 '25 15:12 MrasmussenGit

@MrAutomater, I can add some testing to the Azure Pipeline to ensure a configuration that includes each DSC resource being updated is tested by generating a MOF and running Test-DscConfiguration on it. Is that something you'd be interested in?

brianwest avatar Dec 10 '25 17:12 brianwest

@brianwest Feel free to make the updates to the pipelines. Once you submit your PR, please add @MrasmussenGit and myself, @MrAutomater, as reviewers.

Thanks for helping make PowerStig better!

MrAutomater avatar Dec 10 '25 17:12 MrAutomater

After further troubleshooting, we have decided to change V-254444 to a Manual/Skipped rule. To workaround the error add it to your skipped section

    #SkipRule    = @('V-254353', 'V-254354','V-254444')

This rule will need to be set manually after your automated rules are set.

The updated files are in the MrAutomater#1472 Branch if you want to just copy them to your local PowerStig 4.28.0 module. I will try to get a 4.28.1 out in the next week or so.

MrAutomater avatar Dec 11 '25 19:12 MrAutomater

After further troubleshooting, we have decided to change V-254444 to a Manual/Skipped rule. To workaround the error add it to your skipped section

    #SkipRule    = @('V-254353', 'V-254354','V-254444')

This rule will need to be set manually after your automated rules are set.

The updated files are in the MrAutomater#1472 Branch if you want to just copy them to your local PowerStig 4.28.0 module. I will try to get a 4.28.1 out in the next week or so.

Thank you

RKSelvi avatar Dec 11 '25 19:12 RKSelvi

After further troubleshooting, we have decided to change V-254444 to a Manual/Skipped rule. To workaround the error add it to your skipped section

    #SkipRule    = @('V-254353', 'V-254354','V-254444')

This rule will need to be set manually after your automated rules are set.

The updated files are in the MrAutomater#1472 Branch if you want to just copy them to your local PowerStig 4.28.0 module. I will try to get a 4.28.1 out in the next week or so.

Thanks and skipped those rule helped out. deploy to 2022 succussed.

JeffZhu-E2006182 avatar Dec 12 '25 08:12 JeffZhu-E2006182

I added skip rules also and windows 2022 succeeded. Will wait for 4.28.1 before moving to Prod. Thank you.

RKSelvi avatar Dec 12 '25 16:12 RKSelvi