PowerStig icon indicating copy to clipboard operation
PowerStig copied to clipboard
verified publisher icon microsoft

Error compiling configuration on Windows Server 2012R2

Open sabanichev opened this issue 6 years ago • 2 comments

Based on documentation, trying to compile the following configuration on the following environment OS: Windows Server2012R2 PowerStig version: 3.2.0

configuration Example
{
    param
    (
        [parameter()]
        [string]$NodeName = 'localhost'
    )

    Import-DscResource -ModuleName PowerStig
    
    Node $NodeName
    {
        WindowsServer BaseLine
        {
            OsVersion   = '2012R2'
            OsRole      = 'MS'
            StigVersion = '2.12'
        }
    }
}

Example -OutputPath C:\dev

and see the following error:

PSDesiredStateConfiguration\Configuration : The property '' cannot be found on this object. Verify that the property exists and can be set.
At C:\Program Files\WindowsPowerShell\Modules\PowerSTIG\3.2.0\DSCResources\WindowsServer\WindowsServer.schema.psm1:39 char:1
+ Configuration WindowsServer
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Configuration], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : PropertyAssignmentException,Configuration
 
Compilation errors occurred while processing configuration 'Example'. Please review the errors reported in error stream and modify your configuration code appropriately.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3917 char:5
+     throw $ErrorRecord
+     ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Example:String) [], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessConfiguration

With PowerStig module version 2.4.0.0 this example working as expected on Windows Server 2012R2

Also, version 3.2.0 could be compiled successfully to mof file on Windows 10

sabanichev avatar Jul 11 '19 11:07 sabanichev

@sabanichev can you provide the link where you got that example. I can't find that example any place in the wiki. However, try specifying a forest and domain name like in this example

jcwalker avatar Jul 18 '19 19:07 jcwalker

I've seen this same issue on 2012R2, running the WindowsServer example above and others, like https://github.com/Microsoft/PowerStig/wiki/Office (one change needed here was to update the PowerStig ModuleVersion to 3.3.0).

After some debugging, there appears to be an issue in Module\Rule\Rule.psm1 - in the hidden GetOverrideValue() function. The call to [regex]::Matches returns a malformed Groups value which will not provide the right $exceptionProperty value.

I was running this same example on Windows Server 2012 R2 (Powershell version 5.1.14409) and Windows 10 (Powershell version 5.1.16299) side-by-side and it was clearly the return value from the Matches expression which was different and the source of the problem on WS2012R2.
The problematic expression: [regex]::Matches( (Get-Content -path $baseclassPath -raw), $exceptionPropertyTag)

I made some changes to Rule.psm1 and was able to get past this issue Original code snippet:

$exceptionProperty = [regex]::Matches(
        (Get-Content -path $baseclassPath -raw), $exceptionPropertyTag
        ).Groups.Where( {$_.Name -eq 'ExceptionValue'}).Value

Changed to:

$content = Get-Content -Path $baseclassPath -Raw
$exceptionProperty = 'No Rule Exception Found'
if ($content -match $exceptionPropertyTag)
{
     $exceptionProperty = $Matches.ExceptionValue
}

dubswalker1 avatar Sep 04 '19 16:09 dubswalker1