Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
WMF 4.0 DSC credential decryption bug in Get-DscConfiguration
@{
ModuleVersion = '1.0'
GUID = '7855f1e0-0012-4f60-8b2a-cb75a761529c'
}
configuration CredEcho
{
Param (
[PSCredential] $cred
)
Import-DscResource -Name JB_CredentialEcho
node $AllNodes.NodeName
{
LocalConfigurationManager
{
CertificateId = $Node.Thumbprint
}
cCredentialEcho Echo1
{
Name = 'Abc'
Credential = $cred
}
cCredentialEcho Echo2
{
Name = 'Abc2'
Credential = $cred
}
}
}
$cd = @{
AllNodes = @(
@{
NodeName = 'localhost'
CertificateFile = '.\cert.cer'
Thumbprint = '7C166D5F031EDD82848E02DB94E3F7A5A166C016'
}
)
}
CredEcho -ConfigurationData $cd -cred (New-Object PSCredential 'DOM\usr',(ConvertTo-SecureString 'xyz' -AsPlainText -Force))
Write-Host 'invoking Set-DscLocalConfigurationManager'
Set-DscLocalConfigurationManager -Path .\CredEcho -ComputerName localhost -Verbose
Write-Host 'invoking Start-DscConfiguration'
Start-DscConfiguration -Path .\CredEcho -ComputerName localhost -Verbose -Wait
Write-Host 'invoking Get-DscConfiguration'
Get-DscConfiguration -Verbose
function Get-TargetResource
{
[CmdletBinding()]
[OutputType([System.Collections.Hashtable])]
param
(
[parameter(Mandatory = $true)]
[System.String]
$Name,
[System.Management.Automation.PSCredential]
$Credential
)
Write-Verbose "Get-TargetResource"
Dump-Credential -c $Credential
return @{
Name = $Name
Credential = $null
}
}
function Set-TargetResource
{
[CmdletBinding()]
param
(
[parameter(Mandatory = $true)]
[System.String]
$Name,
[System.Management.Automation.PSCredential]
$Credential
)
Write-Verbose "Set-TargetResource"
Dump-Credential -c $Credential
}
function Test-TargetResource
{
[CmdletBinding()]
[OutputType([System.Boolean])]
param
(
[parameter(Mandatory = $true)]
[System.String]
$Name,
[System.Management.Automation.PSCredential]
$Credential
)
Write-Verbose "Test-TargetResource"
Dump-Credential -c $Credential
return $false
}
function Dump-Credential([System.Management.Automation.PSCredential] $c)
{
if ($c -eq $null) {
Write-Warning "credential is null"
} else {
$nc = $c.GetNetworkCredential()
Write-Warning "credential: Domain [$($nc.Domain)] UserName [$($nc.UserName)] Password [$($nc.Password)]"
}
}
Export-ModuleMember -Function *-TargetResource
[ClassVersion("1.0.0.0"), FriendlyName("cCredentialEcho")]
class JB_CredentialEcho : OMI_BaseResource
{
[Key] string Name;
[Write, EmbeddedInstance("MSFT_Credential")] String Credential;
};
PS C:\Users\Administrator> .\config.ps1
Directory: C:\Users\Administrator\CredEcho
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 2016-03-18 11:11 3646 localhost.mof
-a--- 2016-03-18 11:11 872 localhost.meta.mof
invoking Set-DscLocalConfigurationManager
VERBOSE: Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target
"MSFT_DSCLocalConfigurationManager".
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' =
SendMetaConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer JB-S13T01 with user sid
S-1-5-21-2982317268-1144194326-3473732824-500.
VERBOSE: [JB-S13T01]: LCM: [ Start Set ]
VERBOSE: [JB-S13T01]: LCM: [ Start Resource ] [MSFT_DSCMetaConfiguration]
VERBOSE: [JB-S13T01]: LCM: [ Start Set ] [MSFT_DSCMetaConfiguration]
VERBOSE: [JB-S13T01]: LCM: [ End Set ] [MSFT_DSCMetaConfiguration] in 0.3600 seconds.
VERBOSE: [JB-S13T01]: LCM: [ End Resource ] [MSFT_DSCMetaConfiguration]
VERBOSE: [JB-S13T01]: LCM: [ End Set ] in 0.5070 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Set-DscLocalConfigurationManager finished in 0.904 seconds.
invoking Start-DscConfiguration
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' =
SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer JB-S13T01 with user sid
S-1-5-21-2982317268-1144194326-3473732824-500.
VERBOSE: [JB-S13T01]: LCM: [ Start Set ]
VERBOSE: [JB-S13T01]: LCM: [ Start Resource ] [[cCredentialEcho]Echo1]
VERBOSE: [JB-S13T01]: LCM: [ Start Test ] [[cCredentialEcho]Echo1]
VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo1] Test-TargetResource
WARNING: [JB-S13T01]: [[cCredentialEcho]Echo1] credential: Domain [DOM] UserName [usr]
Password [xyz]
VERBOSE: [JB-S13T01]: LCM: [ End Test ] [[cCredentialEcho]Echo1] in 0.1880 seconds.
VERBOSE: [JB-S13T01]: LCM: [ Start Set ] [[cCredentialEcho]Echo1]
VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo1] Set-TargetResource
WARNING: [JB-S13T01]: [[cCredentialEcho]Echo1] credential: Domain [DOM] UserName [usr]
Password [xyz]
VERBOSE: [JB-S13T01]: LCM: [ End Set ] [[cCredentialEcho]Echo1] in 0.0150 seconds.
VERBOSE: [JB-S13T01]: LCM: [ End Resource ] [[cCredentialEcho]Echo1]
VERBOSE: [JB-S13T01]: LCM: [ Start Resource ] [[cCredentialEcho]Echo2]
VERBOSE: [JB-S13T01]: LCM: [ Start Test ] [[cCredentialEcho]Echo2]
VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo2] Test-TargetResource
WARNING: [JB-S13T01]: [[cCredentialEcho]Echo2] credential: Domain [DOM] UserName [usr]
Password [xyz]
VERBOSE: [JB-S13T01]: LCM: [ End Test ] [[cCredentialEcho]Echo2] in 0.0310 seconds.
VERBOSE: [JB-S13T01]: LCM: [ Start Set ] [[cCredentialEcho]Echo2]
VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo2] Set-TargetResource
WARNING: [JB-S13T01]: [[cCredentialEcho]Echo2] credential: Domain [DOM] UserName [usr]
Password [xyz]
VERBOSE: [JB-S13T01]: LCM: [ End Set ] [[cCredentialEcho]Echo2] in 0.0310 seconds.
VERBOSE: [JB-S13T01]: LCM: [ End Resource ] [[cCredentialEcho]Echo2]
VERBOSE: [JB-S13T01]: LCM: [ End Set ] in 0.6316 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.642 seconds
invoking Get-DscConfiguration
VERBOSE: An LCM method call arrived from computer JB-S13T01 with user sid
S-1-5-21-2982317268-1144194326-3473732824-500.
VERBOSE: [JB-S13T01]: LCM: [ Start Get ]
VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo1] Get-TargetResource
WARNING: [JB-S13T01]: [[cCredentialEcho]Echo1] credential: Domain [DOM] UserName [usr]
Password [xyz]
VERBOSE: [JB-S13T01]: LCM: [ End Get ] [[cCredentialEcho]Echo1] in 0.0000 seconds.
Get-DscConfiguration : Decryption failed.
At C:\Users\Administrator\config.ps1:41 char:1
+ Get-DscConfiguration -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get
-DscConfiguration], CimException
+ FullyQualifiedErrorId : Windows System Error -2146893819,Get-DscConfiguration
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.