-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing IISSelfSignedCertModule.dll on Windows 2012 R2/PS4 #511
Comments
Adding a key piece of information that I forgot. Here's the directory where this file should be on the problem server (Win 2012 R2 / PS 4).
Here's the same directory on the server that works (Win 2016 / PS 5.1):
|
@tmeckel , you're currently working some IISSelfSignedCertModule related Issues. Do you know anything about where this DLL comes from, and if we should expect it on a machine with only PS4? |
@mhendric I can only say that you have to install the windows featre Aside this, I discovered some deficiencies with that IIS module, while I was working on PR #507 and how it's provided (Windows Feature) and how it's activated in IIS using MSFT_xDSCWebService. I'll describe my findings when I'm done with refactoring the code and the Unit Tests for MSFT_xDSCWebService in PR #507 |
Okay I made a quick check on a VM. Seems to me we do have an issue here because the DLL is not installed by the |
Thanks @tmeckel . Good to know I'm not crazy (or at least not the owner of bad virtual machines). Sounds like this is a bug to me then. I guess we just need to figure out what to do about it. Do we update the module to not check for IISSelfSignedCertModule.dll, and if so, what are the implications of that (there had to have been a good reason that the check was added in the first place)? And this definitely makes me wonder what else is broken in this module for PowerShell 4... |
@mhendric As I already said, while I was working on this module here I discovered not only issues how this particular DLL is handled but I also commented on #468 about that I discovered some bugs how the X.509 certificate for the pull/compliance service is handled. To me this module seems to have multiple issues that has to be sorted. |
Oh and in contrast to my statement in #511 (comment) that MSFT_xDSCWebService.psm1 has been "erroneously" copied over from PSDscResources I discovered that xPSDesiredStateConfiguration is the only DSC Resource which contains support for setting up a local pull server. This implies that xPSDesiredStateConfiguration wasn't only created for Powershell 4 support. Quite confusing situation here with these two DSC Resources |
@tmeckel , thanks for all the research on this! This definitely is a confusing situation. I think this one probably needs to be discussed during the next community call, especially as it relates to #522. @PlagueHO , I think you have a list of items to discuss in the next call. Can you track this one? |
@mhendric how do we proceed here? From my point of view we can't leave the code as is because this would create errors on Windows 2012 servers as you already noticed. On the other hand, how likely is it that people deploy a Pull Server on such an old infrastructure? But this is the same discussion we already had about supporting PowerShell 4. |
Hey @tmeckel . So... I'm still wondering why this module was made to be a requirement at some point. At one point in the xPSDesiredStateConfiguration lifetime, it was definitely possible to deploy a pull server on Windows 2012 R2 and PS4, which implies IISSelfSignedCertModule wasn't always a requirement. Maybe we can find which PR introduced this and then look at the comments. Perhaps it isn't really necessary for PS4 after all. Or maybe the Compliance server (you referenced above) doesn't support PS4. Also, if we can find the last build that this worked on PS4 in, we could potentially just add a version check for PS4 when this code is invoked, and say that this code is no longer supported on PS4, use ### build instead. At least according to this article, DSC Pull Server is only supported on PS5 or higher (although there's a reference in the same article to WMF4 databases, so I don't know how true this really is). But if the PowerShell team doesn't support the Pull Server on PS4 any more, I'm not sure why we should continue supporting it in this module. Adding @mgreenegit in case he knows some history on this. |
@mhendric the situation around the Pull Server is unsatisfying in many ways. First we have this issue here where we don't know what's supported on what platform and why code has been introduced. Secondly the PowerShell team decided to stop adding new features to the local Pull Server implementation in favor for Azure Automation DSC. The decision perfectly fits into the strategy of Microsoft and is thus understandable because you've to decide what things to follow with limited resources. Or you look at Microsoft's strategy to compel people to move on premises resources to Azure when you analyze the pricing model behind Azure Automation DSC, where you can add on premises servers but you've to pay at least $5 monthly for every server, where in contrast Azure VMs are at no charge. My personal biggest issue around this decision is that the PowerShell team (or whoever wrote that section in the documentation) refers to two opensource projects on Github, as a replacement for an on premises installation, which are actually dead:
That leads me to the more or less sarcastic question: why should we put much effort in this DSC Resource anymore? Okay just kidding. But nevertheless we should keep in mind that when we work on |
Interesting observations @tmeckel . I don't think this technology is dead, but it definitely appears to be deprecated. That's stated in the very first paragraph of the document we linked. Which does beg the question, how much effort do we want to spend on something Microsoft plans to cut support for? Perhaps this is another community call discussion. Tagging @PlagueHO and @johlju for thoughts in the meantime. I do still see value for many of the other resources in this module, especially since this module can accept breaking changes and PSDSCResources can't. But I'm willing to have a hard conversation around the module as a whole. |
@mhendric you misunderstood in some way. When I said we must outweigh the efforts we put "... in this DSC Resource ..." I only meant xDSCWebService not the complete DSC module. The DSC module as a whole will and definitely can provide much help for people using DSC! To make it clear: I doubt we should put much effort in the Pull Server thing here on the long run because Microsoft abandoned supporting on premises installation in favor of Azure Automation DSC. |
Hey @tmeckel , no problem. A related comment on this is that we should probably test if xDSCWebService works on Windows Server 2019. If it does, then DSC Pull Server is probably not going away anytime soon. We should probably also start testing the Module as a whole on 2019 to see what works and what doesn't. |
I'm working on #506, and trying to do some manual integration testing by setting up a DSC pull server. My configuration script works just fine on my Windows 2016 / PS 5.1 server, but fails with the below error on my Windows 2012 R2 / PS 4 server. I cannot find IISSelfSignedCertModule.dll anywhere on the machine. Can someone tell me where this comes from and how I can install it?
Error:
Cannot find path 'C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PullServer\IISSelfSignedCertModule.dll' because it does not exist.
OS: Windows 2012 R2 (6.3 Build 9600)
$psversiontable
Name Value
PSVersion 4.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.42000
BuildVersion 6.3.9600.19170
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion 2.2
IIS Features:
Script
Output:
The text was updated successfully, but these errors were encountered: