Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resource Computer: Error 0x80041033 when VM joins AD domain #353

Open
Yvand opened this issue Jan 12, 2021 · 2 comments
Open

Resource Computer: Error 0x80041033 when VM joins AD domain #353

Yvand opened this issue Jan 12, 2021 · 2 comments
Labels
needs investigation The issue needs to be investigated by the maintainers or/and the community.

Comments

@Yvand
Copy link

Yvand commented Jan 12, 2021

Details of the scenario you tried and the problem that is occurring

This problem happens only with the SharePoint public images of Azure:
When resource "Computer" joins the VM to the domain, this error systematically occurs just after resource completes:
"The WS-Management service cannot process the request. The WMI service or the WMI provider returned an unknown error: HRESULT 0x80041033"

Verbose logs showing the problem

Notice that the error is not in resource Computer, but just after:

VERBOSE: [2021-01-12 15:32:34Z] [VERBOSE] [SP1]: LCM:  [ Start  Set      ]  [[Computer]JoinDomain]
VERBOSE: [2021-01-12 15:32:34Z] [VERBOSE] [SP1]:                            [[Computer]JoinDomain] Setting computer state for 'SP1'.
VERBOSE: [2021-01-12 15:32:34Z] [VERBOSE] [SP1]:                            [[Computer]JoinDomain] Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\cimv2,'className' = Win32_ComputerSystem'.
VERBOSE: [2021-01-12 15:32:34Z] [VERBOSE] [SP1]:                            [[Computer]JoinDomain] Operation 'Enumerate CimInstances' complete.
VERBOSE: [2021-01-12 15:32:34Z] [WARNING] [SP1]:                            [[Computer]JoinDomain] The changes will take effect after you restart the computer SP1.
VERBOSE: [2021-01-12 15:32:35Z] [VERBOSE] [SP1]:                            [[Computer]JoinDomain] Added computer to domain 'contoso.local'.
VERBOSE: [2021-01-12 15:32:35Z] [VERBOSE] [SP1]: LCM:  [ End    Set      ]  [[Computer]JoinDomain]  in 1.7970 seconds.
VERBOSE: [2021-01-12 15:32:35Z] [VERBOSE] [SP1]: LCM:  [ End    Resource ]  [[Computer]JoinDomain]
VERBOSE: [2021-01-12 15:32:41Z] [ERROR] The WS-Management service cannot process the request. The WMI service or the 
WMI provider returned an unknown error: HRESULT 0x80041033 
VERBOSE: [2021-01-12 15:32:41Z] [VERBOSE] Operation 'Invoke CimMethod' complete.
VERBOSE: [2021-01-12 15:32:41Z] [VERBOSE] Time taken for configuration job to complete is 497.2 seconds
VERBOSE: [2021-01-12 15:32:42Z] Settings handler status to 'transitioning' 

Suggested solution to the issue

I found a dirty workaround that works 90% of the time:
I edited function Set-TargetResource in DSC_Computer.psm1 to add the following if this is a SharePoint VM:

  • Add "Restart" to cmdlet Add-Computer
  • Set the flag "$global:DSCMachineStatus = 1"

The DSC configuration that is used to reproduce the issue (as detailed as possible)

It repro every time, merely by joining an AD domain:

Computer JoinDomain
{
	Name       = $ComputerName
	DomainName = $DomainFQDN
	Credential = $DomainAdminCredsQualified
	DependsOn  = "[WaitForADDomain]WaitForDCReady"
}

I made an az cli script that creates a DC and a SP VM and fully repro from scratch:

# Create DC VM and SP VM
read -s -p "Type your password: " password
resourceGroupName="ydcli1"
adminUserName=yvand
dcip="10.0.0.4"
vmName=DC

az group create --name $resourceGroupName --location "west europe"
az vm create -g $resourceGroupName --name ${vmName} --os-disk-name "${vmName}-Disk-OS" --size Standard_D2_v3 \
  --image "MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest" --private-ip-address $dcip --public-ip-address "" \
  --admin-username $adminUserName --admin-password $password
az vm extension set -g $resourceGroupName --vm-name $vmName --name DSC --publisher Microsoft.Powershell --version 2.9  \
  --settings '{"ModulesURL": "https://github.com/Yvand/AzureRM-Templates/raw/bug-join-domain/Templates/DTL-SharePoint-AllVersions-light/dsc/ConfigureDCVM.zip", "configurationFunction": "ConfigureDCVM.ps1\\ConfigureDCVM", "Properties": {"domainFQDN": "contoso.local", "PrivateIP": "'${dcip}'", "ConfigureADFS": 0 } }' \
  --protected-settings '{"Properties": {"AdminCreds": {"UserName": "'${adminUserName}'", "Password": "'${password}'" }, "AdfsSvcCreds": {"UserName": "'${adminUserName}'", "Password": "'${password}'" }}}' --no-wait

vmName=SP1
az vm create -g $resourceGroupName --name ${vmName} --os-disk-name "${vmName}-Disk-OS" --size Standard_D2_v3 \
  --image "MicrosoftSharePoint:MicrosoftSharePointServer:sp2019:1.0.2" \
  --admin-username $adminUserName --admin-password $password
az vm extension set -g $resourceGroupName --vm-name $vmName --name DSC --publisher Microsoft.Powershell --version 2.9  \
  --settings '{"ModulesURL": "https://github.com/Yvand/AzureRM-Templates/raw/bug-join-domain/Templates/DTL-SharePoint-AllVersions-light/dsc/ConfigureSPVM.zip", "configurationFunction": "ConfigureSPVM.ps1\\ConfigureSPVM", "Properties": {"domainFQDN": "contoso.local", "DNSServer": "'${dcip}'" } }' \
  --protected-settings '{"Properties": {"DomainAdminCreds": {"UserName": "'${adminUserName}'", "Password": "'${password}'"}}}' --no-wait

The operating system the target node is running

It reproduces on SharePoint 2019/2016/2013 public images of Azure. Below is the output for the SharePoint 2019 VM:

OsName               : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.17763.1007
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.1007
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

ComputerManagementDsc 8.4.0

@Yvand Yvand changed the title Resource Computer: error 0x80041033 when VN joins AD domain Resource Computer: Error 0x80041033 when VM joins AD domain Jan 12, 2021
@PlagueHO PlagueHO added the needs investigation The issue needs to be investigated by the maintainers or/and the community. label Jan 12, 2021
@PlagueHO
Copy link
Member

Hi @Yvand, thanks for submitting this.

The problem with adding the -Restart into the resource is that it will cause the resource to restart the machine - which isn't recommended - it disrupts the DSC LCM. Instead using the $global:DSCMachineStatus = 1 is the recommended approach.

Have you configured your LCM to allow reboots?

Have you tried adding a PendingReboot after the computer rename?

@Yvand
Copy link
Author

Yvand commented Jan 13, 2021

Hi @PlagueHO,

  • I agree it's not a solution, I consider it only a dirty workaround and mentioned it just for information
  • The DSC script works like a charm on any VM except the SharePoint public images. LCM does allow reboots
  • I do have a PendingReboot just after the Computer resource. The normal version of the DSC script is here: https://github.com/Yvand/AzureRM-Templates/blob/master/Templates/DTL-SharePoint-AllVersions-light/dsc/ConfigureSPVM.ps1
  • I created a test branch and tried many combinations before submitting this issue (PendingReboot before, after, both, xScript to force reboot before, after, both), but it never works. The only way I manage to do it is using my dirty workaround...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs investigation The issue needs to be investigated by the maintainers or/and the community.
Projects
None yet
Development

No branches or pull requests

2 participants