Windows Server 2019 V2R1 V-205763 generating an exception

[BlackbirdSR71Est]

Hi,

I have a system that some users are being assigned in the policy "Lock pages in memory" under User Rights Assignment and this probably violates the STIG rule. My expectation is that the DSC should flag this as non-compliant after the application but instead I am getting a "failed" status in the Azure portal. The error message being returned is:

PowerShell DSC resource MSFT_UserRightsAssignment failed to execute Set-TargetResource functionality with error message: Could not convert Identity: NULL to SID

Details:

{
"Exception": {
"Message": "PowerShell DSC resource MSFT_UserRightsAssignment failed to execute Set-TargetResource functionality with error message: Could not convert Identity: NULL to SID ",
"Data": {

                           },
                  "InnerException":  {
                                         "ErrorRecord":  "Could not convert Identity: NULL to SID",
                                         "WasThrownFromThrowStatement":  true,
                                         "Message":  "Could not convert Identity: NULL to SID",
                                         "Data":  "System.Collections.ListDictionaryInternal",
                                         "InnerException":  "System.Management.Automation.RuntimeException: Could not convert Identity: NULL to SID",
                                         "TargetSite":  "System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject] Invoke(System.Collections.IEnumerable)",
                                         "StackTrace":  "   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)\r\n   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)\r\n   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)\r\n   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)\r\n   at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd, List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration, LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32\u0026 resultStatusHandle, Collection`1\u0026 result, ErrorRecord\u0026 errorRecord, PSModuleInfo localRunSpaceModuleInfo)",
                                         "HelpLink":  null,
                                         "Source":  "System.Management.Automation",
                                         "HResult":  -2146233087
                                     },
                  "TargetSite":  null,
                  "StackTrace":  null,
                  "HelpLink":  null,
                  "Source":  null,
                  "HResult":  -2146233079
              },
"TargetObject":  null,
"CategoryInfo":  {
                     "Category":  7,
                     "Activity":  "",
                     "Reason":  "InvalidOperationException",
                     "TargetName":  "",
                     "TargetType":  ""
                 },
"FullyQualifiedErrorId":  "ProviderOperationExecutionFailure",
"ErrorDetails":  null,
"InvocationInfo":  null,
"ScriptStackTrace":  null,
"PipelineIterationInfo":  [

                          ]

}

[erjenkin]

Hello @BlackbirdSR71Est ,

Can you please provide us a copy of your config and the offending rule, so we can investigate further?

Thank you,

Eric

[BlackbirdSR71Est]

Eric,

Here is the organization file we are using and the Powershell script we use to generate the MOF file. After the MOF file is generated, it will then uploaded to Azure portal and apply to the Windows 2019 server. The error happens when the rule V-205763 is being violated. See https://www.stigviewer.com/stig/microsoft_windows_server_2019/2020-10-26/finding/V-205763.
PowerSTIG Bug Report.zip
Hope this help