WaitforADDomain: Throws an error when credentials are missing

[ghost]

Details of the scenario you tried and the problem that is occurring

Running setup of an environment with Domain Controller and couple Windows nodes that should join the domain after it exist. I use WaitforADDomain to wait for Domain controller to boot and then Computer from ComputerManagementDsc renames the server and join the domain under the credentials I provided (the Administrator account is created in the Domain Controller during its boot.
When the domain exists, it finds it but probably the user which is specified in $Credential in Computer resource doesn't exist yet and the log show "The user name or password is incorrect". I tried moving the ADUser creation right after the domain creation but still getting this error (in the previous version this worked as there seemed to be bigger delay before the node discovered the domain?).
What is very weird is after this error, DSC fails with The SendConfigurationApply function did not succeed but after 1-2 minutes the nodes actually reboots and joins the domain and the configuration is finished is successful (everything is installed/setup after the reboot).

Verbose logs showing the problem

[EC2AMAZ-CNTCG1V]:                            [[WaitForADDomain]ForestWait] The Active Directory context will be 
accessed using the 'xxxx\yyyyyy' credentials. (ADCOMMON0048)
Exception calling "FindOne" with "1" argument(s): "The user name or password is incorrect.
"
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : AuthenticationException,Find-DomainControllerFindOneWrapper
    + PSComputerName        : localhost

The machine EC2AMAZ-CNTCG1V successfully joined the domain yyyy-xxxx.local.

Test-DscConfiguration reports True

PS C:\Users\Administrator> Test-DscConfiguration
True

Suggested solution to the issue

N/A

The DSC configuration that is used to reproduce the issue (as detailed as possible)

ADDomain FirstDS
        {
         DomainName = $InternalDomain
         Credential = $default_creds
         SafemodeAdministratorPassword = $restore_credential
         DatabasePath = 'C:\NTDS'
         LogPath = 'C:\NTDS'
         DependsOn = "[WindowsFeature]ADDSInstall"
        }

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

PS 6 is installed

PS C:\Users\Administrator> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17763.592
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.592
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

new ActiveDirectoryDsc 4.0.0.0

[johlju]

Thanks for reporting this issue! 🙂 So something changed in the refactor version that gave you this error, it was rebuilt from the ground up, so something might have been overlooked. 🤔 I'm having a little difficulty following your description of the problem without the full configuration, can you please provide the full configuration you are using? They could help to reproduce the issue, or see if we can add a new integration test.
Also, preferably full verbose logs of when the error happens? Please obfuscate any sensitive information. If the logs are long, then please submit them into a gist.

[johlju]

I sounds like you have two configurations, one for the DC and one for a client/server? Please provide both configurations.

[ghost]

I will try to explain the configuration and then will add the configuration itself.

Yes, I am doing one PS DSC config on Domain Controller, in the meantime there are 4 other windows servers booting with PS DSC.
The client nodes are doing some basic configuration and when they need to join the domain, they use WaitForADDomain to wait for the Domain Controller to finish its setup. After WaitForADDomain confirms the domain, they join the domain and reboot (as I rename them while joining the domain with Computer resource).
The user I use in Credential in Computer resource is created in Domain Controller PS DSC configuration, so I suspect the client server might try to join the domain before this user is created on the Domain Controller. This worked with previous version - it seemes the previous version of WaitForADDomain was slower to detect the domain. That's issue number 1.

After the previous happens and the log of the client (waiting for the domain to become available) configuration reports:

[EC2AMAZ-CNTCG1V]:                            [[WaitForADDomain]ForestWait] The Active Directory context will be 
accessed using the 'YYYYY\XXXXX' credentials. (ADCOMMON0048)
Exception calling "FindOne" with "1" argument(s): "The user name or password is incorrect.
"
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : AuthenticationException,Find-DomainControllerFindOneWrapper
    + PSComputerName        : localhost

The configuration fails with:

The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost
 
Operation 'Invoke CimMethod' complete.
Time taken for configuration job to complete is 631.572 seconds

The client suddenly reboots, it renames itself, joins the domain and completes the DSC configuration, so it looks like even the configuration failed, there is still something configuration running. I didn't check Get-DscLocalConfigurationManager if it's still running or what happens before the reboot yet - will do that tomorrow.

I will provide the full configurations now.

[ghost]

DCconfig (removed some configuration about users and DNS as it was too long and not relevant):

param (
   [Parameter(Mandatory=$true)]
   [string]$InternalDomain,
   [Parameter(Mandatory=$true)]
   [string]$ClientDomainExternal,
   [Parameter(Mandatory=$true)]
   [string]$DomainAdminUsername,
   [Parameter(Mandatory=$true)]
   [string]$DomainAdminPassword
)

$restorepassw = "xxxxxx" | ConvertTo-SecureString -asPlainText -Force
$username = "xxxx"
[PSCredential] $restore_credential = New-Object System.Management.Automation.PSCredential($username,$restorepassw)

# Cutting off '.local'
$NetBIOSName = $InternalDomain.Split(".")[0]
$Env_Name = $NetBIOSName.Split("-")[1]

# Domain Admin which is used for joining the domain
$default_username = "$($NetBIOSName)\$($DomainAdminUsername)"
$default_password = $DomainAdminPassword | ConvertTo-SecureString -asPlainText -Force
[PSCredential]$default_creds = New-Object System.Management.Automation.PSCredential($default_username,$default_password)

$InterfaceAlias = (Get-NetIPConfiguration | Select-Object InterfaceAlias).InterfaceAlias
$PrivateIPAddress = (Invoke-WebRequest -Uri http://169.254.169.254/latest/meta-data/local-ipv4).Content
$DefaultGateway = (Get-NetIPConfiguration | ForEach-Object IPv4DefaultGateway).NextHop

Configuration DomainController1 {
Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName NetworkingDsc
Import-DscResource -ModuleName cChoco
Import-DscResource -ModuleName ComputerManagementDsc
Import-DscResource -ModuleName ActiveDirectoryDsc
Import-DscResource -ModuleName xPendingReboot
Import-DscResource -ModuleName xDnsServer

    Node 'localhost' {
        LocalConfigurationManager
        {
            ActionAfterReboot = 'ContinueConfiguration'
            ConfigurationMode = 'ApplyandMonitor'
            RebootNodeIfNeeded = $true
            ConfigurationModeFrequencyMins = 15 # 15 is minimum
        }
        cChocoInstaller InstallChoco
        {
            InstallDir = "c:\setup\choco"
        }
        cChocoPackageInstaller 7zip
        {
            Name                 = '7zip'
            Ensure               = 'Present'
            DependsOn            = '[cChocoInstaller]installChoco'
        }
        cChocoPackageInstaller NPP
        {
            Name                 = 'notepadplusplus'
            Ensure               = 'Present'
            DependsOn            = '[cChocoInstaller]installChoco'
        }
        IPAddress NewIPv4Address
        {
            IPAddress      = $PrivateIPAddress
            InterfaceAlias = $InterfaceAlias
            AddressFamily  = 'IPV4'
        }
        DNSServerAddress DNS
        {
            AddressFamily = 'ipv4'
            InterfaceAlias = $InterfaceAlias
            Address          = '127.0.0.1'
            DependsOn = '[IPAddress]NewIPv4Address'
        }
        DefaultGatewayAddress SetVPCsubnetGW
        {
            Address        = $DefaultGateway
            InterfaceAlias = $InterfaceAlias
            AddressFamily  = 'IPv4'
        }
        Computer NewNameandDomain
        {
            Name          = "$($NetBIOSName)-dc1"
        }
        WindowsFeature DNS
        {
            Ensure = "Present"
            Name = "DNS"
            IncludeAllSubFeature = $True
        }
        File NTDSFolder
        {
        DestinationPath = 'C:\NTDS'
        Type = 'Directory'
        Ensure = 'Present'
        }
        WindowsFeature ADDSInstall
        {
            Ensure = "Present"
            Name = "AD-Domain-Services"
            DependsOn = "[File]NTDSFolder"
        }
        ADDomain FirstDS
        {
         DomainName = $InternalDomain
         Credential = $default_creds
         SafemodeAdministratorPassword = $restore_credential
         DatabasePath = 'C:\NTDS'
         LogPath = 'C:\NTDS'
         DependsOn = "[WindowsFeature]ADDSInstall"
        }
#########Admins###########
        ADOrganizationalUnit Users
        {
        Name = "$($NetBIOSName) Users"
        Path = "DC=$($NetBIOSName),DC=local"
        Ensure = 'Present'
        ProtectedFromAccidentalDeletion = $false
        DependsOn = "[ADDomain]FirstDS"
        }
        ADUser xxxxx-Admin #Creating account for domain joining first
        {
        DependsOn = "[ADOrganizationalUnit]Users"
        DomainName = $InternalDomain
        UserName = 'xxxxx-Admin'
        Password = $default_creds
        Ensure = 'Present'
        Path = "OU=$($NetBIOSName) Users,DC=$($NetBIOSName),DC=local"
        PasswordNeverExpires = $true
        PasswordNeverResets = $true
        }
        ADGroup DomainAdmins
        {
        DependsOn = "[ADOrganizationalUnit]Users"
        GroupName = 'Domain Admins'
        MembersToInclude = @('xxxxx')
        }
        FirewallProfile Private
        {
            Name = "Private"
            Enabled = 'False'
        }
        FirewallProfile Public
        {
            Name = "Public"
            Enabled = 'False'
        }
        FirewallProfile Domain
        {
            Name = "Domain"
            Enabled = 'False'
        }
        WindowsFeature RSAT-AD-AdminCenter
        {
        Name = 'RSAT-AD-AdminCenter'
        Ensure = 'Present'
        DependsOn = "[WindowsFeature]ADDSInstall"
        }
        WindowsFeature RSATDNSTools
        {
        Name = 'RSAT-DNS-Server'
        Ensure = 'Present'
        }
        ADReplicationSite 'AZ1'
        {
           Ensure = 'Present'
           Name   = 'AZ1'
        }
        ADReplicationSite 'AZ2'
        {
           Ensure = 'Present'
           Name   = 'AZ2'
        }
        ADReplicationSubnet 'Webfacing1'
        {
           Ensure = 'Present'
           Name   = '192.168.100.0/24'
           Site = 'AZ1'
        }
        ADReplicationSubnet 'Webfacing2'
        {
           Ensure = 'Present'
           Name   = '192.168.10.0/24'
           Site = 'AZ2'
        }
        ADReplicationSubnet 'DCsubnet1'
        {
           Ensure = 'Present'
           Name   = '192.168.0.0/24'
           Site = 'AZ1'
        }
        ADReplicationSubnet 'DCsubnet2'
        {
           Ensure = 'Present'
           Name   = '192.168.110.0/24'
           Site = 'AZ2'
        }
        ADDomainController 'DC1config'
        {
        DomainName = $InternalDomain
        SiteName = 'AZ1'
        DependsOn =  '[ADReplicationSite]AZ1'
        Credential = $default_creds
        SafemodeAdministratorPassword = $restore_credential
        }
######Groups#########
        ADGroup EnterpriseAdmins
        {
        GroupName = 'Enterprise Admins'
        MembersToInclude = @('xxxxx')
        }
        ADGroup SchemaAdmins
        {
        GroupName = 'Schema Admins'
        MembersToInclude = @('xxxxx')
        }
        ADGroup RDGAuthorizedUsers
        {
        GroupName = 'RDG Authorized Users'
        MembersToInclude = @('xxxxx')
        }
        WaitForADDomain ForestWait
        {
            DomainName = $InternalDomain
            WaitTimeout = 900
            Credential = $default_creds
            DependsOn = "[DNSServerAddress]DNS"
        }
        xPendingReboot Reboot1
        {
            Name = "RebootServer"
            DependsOn = "[WaitForADDomain]ForestWait"
        }
        }
}
$cd = @{
    AllNodes = @(
        @{
            NodeName = 'localhost'
            PSDscAllowPlainTextPassword = $true
        }
    )
}

        DomainController1 -ConfigurationData $cd
        Set-DSCLocalConfigurationManager -Path .\DomainController1 -Verbose
        Start-DscConfiguration -Wait -Force -Path .\DomainController1 -Verbose

[ghost]

1 client node configuration:

param (
    [Parameter(Mandatory=$true)]
    [string]$InternalDomain,
    [Parameter(Mandatory=$true)]
    [string]$OctopusApiKey,
    [Parameter(Mandatory=$true)]
    [string]$DomainAdminUsername,
    [Parameter(Mandatory=$true)]
    [string]$DomainAdminPassword
 )

$NetBIOSName = $InternalDomain.Split(".")[0]
$ClientCode = $NetBIOSName.Split("-")[0]
$Env_Name = $NetBIOSName.Split("-")[1]

$default_username = "$($NetBIOSName)\$($DomainAdminUsername)"
$default_password = $DomainAdminPassword | ConvertTo-SecureString -asPlainText -Force
[PSCredential]$default_creds = New-Object System.Management.Automation.PSCredential($default_username,$default_password)

$InterfaceAlias = (Get-NetIPConfiguration | Select-Object InterfaceAlias).InterfaceAlias
$DefaultGateway = (Get-NetIPConfiguration | Foreach IPv4DefaultGateway).NextHop

$cert_localpath = "xxxxxxx"

Configuration ISL {
Import-DscResource -ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName NetworkingDsc
Import-DscResource -ModuleName cChoco
Import-DscResource -ModuleName ComputerManagementDsc
Import-DscResource -Module OctopusDSC
Import-DscResource -ModuleName StorageDsc
Import-DscResource -ModuleName ActiveDirectoryDsc
Import-DscResource -ModuleName CertificateDsc

    Node 'localhost' {
        LocalConfigurationManager
        {
            ActionAfterReboot = 'ContinueConfiguration'
            ConfigurationMode = 'ApplyandMonitor'
            RebootNodeIfNeeded = $true
        }
        cChocoInstaller InstallChoco
        {
            InstallDir = "c:\setup\choco"
        }
        cChocoPackageInstaller 7zip
        {
            Name                 = '7zip'
            Ensure               = 'Present'
            DependsOn            = '[cChocoInstaller]installChoco'
        }
        cChocoPackageInstaller NPP
        {
            Name                 = 'notepadplusplus'
            Ensure               = 'Present'
            DependsOn            = '[cChocoInstaller]installChoco'
        }
        cChocoPackageInstaller DNet471
        {
            Name                 = 'dotnet4.7.1'
            Ensure               = 'Present'
            DependsOn            = '[WindowsFeatureSet]IIS'
        }
        DNSServerAddress DNS
        {
            AddressFamily = 'ipv4'
            InterfaceAlias = $InterfaceAlias
            Address          = "192.168.0.10"
        }
        DefaultGatewayAddress SetVPCsubnetGW
        {
            Address        = $DefaultGateway
            InterfaceAlias = $InterfaceAlias
            AddressFamily  = 'IPv4'
        }
        WindowsFeatureSet IIS
        {
            Name                    = @("Web-Default-Doc", "Web-Server", "Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Logging","Web-Stat-Compression","Web-Http-Logging","Web-Dyn-Compression","Web-Filtering","Web-Basic-Auth","Web-Windows-Auth","Web-Net-Ext","Web-Net-Ext45","Web-Asp-Net45","Web-ISAPI-Ext","Web-ISAPI-Filter","MSMQ-Server","MSMQ-Directory","NET-Framework-45-Core","NET-Framework-45-ASPNET","NET-WCF-HTTP-Activation45","NET-WCF-MSMQ-Activation45","NET-WCF-TCP-PortSharing45")
            Ensure                  = 'Present'
        }
        WindowsFeatureSet IIS-AllSubFeatures
        {
            Name                    = @("NET-Framework-Features","WAS","Windows-Identity-Foundation","Web-Mgmt-Tools")
            Ensure                  = 'Present'
            IncludeAllSubFeature    = $true
        }
        WaitForADDomain ForestWait
        {
            DomainName = $InternalDomain
            WaitTimeout = 900
            Credential = $default_creds
            DependsOn = "[DNSServerAddress]DNS"
        }
        Computer NewNameandDomain
        {
            Name          = "$($NetBIOSName)-xxxxx"
            DomainName = $InternalDomain
            Credential = $default_creds
            DependsOn = "[WaitForADDomain]ForestWait"
        }
        PfxImport XXXXX
        {
            Thumbprint = (Get-PfxCertificate -FilePath $cert_localpath).Thumbprint
            Path       = $cert_localpath
            Location   = 'LocalMachine'
            Store      = 'My'
        }
        Package DownloadIISRewrite
        {
            Ensure      = "Present"  # You can also set Ensure to "Absent"
            Path        = "http://download.microsoft.com/download/D/D/E/DDE57C26-C62C-4C59-A1BB-31D58B36ADA2/rewrite_amd64_en-US.msi"
            Name        = "IIS URL Rewrite Module 2"
            ProductId = "38D32370-3A31-40E9-91D0-D236F47E3C4A"
            Arguments = "/quiet"
            DependsOn = "[WindowsFeatureSet]IIS"
        }
        Registry DisableIISEnhancedSec1
        {
            Ensure      = "Present"  # You can also set Ensure to "Absent"
            Key         = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
            ValueName   = "IsInstalled"
            ValueData   = "0"
        }
        Registry DisableIISEnhancedSec2
        {
            Ensure      = "Present"  # You can also set Ensure to "Absent"
            Key         = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
            ValueName   = "IsInstalled"
            ValueData   = "0"
        }
        WaitForDisk Disk1
        {
             DiskId = 1
             RetryIntervalSec = 10
             RetryCount = 10
        }

        Disk EVolume
        {
             DiskId = 1
             DriveLetter = 'E'
             DependsOn = '[WaitForDisk]Disk1'
        }
        }
}
$cd = @{
    AllNodes = @(
        @{
            NodeName = 'localhost'
            PSDscAllowPlainTextPassword = $true
        }
    )
}
        ISL -ConfigurationData $cd
        Set-DSCLocalConfigurationManager -Path .\ISL -Verbose
        Start-DscConfiguration -Wait -Force -Path .\ISL -Verbose

[johlju]

Thanks for providing the detailed description it made me understand better, will look further tomorrow, getting late here now.

it seemes the previous version of WaitForADDomain was slower to detect the domain.

Yes, the refactored version function detects the domain in a background job and check more often. So it will be a bit quicker.

[ghost]

I tried to confirm that the issue is in the client trying to register with a user before that user is created in the Domain Controller by adding some Start-Sleep into User Data (I am doing this in AWS with Terraform) and it seemes to work - all nodes joined the domain without issue.

Copy-S3Object -Bucket ${var.S3BaseURL} -Key PowerShell-6.2.2-win-x64.msi -LocalFile C:\setup\PowerShell-6.2.2-win-x64.msi
    C:\setup\PowerShell-6.2.2-win-x64.msi /quiet
    Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
    Install-Module -Name ActiveDirectoryDSC -RequiredVersion  4.0.0.0 -Force
    Install-Module -Name NetworkingDsc -RequiredVersion 7.3.0.0 -Force
    Install-Module -Name ComputerManagementDsc -RequiredVersion 6.4.0.0 -Force
    Install-Module -Name cChoco -RequiredVersion 2.4.0 -Force
    Install-Module -Name xPendingReboot -RequiredVersion 0.4.0.0 -Force
    Install-Module -Name CertificateDsc -RequiredVersion 4.7.0.0 -Force
    Install-Module -Name xDnsServer -RequiredVersion 1.13.0.0 -Force
    Install-Module -Name OctopusDSC -RequiredVersion 4.0.659 -Force
    Install-Module -Name StorageDsc -RequiredVersion 4.7.0.0 -Force
    Copy-S3Object -Bucket ${var.S3BaseURL} -Key Scripts/xxxxxx-setup.ps1 -LocalFile C:\setup\xxxxx-setup.ps1
    --> Start-Sleep -Seconds 600 <--
    C:\setup\xxxxx-setup.ps1 -InternalDomain ${var.InternalDomain} -OctopusApiKey ${var.OctopusApiKey} -DomainAdminUsername ${var.DomainAdminUsername} -DomainAdminPassword ${var.DomainAdminPassword} *>&1 | Out-File -FilePath C:\setup\output.txt

Definitely not an ideal workaround as adding WaitforADDomain was very nice way how to get around any hard-set waiting times. Could you please suggest another smarter workaround or maybe modifying the resource WaitforADDomain to try again (if configured in case of Username/Password incorrect error) after some given amount of time (I think 30 seconds should be enough for example).

Thank you very much for looking into this and for putting so much work into these DSC modules and resources!

[johlju]

The client suddenly reboots,

I'm curious what resource initiated the reboot, can you see that? Maybe in the event logs https://docs.microsoft.com/en-us/powershell/dsc/troubleshooting/troubleshooting

[johlju]

If I just kick of the resource using credentials that does not exist.

Invoke-DscResource -Name WaitForADDomain -Method Set -Property @{
            DomainName = 'contoso.com'
            WaitTimeout = 120
            Credential = $mockCredential
} -ModuleName ActiveDirectoryDsc -Verbose

Then the Get-TargetResource fails which is called by both Set-TargetResource and Test-TargetResource. Calling the method Get above gives the same problem.

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/
Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer CLDC02 with user sid S-1-5-21-1619467470-1459113476-3809063323-1103.
VERBOSE: [CLDC02]:                            [DSCEngine] Importing the module C:\Program Files\WindowsPowerShell\Modules\ActiveDirectoryDsc\4.0.0.0\DscResources\MSFT_WaitForADDomain\MSFT_WaitForADDomain.psm1 in force mode.
VERBOSE: [CLDC02]: LCM:  [ Start  Set      ]  [[WaitForADDomain]DirectResourceAccess]
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] Importing the module MSFT_WaitForADDomain in force mode.
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] Waiting for a domain 'contoso.com' is available or until the timeout of 120 seconds has been reached. (WFADD0017)
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] Searching for a domain controller in the domain 'contoso.com'. (WFADD0001)
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] Impersonating the credentials 'CONTOSO\UnkownUser' when looking for a domain controller. (WFADD0011)
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] Searching for a domain controller in the domain 'contoso.com'. (ADCOMMON0052)
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] The type 'System.DirectoryServices.ActiveDirectory.DirectoryContext' is already loaded into the PowerShell session. (ADCOMMON0043)
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] Get a new Active Directory context of the type 'Domain'. (ADCOMMON0046)
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] The Active Directory context will target 'contoso.com'. (ADCOMMON0047)
VERBOSE: [CLDC02]:                            [[WaitForADDomain]DirectResourceAccess] The Active Directory context will be accessed using the 'CONTOSO\UnkownUser' credentials. (AD
COMMON0048)
VERBOSE: [CLDC02]: LCM:  [ End    Set      ]  [[WaitForADDomain]DirectResourceAccess]  in 15.0790 seconds.
PowerShell DSC resource MSFT_WaitForADDomain  failed to execute Set-TargetResource functionality with error message: Exception calling "FindOne" with "1" argument(s): "The user name or password is incorrect." 
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : localhost
 
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 15.269 seconds

[johlju]

How do we want this scenario handled? Suggestions much appreciated.

This worked in the previous version because that resource ignored any error that was thrown, any error meant no domain controller was not found, and did not show why it couldn't find a domain controller.

One solution would be do make the Get-TargetResource use the background job as well (to make the Get-method quicker. Then make the background job handle the error The user name or password is incorrect by just ignoring it, but output the error as verbose message instead, for debug purpose. But then we miss if the credentials that is provided are actually wrong.
We could also add a parameter IgnoreCredentialsErrors so the user have to opt-in to ignore those kind of errors. 🤔

Another solution, or workaround depending how you see it, to this scenario would be to use the resource WaitForSome to wait for the resource to have been ran on the domain controller. Although, this needs permission on the domain controller which seems excessive. 😕

Still curious what resource on the client that initiated the reboot, might be yet another issue somewhere.

[ghost]

Checking the logs it was definitely DSC who rebooted the server (System log):

The process C:\Windows\system32\wbem\wmiprvse.exe (EC2AMAZ-7IH71B3) has initiated the restart of computer EC2AMAZ-7IH71B3 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Application: Maintenance (Planned)
 Reason Code: 0x80040001
 Shutdown Type: restart
 Comment: DSC is restarting the computer.

DSC Logs (in order of time)
8/9/2019 7:15:17 AM:

Job {A7AE793B-BA74-11E9-8221-849F74D87B4C} : 
This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_WaitForADDomain DSC resource. FullyQualifiedErrorId is AuthenticationException,Find-DomainControllerFindOneWrapper. Error Message is Exception calling "FindOne" with "1" argument(s): "The user name or password is incorrect.".

8/9/2019 7:15:18 AM:

Job {A7AE793B-BA74-11E9-8221-849F74D87B4C} : 
This event indicates that failure happens when LCM is processing the configuration. Error Id is 0x1. Error Detail is The SendConfigurationApply function did not succeed.. Resource Id is [WaitForADDomain]ForestWait and Source Info is C:\setup\xxx-setup.ps1::73::9::WaitForADDomain. Error Message is PowerShell DSC resource MSFT_WaitForADDomain  failed to execute Set-TargetResource functionality with error message: No domain controller was found. (WFADD0010) .

approx. 8 minutes later this is in the log 8/9/2019 7:24:41 AM:
The DscTimer is running LCM method PerformRequiredConfigurationChecks with the flag set to 1.

8/9/2019 7:24:45 AM:

Job {C05A14D8-BA76-11E9-8221-849F74D87B4C} : 
 Resource execution sequence :: [cChocoInstaller]InstallChoco, [cChocoPackageInstaller]7zip, [cChocoPackageInstaller]NPP, [DnsServerAddress]DNS, [DefaultGatewayAddress]SetVPCsubnetGW, [WaitForADDomain]ForestWait, [Computer]NewNameandDomain, [FirewallProfile]Private, [FirewallProfile]Public, [FirewallProfile]Domain, [WaitForDisk]Disk1, [Disk]EVolume, [cTentacleAgent]OctopusTentacle.

8/9/2019 7:24:55 AM:

Job {C05A14D8-BA76-11E9-8221-849F74D87B4C} : 
WarningMessage A reboot is scheduled to progress further. Configuration will be continued after the reboot.

I tried to include only those relevant, there couple more log entries in the middle.

[johlju]

Thank you very much for looking into this and for putting so much work into these DSC modules and resources!

You are welcome. 😃

Could you please suggest another smarter workaround or maybe modifying the resource

An optional parameter in WaitForADDomain to ignore the error message is my best idea so far.

I tried to include only those relevant, there couple more log entries in the middle.

I am looking for any information say what resource actually triggered the restart. Is it possible to see what resource last run/started before/when the event log message A reboot is scheduled to progress further was logged?
I'm curious if WaitForADDomain is not throwing a correct error so that the resource Computer thinks it's DependsOn are finished and runs. The resource Computer is the only one I know restarts in the "client" configuration. 🤔

WaitForADDomain should restart only if RestartCount is specified and higher than 0.

[ghost]

How would I find that? I am trying to do Trace-xDscOperation -JobId c05a14d8-ba76-11e9-8221-849f74d87b4c but getting a lot of errors like:

New-Object : The value supplied is not valid, or the property is read-only. Change the value, and then try again.
At C:\Program Files\WindowsPowerShell\Modules\xDscDiagnostics\2.7.0.0\xDscDiagnostics.psm1:787 char:59
+ ... geObject += New-Object Microsoft.PowerShell.xDscDiagnostics.TraceOutp ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [New-Object], Exception
    + FullyQualifiedErrorId : SetValueException,Microsoft.PowerShell.Commands.NewObjectCommand

[X-Guardian]

I vote for a a new optional parameter to ignore the authentication error and keep waiting, but how about naming the parameter WaitForADUser or something similar. That makes it more clear what it should be used for.
In all scenarios that I can think of where you are using WaitForADDomain on a non-domain controller, you are actually interested in waiting for the domain to be active AND a particular user account to be active, which you will then be using in any following resources.

[X-Guardian]

@Crusad, add a Start-Transcript to your deployment script before the Start-DscConfiguration, then you can capture the verbose logs in a text file up to the reboot point.

[ghost]

I found it in C:\Windows\System32\Configuration\ConfigurationStatus

{"time": "2019-08-09T07:24:51.430+00:00", "type": "verbose", "message": "[EC2AMAZ-7IH71B3]:                            [[Computer]NewNameandDomain] Setting computer state for '<Newcomputername>'."},
 {"time": "2019-08-09T07:24:51.477+00:00", "type": "verbose", "message": "[EC2AMAZ-7IH71B3]:                            [[Computer]NewNameandDomain] Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\\cimv2,'className' = Win32_ComputerSystem'."},
 {"time": "2019-08-09T07:24:51.493+00:00", "type": "verbose", "message": "[EC2AMAZ-7IH71B3]:                            [[Computer]NewNameandDomain] Operation 'Enumerate CimInstances' complete."},
 {"time": "2019-08-09T07:24:55.603+00:00", "type": "warning", "message": "[EC2AMAZ-7IH71B3]:                            [[Computer]NewNameandDomain] The changes will take effect after you restart the computer EC2AMAZ-7IH71B3."},
 {"time": "2019-08-09T07:24:55.603+00:00", "type": "verbose", "message": "[EC2AMAZ-7IH71B3]:                            [[Computer]NewNameandDomain] Renamed computer to '<Newcomputername>' and added to the domain '<targetdomain>'."},
 {"time": "2019-08-09T07:24:55.619+00:00", "type": "verbose", "message": "[EC2AMAZ-7IH71B3]: LCM:  [ End    Set      ]  [[Computer]NewNameandDomain]  in 4.2190 seconds."},
 {"time": "2019-08-09T07:24:55.619+00:00", "type": "verbose", "message": "[EC2AMAZ-7IH71B3]: LCM:  [ End    Resource ]  [[Computer]NewNameandDomain]  "},
 {"time": "2019-08-09T07:24:55.619+00:00", "type": "verbose", "message": "[EC2AMAZ-7IH71B3]:                            [] A reboot is scheduled to progress further. Configuration will be continued after the reboot."},
 {"time": "2019-08-09T07:24:55.619+00:00", "type": "warning", "message": "[EC2AMAZ-7IH71B3]:                            [] A reboot is scheduled to progress further. Configuration will be continued after the reboot."},
 {"time": "2019-08-09T07:24:55.650+00:00", "type": "verbose", "message": "[EC2AMAZ-7IH71B3]:                            [] Consistency check completed."}

[ghost]

I have LCM set like this - why did it reboot it during consistency check?
Or is that "monitor" part only if the configuration is successful?
In any case it really seems like during this consistency check the ADUser is already available so it joins the domain.

        LocalConfigurationManager
        {
            ActionAfterReboot = 'ContinueConfiguration'
            ConfigurationMode = 'ApplyandMonitor'
            RebootNodeIfNeeded = $true
        }

[X-Guardian]

If a resource fails, the DSC LCM ends up in a PendingConfiguration state, which it will then keep retrying the offending resource to try and get into a desired state. This is what you are seeing. See dsccommunity/xPSDesiredStateConfiguration#49

[johlju]

@X-Guardian Thank you for commenting!

@Crusad to verify this, in the logs you should not see WaitForADDomain fail, and then run Computer and reboot. You should see WaitForADDomain succeed and then see Computer do the restart.

[ghost]

Yeah sorry, should have added the whole log:
https://gist.github.com/Crusad/8538e223c7467c7ac7b3a0bc5a8cde1f

[johlju]

@Crusad Awesome! That looks good. Then the only issue is that the credential error should be handled. If nobody get to it before me I will try to fix it in a week or so.

[johlju]

I have added parameter IgnoreAuthenticationErrors in this branch https://github.com/johlju/ActiveDirectoryDsc/tree/fix-issue-478/DSCResources/MSFT_WaitForADDomain.

If you want to try, copy the files in that folder to your local module, replacing the files there. Once merged it won't be released for sometime since we just made a release (at least 6 weeks away).

Would be awesome if you can try it out a report back if your scenario flows better.

[ghost]

Sorry for the delay - I will test it just have been a bit busy past couple days. I will let you know.

[ghost]

Finally got my test environment working again and was able to test. I am getting this:

Cannot bind argument to parameter 'DomainName' because it is an empty string.
    + CategoryInfo          : InvalidData: (:) [], CimException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed
    + PSComputerName        : localhost

It wouldn't be impossible that I would have the variable I pass into DomainName empty, but earlier in the resource there is message [[WaitForADDomain]ForestWait] No domain controller was found in the domain 'tf-tf.local'. (ADCOMMON0051) so I think the DomainName must be set there?

Full log for the resource:

VERBOSE: [EC2AMAZ-CCRR732]: LCM:  [ Start  Resource ]  [[WaitForADDomain]ForestWait]
VERBOSE: [EC2AMAZ-CCRR732]: LCM:  [ Start  Test     ]  [[WaitForADDomain]ForestWait]
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Determining the current state of the Active Directory domain 'tf-tf.local'. (WFADD0013)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Searching for a domain controller in the domain 'tf-tf.local'. (WFADD0001)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Impersonating the credentials 'tf-tf\xxxxxxxxxx' when looking for a domain controller. (WFADD0011)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Searching for a domain controller in the domain 'tf-tf.local'. (ADCOMMON0052)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The type 'System.DirectoryServices.ActiveDirectory.DirectoryContext' is already loaded into the PowerShell session. (ADCOMMON0043)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Get a new Active Directory context of the type 'Domain'. (ADCOMMON0046)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The Active Directory context will target 'tf-tf.local'. (ADCOMMON0047)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The Active Directory context will be accessed using the 'tf-tf\xxxxxxxxx' credentials. (ADCOMMON0048)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] No domain controller was found in the domain 'tf-tf.local'. (ADCOMMON0051)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] No domain controller was found. (WFADD0010)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Evaluating the state of the property 'IsAvailable'. (ADCOMMON0003)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Boolean value does not match. Current value is 'False', but expected the value 'True'. (ADCOMMON0008)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The parameter 'IsAvailable' is not in desired state. (ADCOMMON0005)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Domain 'tf-tf.local' is not in the desired state. (WFADD0007)
VERBOSE: [EC2AMAZ-CCRR732]: LCM:  [ End    Test     ]  [[WaitForADDomain]ForestWait]  in 0.8130 seconds.
VERBOSE: [EC2AMAZ-CCRR732]: LCM:  [ Start  Set      ]  [[WaitForADDomain]ForestWait]
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Waiting for a domain 'tf-tf.local' is available or until the timeout of 900 seconds has been reached. (WFADD0017)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Searching for a domain controller in the domain 'tf-tf.local'. (WFADD0001)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Impersonating the credentials 'tf-tf\xxxxxxxxxx' when looking for a domain controller. (WFADD0011)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Searching for a domain controller in the domain 'tf-tf.local'. (ADCOMMON0052)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The type 'System.DirectoryServices.ActiveDirectory.DirectoryContext' is already loaded into the PowerShell session. (ADCOMMON0043)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Get a new Active Directory context of the type 'Domain'. (ADCOMMON0046)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The Active Directory context will target 'tf-tf.local'. (ADCOMMON0047)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The Active Directory context will be accessed using the 'tf-tf\xxxxxxxxx' credentials. (ADCOMMON0048)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] No domain controller was found in the domain 'tf-tf.local'. (ADCOMMON0051)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] No domain controller was found. (WFADD0010)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Evaluating the state of the property 'IsAvailable'. (ADCOMMON0003)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Boolean value does not match. Current value is 'False', but expected the value 'True'. (ADCOMMON0008)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The parameter 'IsAvailable' is not in desired state. (ADCOMMON0005)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Starting background job that will be searching for the domain controller. (WFADD0018)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Waiting for the background job to finish, or timeout. (WFADD0019)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The background job finished running. (WFADD0014)
WARNING: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] The background job failed while searching for the domain controller. Returning the result of the background job. (WFADD0015)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] --- Start of result from background job. (WFADD0021)
Cannot bind argument to parameter 'DomainName' because it is an empty string.
    + CategoryInfo          : InvalidData: (:) [], CimException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed
    + PSComputerName        : localhost

VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] --- End of result from background job. (WFADD0022)
VERBOSE: [EC2AMAZ-CCRR732]:                            [[WaitForADDomain]ForestWait] Removing the background job. (WFADD0023)
VERBOSE: [EC2AMAZ-CCRR732]: LCM:  [ End    Set      ]  [[WaitForADDomain]ForestWait]  in 2.3470 seconds.
PowerShell DSC resource MSFT_WaitForADDomain  failed to execute Set-TargetResource functionality with error message: No domain controller was found. (WFADD0010)
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : localhost

[johlju]

Looks like a bug. The domain name doesn’t seem to be passed to the background job correctly. Strange. I thought I tested successfully myself, apparently not :)
I dig into this after work.

Thank you so much for testing! Get back to you.

[johlju]

@Crusad I found the bug, and I missed it becuase of a basic mistake. I did the manual integration tests before I wrote the unit tests. When I wrote the unit tests I changed the order of the parameters in the background job script, and never tested it again after that.

Fixed the bug and I added unit tests that tests that the parameters are passed correctly. 😄 If you would be so kind to test it again. :)
You can get the entire file again, or just add the yellow line here in your local file.
23d17ec#diff-2360ff588811573aec9e5dd5a518d1c3R358

[ghost]

Looks like the new version is working! I tested today, at first test I got Directory Service is busy from Computer resource, then I remembered seeing this fix 6.5.0.0 in ComputerManagementDsc so I upgraded (I was on 6.4.0.0), ran it again (all from the start - recreating both Domain Controller and the client from scratch) and now it looks ok.

End of the logs (Let me know if you want to see the full output)

  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] The Active Directory context will target 'tf-tf.local'. (ADCOMMON0047)"},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] The Active Directory context will be accessed using the 'tf-tf\\xxxxxxxx' credentials. (ADCOMMON0048)"},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "warning", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] AuthenticationException,Find-DomainControllerFindOneWrapper - Exception calling \"FindOne\" with \"1\" argument(s): \"The user name or password is incorrect.\r\n\""},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] The specified name resolution records cached on this machine will be removed.\r\nSubsequent name resolutions may return up-to-date information.\r\n"},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] Searching for a domain controller in the domain 'tf-tf.local'. (ADCOMMON0052)"},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] The type 'System.DirectoryServices.ActiveDirectory.DirectoryContext' is already loaded into the PowerShell session. (ADCOMMON0043)"},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] Get a new Active Directory context of the type 'Domain'. (ADCOMMON0046)"},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] The Active Directory context will target 'tf-tf.local'. (ADCOMMON0047)"},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] The Active Directory context will be accessed using the 'tf-tf\\xxxxxxxx' credentials. (ADCOMMON0048)"},
  {"time": "2019-08-16T10:01:54.706+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] Found a domain controller in the domain 'tf-tf.local'. (ADCOMMON0049)"},
  {"time": "2019-08-16T10:01:54.722+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] --- End of result from background job. (WFADD0022)"},
  {"time": "2019-08-16T10:01:54.722+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] Removing the background job. (WFADD0023)"},
  {"time": "2019-08-16T10:01:54.737+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[WaitForADDomain]ForestWait] Domain 'tf-tf.local' is in the desired state. (WFADD0006)"},
  {"time": "2019-08-16T10:01:54.737+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ End    Set      ]  [[WaitForADDomain]ForestWait]  in 575.2800 seconds."},
  {"time": "2019-08-16T10:01:54.737+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ End    Resource ]  [[WaitForADDomain]ForestWait]  "},
  {"time": "2019-08-16T10:01:54.737+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ Start  Resource ]  [[Computer]NewNameandDomain]  "},
  {"time": "2019-08-16T10:01:54.753+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ Start  Test     ]  [[Computer]NewNameandDomain]  "},
  {"time": "2019-08-16T10:01:54.769+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[Computer]NewNameandDomain] Testing computer state for 'tf-tf-rdg'."},
  {"time": "2019-08-16T10:01:54.769+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ End    Test     ]  [[Computer]NewNameandDomain]  in 0.0160 seconds."},
  {"time": "2019-08-16T10:01:54.769+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ Start  Set      ]  [[Computer]NewNameandDomain]  "},
  {"time": "2019-08-16T10:01:54.785+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[Computer]NewNameandDomain] Setting computer state for 'tf-tf-rdg'."},
  {"time": "2019-08-16T10:01:54.816+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[Computer]NewNameandDomain] Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\\cimv2,'className' = Win32_ComputerSystem'."},
  {"time": "2019-08-16T10:01:54.847+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[Computer]NewNameandDomain] Operation 'Enumerate CimInstances' complete."},
  {"time": "2019-08-16T10:01:58.420+00:00", "type": "warning", "message": "[EC2AMAZ-0647U40]:                            [[Computer]NewNameandDomain] The changes will take effect after you restart the computer EC2AMAZ-0647U40."},
  {"time": "2019-08-16T10:01:58.436+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [[Computer]NewNameandDomain] Renamed computer to 'tf-tf-rdg' and added to the domain 'tf-tf.local'."},
  {"time": "2019-08-16T10:01:58.436+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ End    Set      ]  [[Computer]NewNameandDomain]  in 3.6660 seconds."},
  {"time": "2019-08-16T10:01:58.436+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ End    Resource ]  [[Computer]NewNameandDomain]  "},
  {"time": "2019-08-16T10:01:58.436+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]:                            [] A reboot is scheduled to progress further. Configuration will be continued after the reboot."},
  {"time": "2019-08-16T10:01:58.436+00:00", "type": "warning", "message": "[EC2AMAZ-0647U40]:                            [] A reboot is scheduled to progress further. Configuration will be continued after the reboot."},
  {"time": "2019-08-16T10:01:58.498+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ End    Set      ]      "},
  {"time": "2019-08-16T10:01:58.498+00:00", "type": "verbose", "message": "[EC2AMAZ-0647U40]: LCM:  [ End    Set      ]    in  643.7540 seconds."}

[johlju]

Awesome that it worked this time and that your scenario flowed better! No need to get the full log, it looked great in the log you provided. Thank you for testing.

I got a proposal in the pull request to change the parameter name, please see if you agree with the name change proposal there.