Desired State Configuration (DSC) 已知问题和限制Desired State Configuration (DSC) Known Issues and Limitations

重大更改:DSC 配置中用于对密码进行加密/解密的证书在安装 WMF 5.0 RTM 后可能失效Breaking Change: Certificates used to encrypt/decrypt passwords in DSC configurations may not work after installing WMF 5.0 RTM

在 WMF 4.0 和 WMF 5.0 预览版本中,DSC 不允许配置中的密码长度超过 121 个字符。In WMF 4.0 and WMF 5.0 Preview releases, DSC would not allow passwords in the configuration to be of length more than 121 characters. 尽管使用较长的强密码更好,但 DSC 强制使用短密码。DSC was forcing to use short passwords even if lengthy and strong password was desired. 此项重大更改使 DSC 配置中的密码可为任意长度。This breaking change allows passwords to be of arbitrary length in the DSC configuration.

解决方法: 使用数据加密或密钥加密密钥用法和文档加密增强型密钥用法 (1.3.6.1.4.1.311.80.1) 重新创建证书。Resolution: Re-create the certificate with Data Encipherment or Key Encipherment Key usage, and Document Encryption Enhanced Key usage (1.3.6.1.4.1.311.80.1). Technet 文章 https://technet.microsoft.com/library/dn807171.aspx 提供了更多信息。Technet article https://technet.microsoft.com/library/dn807171.aspx has more information.

安装 WMF 5.0 RTM 后 DSC cmdlet 可能失败DSC cmdlets may fail after installing WMF 5.0 RTM

安装 WMF 5.0 RTM 后,Start-DscConfiguration 和其他 DSC cmdlet 可能失败并出现以下错误:Start-DscConfiguration and other DSC cmdlets may fail after installing WMF 5.0 RTM with the following error:

    LCM failed to retrieve the property PendingJobStep from the object of class dscInternalCache .
    + CategoryInfo : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 6
    + PSComputerName : localhost

解决方法: 通过在提升的 PowerShell 会话中运行以下命令(以管理员身份运行)来删除 DSCEngineCache.mof:Resolution: Delete DSCEngineCache.mof by running the following command in an elevated PowerShell session (Run as Administrator):

Remove-Item -Path $env:SystemRoot\system32\Configuration\DSCEngineCache.mof

如果在 WMF 5.0 生产预览版的基础上安装 WMF 5.0 RTM,DSC cmdlet 可能失效DSC cmdlets may not work if WMF 5.0 RTM is installed on top of WMF 5.0 Production Preview

解决方法: 在提升的 PowerShell 会话中运行以下命令(以管理员身份运行):Resolution: Run the following command in an elevated PowerShell session (run as administrator):

    mofcomp $env:windir\system32\wbem\DscCoreConfProv.mof

在 DebugMode 中使用 Get-DscConfiguration 时,LCM 可能进入不稳定状态LCM can go into an unstable state while using Get-DscConfiguration in DebugMode

如果 LCM 处于 DebugMode,按 Ctrl+C 来停止 Get-DscConfiguration 处理可能导致 LCM 进入不稳定状态,从而导致大部分 DSC cmdlet 失效。If LCM is in DebugMode, pressing CTRL+C to stop the processing of Get-DscConfiguration can cause LCM to go into an unstable state such that majority of DSC cmdlets won’t work.

解决方法: 不要在调试 Get-DscConfiguration cmdlet 时按 Ctrl+C。Resolution: Don’t press CTRL+C while debugging Get-DscConfiguration cmdlet.

在 DebugMode 中,Stop-DscConfiguration 可能挂起Stop-DscConfiguration may hang in DebugMode

如果 LCM 处于 DebugMode,则当试图停止由 Get-DscConfiguration 启动的操作时,Stop-DscConfiguration 可能挂起If LCM is in DebugMode, Stop-DscConfiguration may hang while trying to stop an operation started by Get-DscConfiguration

解决方法:调试 DSC 资源部分中所述完成由 Get-DscConfiguration 所启动操作的调试。Resolution: Finish the debugging of the operation started by Get-DscConfiguration as outlined in section ‘Debugging DSC resources’.

DebugMode 中不显示详细错误消息No Verbose Error Messages are shown in DebugMode

如果 LCM 处于 DebugMode,DSC 资源中将不显示详细错误消息。If LCM is in DebugMode, no verbose error messages are displayed from DSC Resources.

解决方法: 禁用 DebugMode 以从资源中查看详细消息Resolution: Disable DebugMode to see verbose messages from the resource

Get-DscConfigurationStatus cmdlet 无法检索 Invoke-DscResource 操作Invoke-DscResource operations cannot be retrieved by Get-DscConfigurationStatus cmdlet

使用 Invoke-DscResource cmdlet 直接调用资源的方法后,将无法再通过 Get-DscConfigurationStatus 检索此类操作的记录。After using Invoke-DscResource cmdlet to directly invoke any resource’s methods, the records of such operation cannot be retrieved through Get-DscConfigurationStatus at a later time.

解决方法: 无。Resolution: None.

Get-DscConfigurationStatus 将请求周期操作返回为 Consistency 类型Get-DscConfigurationStatus returns pull cycle operations as type Consistency

将节点设置为 PULL 刷新模式时,对于所执行的每个请求操作,Get-DscConfigurationStatus cmdlet 会将操作类型报告为 Consistency 而不是 InitialWhen a node is set to PULL refresh mode, for each pull operation performed, Get-DscConfigurationStatus cmdlet reports the operation type as Consistency instead of Initial

解决方法: 无。Resolution: None.

Invoke-DscResource cmdlet 不按生成消息的顺序返回消息Invoke-DscResource cmdlet does not return message in the order they were produced

Invoke-DscResource cmdlet 不按 LCM 或 DSC 资源生成详细、警告和错误消息的顺序返回这些消息。The Invoke-DscResource cmdlet does not return verbose, warning, and error messages in the order they were produced by LCM or the DSC resource.

解决方法: 无。Resolution: None.

与 Invoke-DscResource 一起使用时,无法轻松调试 DSC 资源DSC Resources cannot be debugged easily when used with Invoke-DscResource

LCM 在调试模式下运行时(请参阅 调试 DSC 资源以了解详细信息),Invoke-DscResource cmdlet 不会给出有关连接到运行空间以进行调试的信息。When LCM is running in debug mode (see Debugging DSC resources for more details), Invoke-DscResource cmdlet does not give information about runspace to connect to for debugging. 解决方法: 使用 cmdlet Get-PSHostProcessInfoEnter-PSHostProcessGet-RunspaceDebug-Runspace 来发现并连接到运行空间,以便调试 DSC 资源。Resolution: Discover and attach to the runspace using cmdlets Get-PSHostProcessInfo, Enter-PSHostProcess , Get-Runspace and Debug-Runspace to debug the DSC resource.

# Find all the processes hosting PowerShell
Get-PSHostProcessInfo

ProcessName ProcessId AppDomainName
----------- --------- -------------
powershell 3932 DefaultAppDomain
powershell_ise 2304 DefaultAppDomain
WmiPrvSE 3396 DscPsPluginWkr_AppDomain

# Enter the process that is hosting DSC engine (WMI process with DscPsPluginWkr_Appdomain)
Enter-PSHostProcess -Id 3396 -AppDomainName DscPsPluginWkr_AppDomain

# Find all the available rusnspaces in that process
Get-Runspace

Id Name ComputerName Type State Availability
-- ---- ------------ ---- ----- ------------
2 Runspace2 localhost Local Opened InBreakpoint
5 RemoteHost localhost Local Opened Busy

# Debug the runspace that is in **InBreakpoint** availability state
Debug-Runspace -Id 2

同一节点的各部分配置文档不能具有相同的资源名称Various Partial Configuration documents for same node cannot have identical resource names

对于部署到单个节点上的多个部分配置,相同的资源名称可能导致运行时错误。For several partial configurations that are deployed onto a single node, identical names of resources cause run time error.

解决方法: 即使对不同部分配置中的相同资源也使用不同的名称。Resolution: Use different names for even same resources in different partial configurations.

Start-DscConfiguration –UseExisting 不可与 -Credential 一起使用Start-DscConfiguration –UseExisting does not work with -Credential

使用具有 –UseExisting 参数的 Start-DscConfiguration 时,将忽略 –Credential 参数。When using Start-DscConfiguration with –UseExisting parameter, the –Credential parameter is ignored. DSC 使用默认进程标识继续执行操作。DSC uses default process identity to proceed the operation. 当需要其他凭据才可在远程节点上继续执行时,这将导致错误。This causes error when a different credential is needed to proceed on remote node.

解决方法: 使用 CIM 会话进行远程 DSC 操作:Resolution: Use CIM session for remote DSC operations:

$session = New-CimSession -ComputerName $node -Credential $credential
Start-DscConfiguration -UseExisting -CimSession $session

将 IPv6 地址作为 DSC 配置中的节点名称IPv6 Addresses as Node Names in DSC configurations

此版本中不支持将 IPv6 地址作为 DSC 配置脚本中的节点名称。IPv6 addresses as node names in DSC configuration scripts are not supported in this release.

解决方法: 无。Resolution: None.

调试基于类的 DSC 资源Debugging of Class-Based DSC Resources

此版本中不支持调试基于类的 DSC 资源。Debugging of class-based DSC Resources is not supported in this release.

解决方法: 无。Resolution: None.

在多次调用 DSC 资源之间,将不保留在 DSC 基于类的资源中 $script 作用域内定义的变量和函数Variables & Functions defined in $script scope in DSC Class-Based Resource are not preserved across multiple calls to a DSC Resource

如果配置使用任何基于类的资源,而该资源包含在 $script 作用域内定义的变量或函数,则对 Start-DSCConfiguration 的多个连续调用将失败。Multiple consecutive calls to Start-DSCConfiguration will fail if configuration is using any class-based resource which has variables or functions defined in $script scope.

解决方法: 在 DSC 资源类本身中定义所有变量和函数。Resolution: Define all variables and functions in DSC Resource class itself. 没有 $script 作用域的变量/函数。No $script scope variables/functions.

在资源使用 PSDscRunAsCredential 时进行 DSC 资源调试DSC Resource Debugging when a resource is using PSDscRunAsCredential

在此版本中,当资源使用配置中的 PSDscRunAsCredential 属性时,不支持进行 DSC 资源调试。DSC Resource debugging when a resource is using the PSDscRunAsCredential property in the configuration is not suported in this release.

解决方法: 无。Resolution: None.

不支持将 PsDscRunAsCredential 用于 DSC 复合资源PsDscRunAsCredential is not supported for DSC Composite Resources

解决方法: 尽可能使用 Credential 属性。Resolution: Use Credential property if available. 示例 ServiceSet 和 WindowsFeatureSetExample ServiceSet and WindowsFeatureSet

Get-DscResource -Syntax 不能正确地反映 PsDscRunAsCredentialGet-DscResource -Syntax does not reflect PsDscRunAsCredential correctly

当资源将 Get-DscResource -Syntax 标记为强制使用或不支持它时,它将不能正确地反映 PsDscRunAsCredential。Get-DscResource -Syntax does not reflect PsDscRunAsCredential correctly when resource marks it as mandatory or does not support it.

解决方法: 无。Resolution: None. 但是,使用 IntelliSense 时,在 ISE 中创作配置可以反映关于 PsDscRunAsCredential 属性的正确元数据。However, authoring configuration in ISE reflects correct metadata about PsDscRunAsCredential property when using IntelliSense.

WindowsOptionalFeature 在 Windows 7 中不可用WindowsOptionalFeature is not available in Windows 7

WindowsOptionalFeature DSC 资源在 Windows 7 中不可用。The WindowsOptionalFeature DSC resource is not available in Windows 7. 此资源需要 DISM 模块以及在 Windows 8 和更新版 Windows 操作系统中开始提供的 DISM cmdlet。This resource requires the DISM module, and DISM cmdlets that are available starting in Windows 8 and newer releases of the Windows operating system.

对于基于类的 DSC 资源,Import-DscResource -ModuleVersion 可能未按预期运行For Class-based DSC resources, Import-DscResource -ModuleVersion may not work as expected

如果编译节点具有多个版本的基于类的 DSC 资源模块,Import-DscResource -ModuleVersion 不会获取指定版本,并导致产生以下编译错误。If the compilation node has multiple version of a class-based DSC resource module, Import-DscResource -ModuleVersion does not pick the specified version and results in following compilation error.

ImportClassResourcesFromModule : Exception calling "ImportClassResourcesFromModule" with "3" argument(s): "Keyword 'MyTestResource' already defined in the configuration."
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:2035 char:35
+ ... rcesFound = ImportClassResourcesFromModule -Module $mod -Resources $r ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [ImportClassResourcesFromModule], MethodInvocationException
    + FullyQualifiedErrorId : PSInvalidOperationException,ImportClassResourcesFromModule

解决方法: 通过定义 ModuleSpecification 对象将所需版本导入到 -ModuleNameRequiredVersion 密钥按如下所示指定:Resolution: Import the required version by defining the ModuleSpecification object to the -ModuleName with RequiredVersion key specified as follows:

Import-DscResource -ModuleName @{ModuleName='MyModuleName';RequiredVersion='1.2'}

一些 DSC 资源,如注册表资源可能开始需要较长时间处理请求。Some DSC resources like registry resource may start to take a long time to process the request.

解决方案 1: 创建定期清理以下文件夹的计划任务。Resolution1: Create a schedule task that cleans up the following folder periodically.

$env:windir\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis

“”解决方案 2: 更改 DSC 配置以在配置结束时清理 CommandAnalysis 文件夹。Resolution2: Change the DSC configuration to clean up the CommandAnalysis folder at the end of the configuration.

Configuration $configName
{

   # User Data
    Registry SetRegisteredOwner
    {
        Ensure = 'Present'
        Force = $True
        Key = $Node.RegisteredKey
        ValueName = $Node.RegisteredOwnerValue
        ValueType = 'String'
        ValueData = $Node.RegisteredOwnerData
    }
    #
    # Script to delete the config
    #
    script DeleteCommandAnalysisCache
    {
        DependsOn="[Registry]SetRegisteredOwner"
        getscript="@{}"
        testscript = 'Remove-Item -Path $env:windir\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis -Force -Recurse -ErrorAction SilentlyContinue -ErrorVariable ev | out-null;$true'
        setscript = '$true'
    }
}