Topics created by Adam1

Hi @Adam1 , The Restart-Server operation is performed on the server itself, using the Inedo Agent or PowerShell Agent. Behind the scenes, the agent will just use the advapi32.dll::InitiateShutdown Win32 API method, and that error string indicates that Windows is returning ERROR_ACCESS_DENIED when attempting to initiate the Shutdown. This is the same method that shutdown.exe uses behind the scenes as well. So basically, just make sure that the agent process is running as an admin/system account. Best, Alana

Not at present, but it's definitely on our roadmap, but there's not a ton of demand for it so we haven't prioritized it. The primary usecase seems to be having a Otter or BuildMaster server in the cloud that in-house servers connect to. Is that what you were thinking?

hi @Adam1; thank you for the detailed reproduction instructions. You are correct, this is indeed a bug, and it will be fixed in the next maintenance release (scheduled for Friday) as OT-381. If you'd like a pre-release, we can easily share one to you as well!

hi @Adam1, I looked into this further, and this is by design, but it should really be clarified in the UI a little bit better (I updated the docs). A server can exist in multiple environments, but it's not recommended. Basically, when a server is in multiple environments, then there can be no single environment in context. This means that the variable function $EnvironmentName will return empty, and variables cannot be resolved against those environments. This is unlike a role (which is set when executing a configuration plan, or explicitly set with for role X). So, in this case, I recommend you to use multiple roles.

Unfortunately we don't yet have an API for the credentials, but it's something we'd like to make. In the mean time, the Native API will work. If you look in the database, you'll be able to see how credentials are structured, and how things like Password are stored. The secret fields are encrypted using DPAPI, with the Encryption key stored in the configuration file. Here's the specific code we use to encrypt/decrypt. Please share what you come up with, would definitely help out in the mean time :) private static byte[] Decrypt(byte[] data) { if (protectedAesKey == null || protectedAesKey.Length == 0) throw new InvalidOperationException("Cannot decrypt persistent property; decryption key not configured."); byte[] key; try { key = ProtectedData.Unprotect(protectedAesKey, null, DataProtectionScope.LocalMachine); } catch (CryptographicException ex) { throw new InvalidOperationException( $"An error occurred during decryption (\"{ex.Message}\"). This usually means that the encryption key has changed between" + " encrypting and decrypting the data, which might happen if you accidentally overwrite a configuration setting, perhaps during an upgrade or reinstall." + " Check your configured encryption key, and restart the service and web application(s) as needed."); } try { var nonce = new byte[16]; Array.Copy(data, 0, nonce, 0, 8); Array.Copy(data, data.Length - 8, nonce, 8, 8); using (var buffer = new MemoryStream(data.Length - 16)) { buffer.Write(data, 8, data.Length - 16); buffer.Position = 0; using (var aes = new AesManaged { Key = key, IV = nonce, Padding = PaddingMode.PKCS7 }) using (var cryptoStream = new CryptoStream(buffer, aes.CreateDecryptor(), CryptoStreamMode.Read)) { var output = new byte[SlimBinaryFormatter.ReadLength(cryptoStream)]; cryptoStream.Read(output, 0, output.Length); return output; } } } finally { if (key != null) Array.Clear(key, 0, key.Length); } } private static byte[] Encrypt(byte[] data) { if (protectedAesKey == null || protectedAesKey.Length == 0) return null; var key = ProtectedData.Unprotect(protectedAesKey, null, DataProtectionScope.LocalMachine); try { using (var aes = new AesManaged { Key = key, Padding = PaddingMode.PKCS7 }) { aes.GenerateIV(); using (var outputBuffer = new MemoryStream()) { outputBuffer.Write(aes.IV, 0, 8); using (var cryptoStream = new CryptoStream(new UncloseableStream(outputBuffer), aes.CreateEncryptor(), CryptoStreamMode.Write)) { SlimBinaryFormatter.WriteLength(cryptoStream, data.Length); cryptoStream.Write(data, 0, data.Length); } outputBuffer.Write(aes.IV, 8, 8); return outputBuffer.ToArray(); } } } finally { if (key != null) Array.Clear(key, 0, key.Length); } }

Hello Here is two exemple : one with Carbon module (http://get-carbon.org) One wit h xSmbshare (From Pwershll Gallery) I assumed you have install the module Ensure-DscResource ( ConfigurationKey: Identity, Name: Carbon_Permission, Module: Carbon, Properties: %(Path:$DFSFolder,Identity:$Mydomain\$MyGroup,Permission:FullControl) ); Ensure-DscResource ( Name: xSmbShare, Module: xSmbShare, Properties: %(Name:$ShareFolder,Path:$FoldertoShare,ReadAccess:$Mydomain\$MyGroup,FolderEnumerationMode:AccessBased,CachingMode:None) ); The Carbon example use as ConfigurationKey the property Identity while in the xSmbShare, the configuraitonKey is the default property (ie, Name) I hope to not make a mistake and it will be useful. Best Regards PhilippeC.

Great question! The answer is, unfortunately, buried in the Formal Specifications. But long story short, you'll want to wrap the Get-Asset operation in a with executionPolicy = always block. For more information, note that there are three modes of executions: Collect Only - only ICollectingOperation operations will run; if the operation is a IComparingOperation, then drift may be indicated. All ensure operations implement both interfaces. Collect then Execute - a collection pass is performed as described above; if any drift is indicated, an execution pass is performed that runs: operations that indicated drift IExecutingOperation operations in the same scope as a drift-indicating operation that do not implement - IComparingOperation; this is all execution actions operations with an execution policy of AlwaysExecute; this can only be set on a Context Setting Statement Execute Only- only IExecutingOperation operations will run; all ensure and execute operations implement this interface So what's happening is that Get-Asset will never run in a Collect pass, where as Ensure-DscResource will always run in a Collect pass (but only in Collection mode). By forcing Get-Asset to always execute, it will run even in the collect pass. By the way: I would love to find a way to properly document the answer to this, so users don't get frustrated; any suggestions on where to edit the contents?