I'm trying to use DSC to configure the nodes in my service fabric cluster virtual machine scale set. Doing some registry edits, to keep it small I only show one below. When I run the functions manually by themselves they work fine. When trying to nest them inside one function I get an error.
configuration ServiceFabricNode {
Node localhost
{
SSLPerfectForwardSecrecyTLS12 ConfigureSSL {}
ServiceFabricAntivirusExclusions AntiVirusExclusions {}
}
}
configuration SSLPerfectForwardSecrecyTLS12 {
Import-DscResource –ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName GraniResource
# Disable Multi-Protocol Unified Hello
Registry "DisableServerMultiProtocolUnifiedHello"
{
Key = "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol
Unified Hello\Server"
ValueName = "Enabled"
ValueType = "Dword"
ValueData = "0"
Ensure = "Present"
Force = $true
}
}
configuration ServiceFabricAntivirusExclusions {
Import-DscResource -ModuleName WindowsDefender
[string[]]$exclusionPath = "C:\Program Files\Microsoft Service abric\","D:\SvcFab\";
Invoke-DscResource -Name WindowsDefender -ModuleName WindowsDefender -Method Set -Property @{ IsSingleInstance = 'Yes'; ExclusionPath = $exclusionPath }
[string[]]$exlusionProcess = "Fabric.exe","FabricHost.exe","FabricInstallerService.exe","FabricSetup.exe","FabricDeployer.exe","ImageBuilder.exe","FabricGateway.exe","FabricDCA.exe","FabricFAS.exe","FabricUOS.exe","FabricRM.exe","FileStoreService.exe";
Invoke-DscResource -Name WindowsDefender -ModuleName WindowsDefender -Method Set -Property @{ IsSingleInstance = 'Yes'; ExclusionProcess = $exlusionProcess }
}
ServiceFabricNode
Results into
Compilation errors occurred while processing configuration 'ServiceFabricNode'. Please review the errors reported in error stream and modify your configuration code
appropriately.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3917 char:5
+ throw $ErrorRecord
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (ServiceFabricNode:String) [], InvalidOperationException
+ FullyQualifiedErrorId : FailToProcessConfiguration
With debug enabled it shows the real exception
Cannot invoke the Invoke-DscResource cmdlet. The Invoke-DscResource cmdlet is in progress and must return before Invoke-DscResource can be invoked. Use -Force option if
that is available to cancel the current operation.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost
I cannot find a -Force option and Google seems to filter out all errors for Invoke-DscResource or I'm the first one using it. Does anyone know a solution? Maybe I don't have to use Invoke-DscResource for the WindowsDefender module, but I don't see another way.
I figured it out with the following blog information http://nanalakshmanan.com/blog/Composite-Resources-Explained/
WindowsDefender is a Composite-Resource
configuration ServiceFabricAntivirusExclusions
{
Import-DscResource -ModuleName WindowsDefender
[string[]]$exclusionPath = "C:\Program Files\Microsoft Service Fabric\","D:\SvcFab\";
[string[]]$exlusionProcess = "Fabric.exe","FabricHost.exe","FabricInstallerService.exe","FabricSetup.exe","FabricDeployer.exe","ImageBuilder.exe","FabricGateway.exe","FabricDCA.exe","FabricFAS.exe","FabricUOS.exe","FabricRM.exe","FileStoreService.exe";
WindowsDefender x
{
IsSingleInstance = 'Yes';
ExclusionPath = $exclusionPath;
ExclusionProcess = $exlusionProcess;
}
}