Hi,

While browsing the code I've noticed the function Repair-DSCEngine which is actually killing all DSC engine host processes. And not only that, but it's being called 10 times in a loop from 2 places, which is kind of weird to see without understanding the context.

Can you guys please add comments to this function explaining why is this actually necessary ?
Also I wonder what happens if there is a periodic DSC config running and you are killing the DSC engine ?
For example I have a web server which is syncing contents from a DFS share every few minutes.
Depending on the size of the content, network bandwidth, etc this can take some time.

Ideally an analyzer would be free from side affects, so I just want to make sure I understand how safe is it to kill the DSC engine's process / what are the potential side effects and in general why is this necessary ?

for ($i=1; $i -lt 10; $i++) { 
    Repair-DSCEngine -ComputerName $computer -ErrorAction SilentlyContinue
}

do {
    $processID = Get-Process -Id $dscProcess
    $processID | Stop-Process -Force}
while ($processID.ProcessName -match "WmiPrvSE")

Thanks!

Hi

I'm wondering if there was a reason you chose the casing for functions as you did? The two obvious "issues" I see are the following:

• DSC used instead of Dsc, as seen in PSDesiredStateConfiguration module
• Use of a lower case letter for the first word following DSCEA, e.g. Start-DSCEAscan

Both of these diverge from the PowerShell Style Guide and the .Net Framework Capitalization Conventions.

Hi Raplh and Keith and sorry for my Funny English.
During my test, I have a little problem with powershell version.
Not all powershell 5 versions are compatible with DSCEA.
For example, the 5.0.10018.0 version does not accept the "Test-DscConfiguration-ReferenceConfiguration". And DSCEA does not work (All configurations are False).
I could not test the next BUILD (5.0.10586.51) but it's Ok with the 5.0.10586.117 version.
During my tests, I used the same Framework version (4.0.30319.42000).

I have modify the Start-DSCEAscan functions.
I replaced line 279 and 280 by :
$runlist = ($psjobresults | Where-Object {$.Major -ge 5 -and $.Build -gt 10018}).PSComputername
$versionerrorlist = ($psjobresults | Where-Object {($.Major -lt 5) -or ($.Major -ge 5 -and $_.Build -le 10018)}).PSComputername
And the line 292
Write-Warning "The following systems cannot be scanned as they are not running the good Powershell Version (Greater Than 5.0.10018). Please check '$versionerrorlist' for details"

All it's Ok for my environment. If you think this is a good solution, I let you use with pleasure ;)

Regards
Thierry

Logo is blank on HTML reports when module is downloaded using install-module

This is because the version is added to the folder structure, and the file copy to programdata cannot complete. The new path is C:\Program Files\WindowsPowerShell\Modules\DSCEA\1.0.0.0\resources

It would be nice if Get-DSCEAreport have a switch -ShowOnlyNonCompliant
Get-DSCEAreport -InFile $XMLFile -OutPath "$OutputPath" -Overall
Get-DSCEAreport -InFile $XMLFile -OutPath "$OutputPath" -Detailed

So we don't need to scroll and search in HTML file.

This issue was detected on Ralph's system under the dev branch, issue should be repro'd/verified and corrected

Adding a new issue as I received feedback today from someone who had some issues getting the Offline Install to work by following what is on PowerShell Gallery

Will add more to this section including screenshots

....Please don't ask how I stumbled into this situation, but if you put a directory path into -MofFile instead of a, um, ...file.... You get an error about Access Denied. Please throw a more descriptive error in this case, like "Path must be a file and not a directory".

PS C:\demo> $mofDir = "C:\demo\DSCFromSCMJSON"
PS C:\demo> Start-DSCEAscan -MofFile $mofdir -computername LocalHost

WARNING: Access to the path 'C:\demo\DSCFromSCMJSON' is denied.

Feature request to output to csv

When I try to import the module, I get an error importing Out-DataTable:
Unexpected token 'Â' in expression or statement.

It looks like there may be an extra character after some of the types that is being read as this invalid char.

Review and a fix is needed for the get-help sections of DSCEA functions. Looks like " symbols are being converted over to “ and �

When running test-dscconfiguration any resources required by the mof file must be on the remote nodes.

I have written a couple of functions to scan the mof, and copy required resources to the remote nodes before test-dscconfiguration has run.

Can you please review the changes at https://github.com/anwather/DSCEA. There is a new sample config file which needs the xSMBShare resource to be installed on the remote node. Note that the machine which runs Start-DSCEAScan also needs to have the resource as a source.

Additionally, no need for the day/all CSV logic now, since the long term (all) data will be being stored in SQL

Hi Ralph and Keith and sorry for my Funny English.
When you check compliance, if all servers are not compatibles with Powershell version (see #57, New Powershell Check Version), you have an error message.

Do you think it's possible to replace line 364 :
Write-Progress -activity "Working..." -PercentComplete (($jobscomplete / $jobs.count)*100) -status "$([string]::Format("Time Elapsed: {0:d2}:{1:d2}:{2:d2} Jobs Complete: {3} of {4} ", $elapsedTime.Elapsed.hours, $elapsedTime.Elapsed.minutes, $elapsedTime.Elapsed.seconds, $jobscomplete, $jobs.count))";

by

switch ($jobs.count)
{{$jobs.count -eq 0}{Write-host "Nothing to test ...";break}
{$jobs.count -ne 0}{Write-Progress -activity "Working..." -PercentComplete (($jobscomplete / $jobs.count)*100) -status "$([string]::Format("Time Elapsed: {0:d2}:{1:d2}:{2:d2} Jobs Complete: {3} of {4} ", $elapsedTime.Elapsed.hours, $elapsedTime.Elapsed.minutes, $elapsedTime.Elapsed.seconds, $jobscomplete, $jobs.count))"}}

Regards
Thierry

When Start-DSCEAscan is run against either a large (100+) server text file or using a -path containing (100+) servers mof files the following error is often displayed as some of the servers LCM are in use:

WARNING: Cannot invoke the Test-DscConfiguration cmdlet. The Consistency Check or Pull cmdlet is in progress and must return before Test-DscConfiguration can be
invoked. Use -Force option if that is available to cancel the current operation.
WARNING: Cannot validate argument on parameter 'Id'. The argument is null. Provide a valid value for the argument, and then try running the command again.

If the folder specified in -OutputPath doesn't exist prior to running Start-DSCEAscan, the scan will run and will fail when attempting to save the output, losing all of your data.

The CmdLet should gracefully check for the existence of the folder before starting any scans, or perhaps go ahead and create one if it doesn't already exist.

`PS C:\Users\user\Desktop> Start-DSCEAscan -MofFile .\localhost.mof -ComputerName COMPUTER -OutputPath .\DSCEA -Verbose
VERBOSE: DSCEA Scan has started
VERBOSE: Connectivity testing complete
VERBOSE: Initiating DSCEA scan on COMPUTER
VERBOSE: Processing Compliance Testing...
VERBOSE: Total Scan Time: 00:23:55
Export-Clixml : Could not find a part of the path 'C:\Users\user\Desktop\DSCEA\results.20190618-1508-48.xml'.
At C:\Program Files\WindowsPowerShell\Modules\DSCEA\1.2.0.0\Functions\Start-DSCEAscan.ps1:383 char:16

• ... $results | Export-Clixml -Path (Join-Path -Path $OutputPath -Child ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OpenError: (:) [Export-Clixml], DirectoryNotFoundException
  • FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.ExportClixmlCommand`

Right now Start-DSCEAScan -C tab-complete's to computerfile which is not a standard/expected option

Many things expected a C:\Program Files\DSCEA folder, defaults should make more sense (current directory, subdirectories)

Problem: A detailed report only contains Noncompliant settings. If the report is empty you expect all servers to be compliant. But if your scan failed for some reason and you automated the process you will not now weather you are compliant or your scan has errors.

Solution: Include the state of the input file in the report. If the XML is empty or has bad data.

When running with CIMSession the credentials are not passed to the PSSession which is used to copy the modules.
The line below doesn't get the credentials so it attempts using the current users credential.
https://github.com/Microsoft/DSCEA/blob/92401ff974b7934448aa9abd392064ec44043f65/functions/Start-DSCEAscan.ps1#L178

not able to use the attached .mof file to start DSCEA scan with the following cmlet:

PS C:\temp> Start-DSCEAscan -MofFile "C:\temp\Output\localhost.mof" -ComputerName localhost
WARNING: PowerShell DSC resource MSFT_RegistryPolicyFile failed to execute Test-TargetResource functionality with
error message: Cannot bind argument to parameter 'ValueName' because it is an empty string.

Test-TargetResource doesnt accept empty strings for 'ValueName' but my .mof file is correct.

localhost.mof.txt

can anyone help please?

Currently this item contains the following:

FunctionsToExport = ('Get-DscEaPowerBiReport','Get-DscEaReport','New-DscEaSampleComputers','New-DscEaSampleConfigs','Start-DscEaScan')

This will need to be updated once Get-DscEaPowerBiReport is retired and Convert-DSCEAresultsToCSV will need to be added

'New-DscEaSampleComputers','New-DscEaSampleConfigs' need to be removed

Insert-DscEaCSVtoSQL needs to be added

Hi,

first thanks for this great module.

Each node in my environment has a separate mof file.

Start-DSCEAscan -ComputerName node1 -OutputPath "$OutputPath" -MofFile "node1.mof"
Start-DSCEAscan -ComputerName node2 -OutputPath "$OutputPath" -MofFile "node2.mof"
So this produces me a XML file for each node.

I would like to know if it is somehow possible to create a detailed or compliance report from a collection of xml files?

So that I have one HTML of the compliance of all servers?

Thanks

Output will be stored in either current directory or a temp folder, the only use for the output folder will be 'resources', since that's where the logo file for the reports is obtained from

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

Right now doc updates go to the dev branch, but that can slow getting the docs updated if there is other code related items in the dev branch, as we might not want to pull that code into master yet, but we do want to update the docs.

Adding this as an issue so we remember to create a new dev-docs branch after our next commit of dev to master so that we can be more agile on docs updates

Once Start-DSCEAscan begins it runs through the scan and then gives the following error message

WARNING: The term 'Copy-DSCResource' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

I'm not sure why I am receiving this error message. Copy-DscResource is one of the functions.

I get this error when I have several hosts.
Start-DSCEAscan -MofFile C:\w10localhost.mof -InputFile C:\output.txt -Force -OutputPath \server\test\

It works for up to 200 hosts in output.txt and then after that I started to see these errors.
Receive-Job : Cannot bind argument to parameter 'Job' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\DSCEA\1.2.0.0\Functions\Start-DSCEAscan.ps1:322 char:37

•     $psjobresults = Receive-Job $psresults
  

•                                 ~~~~~~~~~~
  

  • CategoryInfo : InvalidData: (:) [Receive-Job], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ReceiveJobCommand

Attempted to divide by zero.
At C:\Program Files\WindowsPowerShell\Modules\DSCEA\1.2.0.0\Functions\Start-DSCEAscan.ps1:364 char:9

•     Write-Progress -activity "Working..." -PercentComplete (($job ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], RuntimeException
  • FullyQualifiedErrorId : RuntimeException

Example: function Start-DSCEAScan
Start-DscEaScan.ps1

Review casing of all functions as well and discuss readability

Lets discuss if it makes sense to rename the resources folder. I was looking at its name in the folder structure, and given that this is a module related to DSC my mind immediately thinks about DSC resources, which we are not putting into this folder.

Adding this for discussion, it looks like the PS Version check timeout is currently hardcoded to 120 seconds

$psresults = Invoke-Command -ComputerName $firstrunlist -ErrorAction SilentlyContinue -AsJob -ScriptBlock {
$PSVersionTable.PSVersion
} | Wait-Job -Timeout 120
$psjobresults = Receive-Job $psresults

This looks like a great addition to DSC Tooling, however I have some concerns. Judging by the examples it looks like DSCEA assumes all servers share the same MOF file and they only have one MOF.

In our environment we have on average 11 MOF files (partial configurations), 19 in some cases, per server. On top of that, each MOF file is unique per server. Are there any plans to support this type of DSC usage or should we be creating some tooling around the tooling to generate reports?

Start-DSCEAScan -Force shouldn't expect a boolean value, it should be [switch]

Review and decide if new function name is desired

Update this function with an external call to Get-Date instead of using StartDate, this is needed for things like OMS where we look to pull in just the most recent scan in a dashboard. Review external PowerShell version check script for example.