You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Details of the scenario you tried and the problem that is occurring
I have a single certificate that needs to be provided to two service account users. The Key fields on Location, Store, and Thumbprint flag the second import as a duplicate, but notice that the PsDscRunAsCredential is different. This is because I'm running the import as the service user and installing the cert to the CurrentUser\My store.
Verbose logs showing the problem
Identifying details changed:
Test-ConflictingResources : A conflict was detected between resources '[PfxImport]MyDomain\ServiceAccount1_Cert (C:\MyDscScript.ps1::556::13::PfxImport)' and
'[PfxImport]MyDomain\ServiceAccount2_Cert (C:\MyDscScript::568::13::PfxImport)' in
node 'Node1'. Resources have identical key properties but there are differences in the following non-key properties: 'PsDscRunAsCredential'. Values
'System.Management.Automation.PSCredential' don't match values 'System.Management.Automation.PSCredential'. Please update these property values so that they are identical
in both cases.
At line:289 char:9
Unfortunately, this is a behavior of the DSC LCM. As you point out the PsDscRunAsCredential is not considered part of the key for the resource, so applying the resource twice with only the PsDscRunAsCredential differing is going to fail compilation.
There isn't an easy way around this issue, but there are possibilities:
Import the certificate to the LM store - which will make it available to both accounts. But that may not meet your security requirements.
Modify the resource to accept another credential parameter (similar to what we do with CertReq resource) that uses PDT to execute the import command under another user context. This would require making the new Credential a key value as well - which would be a breaking change and would have a wider impact.
@gaelcolas - not sure if you know any workaround to this? I've not seen anything that can address this.
Details of the scenario you tried and the problem that is occurring
I have a single certificate that needs to be provided to two service account users. The Key fields on Location, Store, and Thumbprint flag the second import as a duplicate, but notice that the PsDscRunAsCredential is different. This is because I'm running the import as the service user and installing the cert to the CurrentUser\My store.
Verbose logs showing the problem
Identifying details changed:
Test-ConflictingResources : A conflict was detected between resources '[PfxImport]MyDomain\ServiceAccount1_Cert (C:\MyDscScript.ps1::556::13::PfxImport)' and
'[PfxImport]MyDomain\ServiceAccount2_Cert (C:\MyDscScript::568::13::PfxImport)' in
node 'Node1'. Resources have identical key properties but there are differences in the following non-key properties: 'PsDscRunAsCredential'. Values
'System.Management.Automation.PSCredential' don't match values 'System.Management.Automation.PSCredential'. Please update these property values so that they are identical
in both cases.
At line:289 char:9
Suggested solution to the issue
Maybe add the Path as a Key to allow two copies of the same file to be imported?
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
Version and build of PowerShell the target node is running
Version of the DSC module that was used ('dev' if using current dev branch)
5.1.0
The text was updated successfully, but these errors were encountered: