IisFeatureDelegation wipes out config

[martospy]

Problem description

I am trying to use IisFeatureDelegation to override security so I can write set new log paths. When I do this however it wipes out the config lines in the applicationHost file and rewrites new stanzas to the bottom that IIS doesn't know what to do with. I have to restore from backup when this happens. Adding the stanzas to the Verbose Logs.

If I try and use 'IIS:\Sites\Default Web Site' instead of 'MACHINE/WEBROOT/APPHOST' it does not work. This is on Server 2022.

Verbose logs

<sites>
            <site name="Default Web Site" id="1">
                <application path="/">
                    <virtualDirectory path="/" physicalPath="D:\inetpub\wwwroot" />
                </application>
                <application path="/MSMQ" applicationPool="DefaultAppPool">
                    <virtualDirectory path="/" physicalPath="D:\inetpub\wwwroot\msmq" />
                </application>
                <bindings>
                    <binding protocol="http" bindingInformation="*:80:" />
                </bindings>
                    <logFile />
                    <traceFailedRequestsLogging />
                    <ftpServer>
                        <sessions />
                        <connections />
                        <security>
                            <dataChannelSecurity />
                            <commandFiltering />
                            <ssl />
                            <sslClientCertificates />
                            <authentication>
                                <anonymousAuthentication />
                                <basicAuthentication />
                                <clientCertAuthentication />
                                <customAuthentication>
                                    <providers />
                                </customAuthentication>
                            </authentication>
                            <customAuthorization>
                                <provider />
                            </customAuthorization>
                        </security>
                        <customFeatures>
                            <providers />
                        </customFeatures>
                        <messages />
                        <fileHandling />
                        <firewallSupport />
                        <userIsolation>
                            <activeDirectory />
                        </userIsolation>
                        <directoryBrowse />
                        <logFile />
                    </ftpServer>
            </site>
            <siteDefaults>
                <logFile logFormat="W3C" directory="%SystemDrive%\inetpub\logs\LogFiles" />
                <traceFailedRequestsLogging directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles" />
            </siteDefaults>
            <applicationDefaults applicationPool="DefaultAppPool" />
            <virtualDirectoryDefaults allowSubDirConfig="true" />
        </sites>

DSC configuration

IisFeatureDelegation applicationHostsitesUnlock
        {
            Filter       = '/system.applicationHost/sites'
            OverrideMode = 'Allow'
            Path         = 'MACHINE/WEBROOT/APPHOST'
        }

        IisFeatureDelegation applicationHostlogUnlock
        {
            Filter       = '/system.applicationHost/log'
            OverrideMode = 'Allow'
            Path         = 'MACHINE/WEBROOT/APPHOST'
        }

        IisFeatureDelegation ftpServerUnlock
        {
            Filter       = '/system.ftpServer/log'
            OverrideMode = 'Allow'
            Path         = 'MACHINE/WEBROOT/APPHOST'
        }

Suggested solution

No idea

Operating system the target node is running

Server 2022 Standard

PowerShell version and build the target node is running

Powershell 5.1

WebAdministrationDsc version

4.1.0

[johlju]

Looks like we need better integration tests for this resource. If someone can provide a fix for this I will happily review.