Skip to content

Windows Server 2022 - "Cannot find an appropriate constructor for type System.Security.Principal.NTAccount" #1360

New issue
New issue
Open
Open
Windows Server 2022 - "Cannot find an appropriate constructor for type System.Security.Principal.NTAccount"#1360
Assignees
erjenkin
Labels
bugSomething isn't working
Milestone
 
4.25.0
@Wheels387

Description

@Wheels387
Wheels387
opened on Jun 17, 2024

Describe the bug
Attempting to run "Test-DSCConfiguration -ComputerName "localhost" -ReferenceConfiguration ".\localhost.mof" fails with the following errors:

Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : System.Management.Automation.MethodInvocationException,Resolve-Identity
    + PSComputerName        : localhost

A constructor was not found. Cannot find an appropriate constructor for type System.Security.Principal.NTAccount.
    + CategoryInfo          : ObjectNotFound: (:) [], CimException
    + FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand
    + PSComputerName        : localhost

The PowerShell DSC resource '[RegistryAccessEntry][V-254254.c][medium][SRG-OS-000324-GPOS-00125]::[WindowsServer]BaseLine'
with SourceInfo 'C:\Program Files\WindowsPowerShell\Modules\PowerSTIG\4.22.0\DSCResources\Resources\windows.AccessControl.p
s1::15::13::RegistryAccessEntry' threw one or more non-terminating errors while running the Test-TargetResource
functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel
for more details.
    + CategoryInfo          : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

To Reproduce

  1. Install Windows Server 2022 Standard - Desktop Experience
  2. Download / Install PowerShell 7.4.x LTS
  3. Download / Install Terminal
  4. Perform Windows Updates
  5. Open Windows PowerShell as Admin (NOT PowerShell 7.4.x)
  6. Run commands:
Install-Module PowerStig -Scope CurrentUser
winrm quickconfig
Set-NetConnectionProfile -InterfaceAlias 'Ethernet' -NetworkCategory Private
Set-Item -Path WSMan:\localhost\MaxEnvelopeSizeKb -Value 8192
$(Get-Module PowerStig -ListAvailable).RequiredModules | % { $PSITEM | Install-Module -Force }

NOTE: Issue occurs with or without running the final command to install the modules. Unsure if that's just supposed to be executed on remote machines when you're running this from another machine. Seems like the error message I'm seeing is coming from the submodules inside of the PowerStig module.

  1. Close Windows PowerShell
  2. Create C:\temp\conf.ps1 with contents:
configuration Example
{
    param
    (
        [parameter()]
        [string]
        $NodeName = 'localhost'
    )

    Import-DscResource -ModuleName PowerStig

    Node $NodeName
    {
        WindowsServer BaseLine
        {
            OsVersion   = '2022'
            OsRole      = 'MS'
            DomainName  = 'sample.test'
            ForestName  = 'sample.test'
        }
    }
}

Example

NOTE: Found contradictory instructions for Domain Name, Forest Name values. Have tried with those omitted and set to sample.test. Issue happens in both cases.

  1. Open Windows PowerShell as Admin
  2. Run commands:
    . C:\temp\conf.ps1
    Test-DscConfiguration -ComputerName 'localhost' -ReferenceConfiguration <localhost.mof from previous command>

Expected behavior
Return from command indicating most settings are not in compliance.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions