[Bug]: -InstallationUserCredential mixed up in New-LabPSSession

[Mr-Kappelmann]

Description

I will use for every machine a different local/Administrator Account password

$env:AUTOMATEDLAB_TELEMETRY_OPTIN = 'false'
Import-Module AutomatedLab
Import-Module Microsoft.WSMan.Management
Import-Module Microsoft.PowerShell.Archive
Import-Module Microsoft.PowerShell.Management
Import-Module Microsoft.PowerShell.Security
Get-Command ConvertFrom-String | Out-Null
Import-Module Storage
Import-Module NetConnection
Import-Module NetTCPIP
Import-Module NetAdapter
Import-Module PKI -SkipEditionCheck 
Import-Module Hyper-V
$PSModuleAutoloadingPreference = "None"
#PowerShell Autoload-Function load VMware.PowerCLI instead Hyper-V; Get-Command Get-Cluster overwrite Get-VM
#I have no idea to prevent to autoload VMware.PowerCLI

$domainName = "Test.Domain"
$labName = "neu"
$InstallAdmin = "tier0_breakglass"
$InstallAdminPW = "DomainPasswort123"
$IP_Subnet = "172.22.69"

$vmDrive = 'D:' 
$labSource = Join-Path -Path $vmDrive -ChildPath 'LabSources'
New-LabSourcesFolder -DriveLetter $vmDrive
$labRootPath = Join-Path -Path $vmDrive -ChildPath "AutomatedLabor" 
$VmPath = Join-Path -Path $labRootPath -ChildPath "VMs" -AdditionalChildPath $labName

Set-PSFConfig -Module 'AutomatedLab' -Name 'LabAppDataRoot' -Value $labRootPath
Set-PSFConfig -Module 'AutomatedLab' -Name 'SkipSysInternals' -Value $True

New-LabDefinition -VmPath $VmPath -Name $labName -DefaultVirtualizationEngine HyperV 
Add-LabVirtualNetworkDefinition -Name $labname -AddressSpace "$IP_Subnet.0/25"
$PSDefaultParameterValues['Add-LabMachineDefinition:DomainName'] = $domainName
Add-LabDomainDefinition -Name $domainName -AdminUser $InstallAdmin -AdminPassword $InstallAdminPW 

$PSCredential = New-Object PSCredential "$InstallAdmin", ("$InstallAdminPW" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "DC"    -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.10"       -Roles RootDC

$PSCredential = New-Object PSCredential "Administrator", ("SDClocalPW123" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "SDC"   -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.11"       -Roles DC

#
#Other "Problem"; Slow "Starting remaining machines" and "Waiting for machines to start up..."
#with lot of VMs in the configuration
#
$PSCredential = New-Object PSCredential "Administrator", ("PC21localePW" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "PC21"   -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.21"

$PSCredential = New-Object PSCredential "Administrator", ("PC22localePW" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "PC22"   -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.22"

$PSCredential = New-Object PSCredential "Administrator", ("PC23localePW" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "PC23"   -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.23"

$PSCredential = New-Object PSCredential "Administrator", ("PC24localePW" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "PC24"   -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.24"

$PSCredential = New-Object PSCredential "Administrator", ("PC25localePW" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "PC25"   -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.25"

$PSCredential = New-Object PSCredential "Administrator", ("PC26localePW" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "PC26"   -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.26"

$PSCredential = New-Object PSCredential "Administrator", ("PC27localePW" | ConvertTo-SecureString -asplaintext -Force)
Add-LabMachineDefinition -Name "PC27"   -InstallationUserCredential $PSCredential -IpAddress "$IP_Subnet.27"

Install-Lab -Verbose

You see, thats is right, I think:
New-LabPSSession Entering... UseLocalCredential=True

later than a mix from local and domain Account:
Creating a new PSSession... UserName='$domainName\Administrator'

I think, they must use UserName='$ComputerName\Administrator' #SDC\Administrator

New-LabPSSession Entering... (ComputerName=SDC,DoNotUseCredSsp=<null>,UseLocalCredential=True,Credential=<null>,IgnoreAzureLabSources=<null>)
VERBOSE: [16:04:20][Write-LogFunctionEntry] Get-LabVM Entering... (ComputerName=SDC,IncludeLinux=True)
VERBOSE: [16:04:20][New-LabPSSession] Connecting to machine 'SDC' using the IP address '172.21.69.11'
VERBOSE: [16:04:20][New-LabPSSession] Creating a new PSSession to machine '172.21.69.11:5985' (UserName='$domainName\Administrator', Password='SDCsicheresPW123', DoNotUseCredSsp='False')

In the VerboseLog, I see that during "Installation" the UseLocalCredential= toggle between True and , that are interpreted as False. They generate New-LabPSSession: Access denied errors

Steps to reproduce the issue

see in description

PowerShell Version

Name                           Value
----                           -----
PSVersion                      7.4.1
PSEdition                      Core
GitCommitId                    7.4.1
OS                             Microsoft Windows 10.0.20348
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

AutomatedLab Version

Name                      Version
----                      -------
AutomatedLab              5.48.0
AutomatedLab.Common       2.3.17
AutomatedLabDefinition    5.48.0
AutomatedLabNotifications 5.48.0
AutomatedLabTest          5.48.0
AutomatedLabUnattended    5.48.0
AutomatedLabWorker        5.48.0

[Mr-Kappelmann]

I think, in my Case, there is a mistake:

In AutomatedLab/LabXml/Machines/Machine.cs
Line 449:
userName = string.Format(@"{0}{1}", domainName, installationUser.UserName);

In my Case, there are put the DOMAIN @ MachineLocalInstallationUser together...
This is '$domainName\Administrator' --> Result in Access denied.

They must like DOMAIN @ DOMAINInstallationUser
like: '$domainName\$InstallAdmin'

[raandree]

@Mr-Kappelmann, can you post the full deployment script here, please?

[Mr-Kappelmann]

what do you need in detail?
My Script is a few hundred lines long.

[raandree]

The problem needs to be somehow isolated and reproducible for us to work on it. AFAIK this is the first we've heard of it, and without a concrete error scenario there's little we can do.

Can you please reduce the script to the essentials?

[Mr-Kappelmann]

Ah okay, I understand.
I will try to reduce to a little reproduceable script...

[Mr-Kappelmann]

I have updated the first Post. There are a little script. that reproduce my problem with swtching Accounts in New-LabPSSession, so that ended in: New-LabPSSession: [172.22.69.11] Connecting to remote server 172.22.69.11 failed with the following error message : Access is denied

[raandree]

Ok, I see the error. I will look into this the next couple of days.

[Mr-Kappelmann]

That sounds good news for me...
Than I have no big basics understanding-issue of AutomatedLab

Have you a tip/better workaround for that:
#PowerShell Autoload-Function load VMware.PowerCLI instead Hyper-V; Get-Command Get-Cluster overwrite Get-VM
#I have no idea to prevent to autoload VMware.PowerCLI

I see a problem like that in the WindowsNT "AutoLogon"... mixed up with local & domain
I have no idea, what is the correct way or routine, to define the correct AutoLogon-Data...

In AutomatedLabWorkerVirtualMachines.psm1 near line 205

if ($Machine.IsDomainJoined -eq $true -and -not ($Machine.Roles.Name -contains 'RootDC' -or $Machine.Roles.Name -contains 'FirstChildDC' -or $Machine.Roles.Name -contains 'DC'))
    {
		#AutomatedLabWorkerVirtualMachines.psm1
		#Bug: When used different Add-LabMachineDefinition -InstallationUserCredential, they are not created in the domain, AutoLogon will not work. They should be use the local Account or the domainaccount
		
		#ORIGINAL
		#Set-UnattendedAutoLogon -DomainName $Machine.DomainName -Username $Machine.InstallationUser.Username -Password $Machine.InstallationUser.Password
		
        	#Bugfix Choose: Use Domain Account, same as where $Machine.DomainName
        	#$domain = $lab.Domains | Where-Object Name -eq $Machine.DomainName
		#Set-UnattendedAutoLogon -DomainName $Machine.DomainName -Username $domain.Administrator.UserName -Password $domain.Administrator.Password
		
		#Bugfix Choose: Use Local Account, same as where $Machine.InstallationUser defined
		#Set-UnattendedAutoLogon -DomainName $Machine.Name -Username $Machine.InstallationUser.Username -Password $Machine.InstallationUser.Password
    }