Updating code in custom resource not applying

(TL;DR) when I change something in my custom resource and push a configuration, it appears that the changes aren’t being read or applied

I feel like I’m missing something really basic here, but I’ve been banging my head on it for a couple of days here and I’m starting to bruise. Basically I’m working to create a custom resource to mess around with some registry permissions. My citrix admin had a need and it was a good chance for me to play around. So I create my resource using the latest version of the resource designer and these commands:

$propKey = New-xDscResourceProperty -name Key -type String -Attribute Key
$propIdentity = New-xDscResourceProperty -name identity -type String -Attribute Key
$propAccessRight = New-xDscResourceProperty -name AccessRight -type String -Attribute Key -ValidateSet `
"QueryValues","SetValue","CreateSubKey","EnumerateSubKeys","Notify","CreateLink","ExecuteKey","ReadKey","WriteKey","Delete","ReadPermissions","ChangePermissions","TakeOwnership","FullControl"
$propControlType = New-xDscResourceProperty -name ControlType -type String -Attribute Key -ValidateSet "Allow","Deny"
$propEnsure = New-xDscResourceProperty -name Ensure -type String -Attribute Write -ValidateSet "Present","Absent"

New-xDscResource -name EPD_RegistryPermission -Property $propKey, $propIdentity, $propAccessRight, $propControlType, $propEnsure -path c:\Scripts\EPD_CustomResources

New-ModuleManifest -path c:\scripts\EPD_CustomResources\EPD_CustomResources.psd1 -RootModule EPD_CustomResources 

That gives me my folder structure, so far so good. I fill it with my code, move it to my test server and execute it with this:

Configuration Test {

    Import-DscResource -moduleName EPD_CustomResources

    Node localhost {
        EPD_RegistryPermission FullControl {
            Ensure='Present'
            Key='HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Test'
            AccessRight="FullControl"
            ControlType="Deny"
            Identity="Administrators"
        }

    }
}
Test -outputPath c:\dsc\test
Start-DscConfiguration -wait -ComputerName localhost -path c:\dsc\test -Verbose -Force

That creates my mof and starts it up. Test runs through ok but I get an error in the Set stage:

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguratio
n'.
VERBOSE: An LCM method call arrived from computer PDADUTL01CORP with user sid S-1-5-21-1327060583-1562144247-1555438652-123710.
VERBOSE: [PDADUTL01CORP]: LCM:  [ Start  Set      ]
VERBOSE: [PDADUTL01CORP]: LCM:  [ Start  Resource ]  [[EPD_RegistryPermission]FullControl]
VERBOSE: [PDADUTL01CORP]: LCM:  [ Start  Test     ]  [[EPD_RegistryPermission]FullControl]
VERBOSE: [PDADUTL01CORP]: LCM:  [ End    Test     ]  [[EPD_RegistryPermission]FullControl]  in 0.0160 seconds.
VERBOSE: [PDADUTL01CORP]: LCM:  [ Start  Set      ]  [[EPD_RegistryPermission]FullControl]
Cannot set the ACL because the method that it needs to invoke, SetSecurityDescriptor, does not exist.
    + CategoryInfo          : NotImplemented: (:) [], CimException
    + FullyQualifiedErrorId : SetAcl_OperationNotSupported,Microsoft.PowerShell.Commands.SetAclCommand
    + PSComputerName        : localhost
 
VERBOSE: [PDADUTL01CORP]: LCM:  [ End    Set      ]  [[EPD_RegistryPermission]FullControl]  in 0.0160 seconds.
The PowerShell provider EPD_RegistryPermission threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called 
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost
 
VERBOSE: [PDADUTL01CORP]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost
 
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.117 seconds

Looks like it doesn’t like me using set-acl on a registry key. No problem I’ll try something else. But here’s where the problem comes in. No matter what I change, I get the exact same error. I’ve even thrown in a bunch of “write-verbose “****************” just to see that in the output, and it doesn’t appear. I should just be able to update the code in my psm1 file and be good right? What am I missing?

In my experience all I have needed to do is update my code in the .psm1 file and that’s it. Of course though I should mention that on several occasions I have seen screwy and weird things happen with DSC that the only way I could get it to stop was to reboot the machine I was working, so I would try that if you haven’t already. You can also make sure that there aren’t any existing WMI processes running (this was suggested as a possible fix by Steve Murawski for an issue I was having with my Custom Resource), it’s possible that something is hung up in the background.

If you copy the Module (with your changes) to a different server and try the same thing, what happens?

It ran great on a different machine, so I tried whacking all my WMI processes. Sure enough, that did it! thanks for the tip!

Nice, glad it worked!

All,

Microsoft introduced a DebugMode feature with the preview of WMF v5 to help with the DSC resource development. Check out below article on the official PowerShell team blog:

http://blogs.msdn.com/b/powershell/archive/2014/04/22/debug-mode-in-desired-state-configuration.aspx

very cool. So it wasn’t a bug but a “feature”.