Skip to content

[BUG] lgpo.set errors on Windows Server 2025 #67938

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
7 tasks
evenyougreg opened this issue Apr 2, 2025 · 0 comments
Open
7 tasks

[BUG] lgpo.set errors on Windows Server 2025 #67938

evenyougreg opened this issue Apr 2, 2025 · 0 comments
Assignees
@twangboy
Labels
Bug broken, incorrect, or confusing behavior lgpo Windows
Milestone
Sulfur v3006.11

Comments

@evenyougreg
Copy link

Description

I am using lgpo.set inside a Salt state to set lgpo CIS benchmark that I have regularly used on previous version of Windows Server, but on Windows Server 2025 I am getting errors.

Setup

Salt state:

turnoff_llmnr:
  lgpo.set:
    - computer_policy:
        "Turn off multicast name resolution": 'Enabled'

Please be as specific as possible and give set-up details.

  • [ YES] on-prem machine
  • [ AHV] VM (Virtualbox, KVM, etc. please specify)
  • VM running on a cloud service, please be explicit and add details
  • container (Kubernetes, Docker, containerd, etc. please specify)
  • or a combination, please be explicit
  • jails if it is FreeBSD
  • classic packaging
  • onedir packaging
  • used bootstrap to install

Steps to Reproduce the behavior

Expected behavior

----------
          ID: turnoff_llmnr
    Function: lgpo.set
      Result: True
     Comment: The following policies changed:
              Turn off multicast name resolution
     Started: 14:00:22.494685
    Duration: 7749.807 ms
     Changes:
              ----------
              new:
                  ----------
                  Computer Configuration:
                      ----------
                      Turn off multicast name resolution:
                          Enabled
              old:
                  ----------
                  Computer Configuration:
                      ----------
                      Turn off multicast name resolution:
                          Not Configured

Return:

----------
          ID: turnoff_llmnr
    Function: lgpo.set
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "C:\Salt\bin\Lib\site-packages\salt\modules\win_lgpo.py", line 5090, in _parse_xml
                  xml_tree = lxml.etree.parse(out_file, parser=parser)
                File "src\lxml\etree.pyx", line 3538, in lxml.etree.parse
                File "src\lxml\parser.pxi", line 1876, in lxml.etree._parseDocument
                File "src\lxml\parser.pxi", line 1902, in lxml.etree._parseDocumentFromURL
                File "src\lxml\parser.pxi", line 1805, in lxml.etree._parseDocFromFile
                File "src\lxml\parser.pxi", line 1177, in lxml.etree._BaseParser._parseDocFromFile
                File "src\lxml\parser.pxi", line 615, in lxml.etree._ParserContext._handleParseResultDoc
                File "src\lxml\parser.pxi", line 725, in lxml.etree._handleParseResult
                File "src\lxml\parser.pxi", line 654, in lxml.etree._raiseParseError
                File "file:/c:/Salt/var/cache/salt/minion/lgpo/policy_defs/WindowsDefender-D0DE2CD.adml", line 1
              lxml.etree.XMLSyntaxError: xmlns: 'http://schemas.microsoft.com/GroupPolicy/2006/07/Policysecurity intelligence' is not a valid URI, line 1, column 246

              During handling of the above exception, another exception occurred:

              Traceback (most recent call last):
                File "c:\Salt\bin\lib\site-packages\salt\state.py", line 2276, in call
                  ret = self.states[cdata["full"]](
                File "c:\Salt\bin\lib\site-packages\salt\loader\lazy.py", line 149, in __call__
                  return self.loader.run(run_func, *args, **kwargs)
                File "c:\Salt\bin\lib\site-packages\salt\loader\lazy.py", line 1228, in run
                  return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
                File "c:\Salt\bin\lib\site-packages\salt\loader\lazy.py", line 1243, in _run_as
                  return _func_or_method(*args, **kwargs)
                File "c:\Salt\bin\lib\site-packages\salt\loader\lazy.py", line 1276, in wrapper
                  return f(*args, **kwargs)
                File "C:\Salt\bin\Lib\site-packages\salt\states\win_lgpo.py", line 394, in set_
                  lookup = __salt__["lgpo.get_policy_info"](
                File "c:\Salt\bin\lib\site-packages\salt\loader\lazy.py", line 149, in __call__
                  return self.loader.run(run_func, *args, **kwargs)
                File "c:\Salt\bin\lib\site-packages\salt\loader\lazy.py", line 1228, in run
                  return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
                File "c:\Salt\bin\lib\site-packages\salt\loader\lazy.py", line 1243, in _run_as
                  return _func_or_method(*args, **kwargs)
                File "C:\Salt\bin\Lib\site-packages\salt\modules\win_lgpo.py", line 8845, in get_policy_info
                  success, policy_xml_item, policy_name_list, message = _lookup_admin_template(
                File "C:\Salt\bin\Lib\site-packages\salt\modules\win_lgpo.py", line 8404, in _lookup_admin_template
                  admx_policy_definitions = _get_policy_definitions(language=adml_language)
                File "C:\Salt\bin\Lib\site-packages\salt\modules\win_lgpo.py", line 5273, in _get_policy_definitions
                  _load_policy_definitions(path=path, language=language)
                File "C:\Salt\bin\Lib\site-packages\salt\modules\win_lgpo.py", line 5247, in _load_policy_definitions
                  xml_tree = _parse_xml(adml_file)
                File "C:\Salt\bin\Lib\site-packages\salt\modules\win_lgpo.py", line 5094, in _parse_xml
                  xml_tree = _remove_unicode_encoding(out_file)
                File "C:\Salt\bin\Lib\site-packages\salt\modules\win_lgpo.py", line 5000, in _remove_unicode_encoding
                  r' encoding=[\'"]+unicode[\'"]+', "", xml_content.decode("utf-16"), count=1
              UnicodeDecodeError: 'utf-16-le' codec can't decode byte 0x0a in position 134714: truncated data
     Started: 14:19:22.110889
    Duration: 704.831 ms
     Changes:

Screenshots
If applicable, add screenshots to help explain your problem.

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) 
Master:
Salt Version:
          Salt: 3006.9

Python Version:
        Python: 3.10.14 (main, Jun 26 2024, 11:44:37) [GCC 11.2.0]

Dependency Versions:
          cffi: 1.17.1
      cherrypy: 18.6.1
  cryptography: 42.0.5
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.4
       libgit2: 1.3.0
  looseversion: 1.0.2
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 22.0
     pycparser: 2.22
      pycrypto: Not Installed
  pycryptodome: 3.19.1
        pygit2: 1.7.0
  python-gnupg: 0.4.8
        PyYAML: 6.0.1
         PyZMQ: 23.2.0
        relenv: 0.17.0
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist: rhel 8.10 Ootpa
        locale: utf-8
       machine: x86_64
       release: 4.18.0-553.36.1.el8_10.x86_64
        system: Linux
       version: Red Hat Enterprise Linux 8.10 Ootpa

Minion:
    Salt Version:
              Salt: 3005.4

    Dependency Versions:
              cffi: 1.14.6
          cherrypy: 18.6.1
          dateutil: 2.8.1
         docker-py: Not Installed
             gitdb: 4.0.7
         gitpython: Not Installed
            Jinja2: 3.1.0
           libgit2: Not Installed
          M2Crypto: Not Installed
              Mako: 1.1.4
           msgpack: 1.0.2
      msgpack-pure: Not Installed
      mysql-python: Not Installed
         pycparser: 2.21
          pycrypto: Not Installed
      pycryptodome: 3.10.1
            pygit2: Not Installed
            Python: 3.8.18 (tags/v3.8.18:a56dcae, Oct 17 2023, 10:00:57) [MSC v.1929 64 bit (AMD64)]
      python-gnupg: 0.4.8
            PyYAML: 6.0.1
             PyZMQ: 22.0.3
             smmap: 4.0.0
           timelib: 0.2.4
           Tornado: 4.5.3
               ZMQ: 4.3.4

    System Versions:
              dist:
            locale: cp1252
           machine: AMD64
           release: 2025Server
            system: Windows
           version: 2025Server 10.0.26100 SP0 Multiprocessor Free

    c:\Salt\bin\lib\site-packages\_distutils_hack\__init__.py:33: UserWarning: Setuptools is replacing distutils.
      warnings.warn("Setuptools is replacing distutils.")

Additional context

Many of the benchmarks I attempt to set are behaving this way and have the same errors.
@evenyougreg evenyougreg added Bug broken, incorrect, or confusing behavior needs-triage labels Apr 2, 2025
@twangboy twangboy self-assigned this Apr 3, 2025
@twangboy twangboy added this to the Sulfur v3006.11 milestone Apr 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@twangboy twangboy

Labels
Bug broken, incorrect, or confusing behavior lgpo Windows
Projects
None yet
Milestone
Sulfur v3006.11
Development

No branches or pull requests
2 participants
@twangboy @evenyougreg