Hi Guys, I am trying to build DSC on server core with code:
$ConfigData=@{
# Node specific data
AllNodes = @(
# All Servers need following identical information
@{
NodeName = '*'
# PSDscAllowPlainTextPassword = $true;
# PSDscAllowDomainUser = $true
},
# Unique Data for each Role
@{
NodeName = 'labdscpscore01'
Role = @('Web', 'PullServer')
PullServerEndPointName = 'PSDSCPullServer'
PullserverPort = 8080 #< - ask me why I use this port
PullserverPhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
PullserverModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
PullServerConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
PullServerThumbPrint = Invoke-Command -Computername 'localhost' {Get-Childitem Cert:\LocalMachine\My | Where-Object {$_.FriendlyName -like "*dscps*"} | Select-Object -ExpandProperty ThumbPrint}
ComplianceServerEndPointName = 'PSDSCComplianceServer'
ComplianceServerPort = 9080
ComplianceServerPhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
ComplianceServerThumbPrint = 'AllowUnencryptedTraffic'
}
);
}
Configuration WebNodes
{
# Import the module that defines custom resources
Import-DscResource -Module PSDesiredStateConfiguration, xPSDesiredStateConfiguration, xWebAdministration
# Dynamically find the applicable nodes from configuration data
Node $AllNodes.where{$_.Role -eq 'Web'}.NodeName {
# Install the IIS role
WindowsFeature IIS {
Ensure = "Present"
Name = "Web-Server"
}
# Make sure the following defaults cannot be removed:
WindowsFeature DefaultDoc {
Ensure = "Present"
Name = "Web-Default-Doc"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature HTTPErrors {
Ensure = "Present"
Name = "Web-HTTP-Errors"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature HTTPLogging {
Ensure = "Present"
Name = "Web-HTTP-Logging"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature StaticContent {
Ensure = "Present"
Name = "Web-Static-Content"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature RequestFiltering {
Ensure = "Present"
Name = "Web-Filtering"
DependsOn = '[WindowsFeature]IIS'
}
# Install additional IIS components to support the Web Application
WindowsFeature NetExtens4 {
Ensure = "Present"
Name = "Web-Net-Ext45"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature AspNet45 {
Ensure = "Present"
Name = "Web-Asp-Net45"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature ISAPIExt {
Ensure = "Present"
Name = "Web-ISAPI-Ext"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature ISAPIFilter {
Ensure = "Present"
Name = "Web-ISAPI-filter"
DependsOn = '[WindowsFeature]IIS'
}
# I don't want these defaults for Web-Server to ever be enabled:
WindowsFeature DirectoryBrowsing {
Ensure = "Absent"
Name = "Web-Dir-Browsing"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature StaticCompression {
Ensure = "Absent"
Name = "Web-Stat-Compression"
DependsOn = '[WindowsFeature]IIS'
}
# I don't want these Additional settings for Web-Server to ever be enabled:
# This list is shortened for demo purposes. I include eveything that should not be installed
WindowsFeature ASP {
Ensure = "Absent"
Name = "Web-ASP"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature CGI {
Ensure = "Absent"
Name = "Web-CGI"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature IPDomainRestrictions {
Ensure = "Absent"
Name = "Web-IP-Security"
DependsOn = '[WindowsFeature]IIS'
}
!!! # GUI Remote Management of IIS requires the following: - people always forget this until too late
WindowsFeature Management {
Name = 'Web-Mgmt-Service'
Ensure = 'Present'
}
Registry RemoteManagement { # Can set other custom settings inside this reg key
Key = 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server'
ValueName = 'EnableRemoteManagement'
ValueType = 'Dword'
ValueData = '1'
DependsOn = @('[WindowsFeature]IIS','[WindowsFeature]Management')
}
Service StartWMSVC {
Name = 'WMSVC'
StartupType = 'Automatic'
State = 'Running'
DependsOn = '[Registry]RemoteManagement'
}
# Often, It's common to disable the default website and then create your own
# - dont do this to Pull Servers, ADCS or other Services that use the default website
xWebsite DefaultSite {
Name = "Default Web Site"
State = "Started"
PhysicalPath = "C:\inetpub\wwwroot"
DependsOn = "[WindowsFeature]IIS"
}
} #End Node Role Web
###############################################################################
Node $AllNodes.where{$_.Role -eq 'PullServer'}.NodeName {
# This installs both, WebServer and the DSC Service for a pull server
# You could do everything manually - which I prefer
WindowsFeature DSCServiceFeature {
Ensure = "Present"
Name = "DSC-Service"
}
xDscWebService PSDSCPullServer {
Ensure = "Present"
EndpointName = $Node.PullServerEndPointName
Port = $Node.PullServerPort # <--------------------------------------- Why this port?
PhysicalPath = $Node.PullserverPhysicalPath
CertificateThumbPrint = $Node.PullServerThumbprint # <------------------------- Certificate Thumbprint
ModulePath = $Node.PullServerModulePath
ConfigurationPath = $Node.PullserverConfigurationPath
State = "Started"
DependsOn = "[WindowsFeature]DSCServiceFeature"
UseSecurityBestPractices = $false
}
xDscWebService PSDSCComplianceServer {
Ensure = "Present"
EndpointName = $Node.ComplianceServerEndPointName
Port = $Node.ComplianceServerPort
PhysicalPath = $Node.ComplianceServerPhysicalPath
CertificateThumbPrint = $Node.ComplianceServerThumbPrint
State = "Started"
# IsComplianceServer = $true - property removed in version 3.8.0.0 -- dont know why
DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
UseSecurityBestPractices = $false
}
} # End Node PullServer
} # End Config
#break
WebNodes -ConfigurationData $ConfigData -OutputPath .\
But when runnig this:
Start-DscConfiguration -Path .\ -ComputerName labdscpscore01 -Verbose -Wait -Force
I got:
Mode LastWriteTime Length Name
-a---- 13.05.2017 23:30 18316 labdscpscore01.mof
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSC
LocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer LABDC01 with user sid S-1-5-21-191450192-3335740963-707932236-500.
VERBOSE: [LABDSCPSCORE01]: LCM: [ Start Set ]
VERBOSE: [LABDSCPSCORE01]: LCM: [ End Set ]
The PowerShell DSC resource MSFT_xWebsite from module does not exist at the PowerShell module path nor
is it registered as a WMI DSC resource.
+ CategoryInfo : InvalidOperation: (root/Microsoft/…gurationManager:String) , CimException
+ FullyQualifiedErrorId : DscResourceNotFound
+ PSComputerName : labdscpscore01
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 2.763 seconds
I checked and module xWebAdministration in exact mentioned version is there in path C:\Program Files\WindowsPowerShell\Modules.
I tried restart hosts (both authoring workstation and destination host) as I read about this here:
https://powershell.org/forums/topic/remote-start-dscconfiguration-cannot-find-dsc-resources/
Also tried like Dave suggested putting modules in C:\Windows\System32\WindowsPowerShell\v1.0 but didn't work either.
Is there something I am missing? Appreciate any help on this as I am out of ideas.
Cheers,
Pawel Jarosz