Error "DSC resource does not exist" whilst remotely building DSC server.

DSC
1

Hi Guys, I am trying to build DSC on server core with code:

$ConfigData=@{
# Node specific data
AllNodes = @(

   # All Servers need following identical information 
   @{
        NodeName           = '*'
       # PSDscAllowPlainTextPassword = $true;
       # PSDscAllowDomainUser = $true
        
   },

   # Unique Data for each Role
   @{
        NodeName = 'labdscpscore01'
        Role = @('Web', 'PullServer')
       
        PullServerEndPointName = 'PSDSCPullServer'
        PullserverPort = 8080                      #< - ask me why I use this port
        PullserverPhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
        PullserverModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
        PullServerConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
        PullServerThumbPrint = Invoke-Command -Computername 'localhost' {Get-Childitem Cert:\LocalMachine\My | Where-Object {$_.FriendlyName -like "*dscps*"} | Select-Object -ExpandProperty ThumbPrint}

        ComplianceServerEndPointName = 'PSDSCComplianceServer'
        ComplianceServerPort = 9080
        ComplianceServerPhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
        ComplianceServerThumbPrint = 'AllowUnencryptedTraffic'
    }


);

}

Configuration WebNodes
{

# Import the module that defines custom resources
Import-DscResource -Module PSDesiredStateConfiguration, xPSDesiredStateConfiguration, xWebAdministration

# Dynamically find the applicable nodes from configuration data
Node $AllNodes.where{$_.Role -eq 'Web'}.NodeName {

# Install the IIS role

    WindowsFeature IIS {
    
        Ensure = "Present"
        Name = "Web-Server"
    }

# Make sure the following defaults cannot be removed:

    WindowsFeature DefaultDoc {
    
        Ensure = "Present"
        Name = "Web-Default-Doc"
        DependsOn = '[WindowsFeature]IIS'
    }

    WindowsFeature HTTPErrors {
    
        Ensure = "Present"
        Name = "Web-HTTP-Errors"
        DependsOn = '[WindowsFeature]IIS'
    }

    WindowsFeature HTTPLogging {
    
        Ensure = "Present"
        Name = "Web-HTTP-Logging"
        DependsOn = '[WindowsFeature]IIS'
    }

    WindowsFeature StaticContent {
    
        Ensure = "Present"
        Name = "Web-Static-Content"
        DependsOn = '[WindowsFeature]IIS'
    }

    WindowsFeature RequestFiltering {
    
        Ensure = "Present"
        Name = "Web-Filtering"
        DependsOn = '[WindowsFeature]IIS'
    }

# Install additional IIS components to support the Web Application

    WindowsFeature NetExtens4 {
    
        Ensure = "Present"
        Name = "Web-Net-Ext45"
        DependsOn = '[WindowsFeature]IIS'
    }

    WindowsFeature AspNet45 {
    
        Ensure = "Present"
        Name = "Web-Asp-Net45"
        DependsOn = '[WindowsFeature]IIS'
    }

    WindowsFeature ISAPIExt {
    
        Ensure = "Present"
        Name = "Web-ISAPI-Ext"
        DependsOn = '[WindowsFeature]IIS'
    }

    WindowsFeature ISAPIFilter {

        Ensure = "Present"
        Name = "Web-ISAPI-filter"
        DependsOn = '[WindowsFeature]IIS'
    }

# I don't want these defaults for Web-Server to ever be enabled:

    WindowsFeature DirectoryBrowsing {
    
        Ensure = "Absent"
        Name = "Web-Dir-Browsing"
        DependsOn = '[WindowsFeature]IIS'
    }
 

    WindowsFeature StaticCompression {
    
        Ensure = "Absent"
        Name = "Web-Stat-Compression"
        DependsOn = '[WindowsFeature]IIS'
    }

# I don't want these Additional settings for Web-Server to ever be enabled:

    # This list is shortened for demo purposes. I include eveything that should not be installed

   WindowsFeature ASP {
    
        Ensure = "Absent"
        Name = "Web-ASP"
        DependsOn = '[WindowsFeature]IIS'
    }

   WindowsFeature CGI {
    
        Ensure = "Absent"
        Name = "Web-CGI"
        DependsOn = '[WindowsFeature]IIS'
    }

   WindowsFeature IPDomainRestrictions {
    
        Ensure = "Absent"
        Name = "Web-IP-Security"
        DependsOn = '[WindowsFeature]IIS'
    }

!!! # GUI Remote Management of IIS requires the following: - people always forget this until too late

    WindowsFeature Management {

        Name = 'Web-Mgmt-Service'
        Ensure = 'Present'
    }

    Registry RemoteManagement { # Can set other custom settings inside this reg key

        Key = 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server'
        ValueName = 'EnableRemoteManagement'
        ValueType = 'Dword'
        ValueData = '1'
        DependsOn = @('[WindowsFeature]IIS','[WindowsFeature]Management')
   }

   Service StartWMSVC {

        Name = 'WMSVC'
        StartupType = 'Automatic'
        State = 'Running'
        DependsOn = '[Registry]RemoteManagement'

   }

# Often, It's common to disable the default website and then create your own

    # - dont do this to Pull Servers, ADCS or other Services that use the default website

    xWebsite DefaultSite {

        Name            = "Default Web Site"
        State           = "Started"
        PhysicalPath    = "C:\inetpub\wwwroot"
        DependsOn       = "[WindowsFeature]IIS"
    }


} #End Node Role Web

###############################################################################

Node $AllNodes.where{$_.Role -eq 'PullServer'}.NodeName {

# This installs both, WebServer and the DSC Service for a pull server

# You could do everything manually - which I prefer

     WindowsFeature DSCServiceFeature {

        Ensure = "Present"
        Name   = "DSC-Service"
    }

   xDscWebService PSDSCPullServer {
    
        Ensure = "Present"
        EndpointName = $Node.PullServerEndPointName
        Port = $Node.PullServerPort   # <--------------------------------------- Why this port?
        PhysicalPath = $Node.PullserverPhysicalPath
        CertificateThumbPrint =  $Node.PullServerThumbprint # <------------------------- Certificate Thumbprint
        ModulePath = $Node.PullServerModulePath
        ConfigurationPath = $Node.PullserverConfigurationPath
        State = "Started"
        DependsOn = "[WindowsFeature]DSCServiceFeature"
        UseSecurityBestPractices = $false
    }

    xDscWebService PSDSCComplianceServer {
    
        Ensure = "Present"
        EndpointName = $Node.ComplianceServerEndPointName
        Port = $Node.ComplianceServerPort
        PhysicalPath = $Node.ComplianceServerPhysicalPath
        CertificateThumbPrint =  $Node.ComplianceServerThumbPrint
        State = "Started"
        # IsComplianceServer = $true - property removed in version 3.8.0.0 -- dont know why
        DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
        UseSecurityBestPractices = $false
    }


   
} # End Node PullServer

} # End Config

#break
WebNodes -ConfigurationData $ConfigData -OutputPath .\

But when runnig this:
Start-DscConfiguration -Path .\ -ComputerName labdscpscore01 -Verbose -Wait -Force

I got:

Mode LastWriteTime Length Name

-a---- 13.05.2017 23:30 18316 labdscpscore01.mof
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSC
LocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer LABDC01 with user sid S-1-5-21-191450192-3335740963-707932236-500.
VERBOSE: [LABDSCPSCORE01]: LCM: [ Start Set ]
VERBOSE: [LABDSCPSCORE01]: LCM: [ End Set ]
The PowerShell DSC resource MSFT_xWebsite from module does not exist at the PowerShell module path nor
is it registered as a WMI DSC resource.
+ CategoryInfo : InvalidOperation: (root/Microsoft/…gurationManager:String) , CimException
+ FullyQualifiedErrorId : DscResourceNotFound
+ PSComputerName : labdscpscore01

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 2.763 seconds

I checked and module xWebAdministration in exact mentioned version is there in path C:\Program Files\WindowsPowerShell\Modules.

I tried restart hosts (both authoring workstation and destination host) as I read about this here:
https://powershell.org/forums/topic/remote-start-dscconfiguration-cannot-find-dsc-resources/

Also tried like Dave suggested putting modules in C:\Windows\System32\WindowsPowerShell\v1.0 but didn't work either.

Is there something I am missing? Appreciate any help on this as I am out of ideas.

Cheers,
Pawel Jarosz

2

Ok I see that it was pasted weirdly, so basically it tells me that MSFT_xWebsite is not there while it is:

The PowerShell DSC resource MSFT_xWebsite from module does not exist at the PowerShell module path nor is it registered as a WMI DSC resource. + CategoryInfo : InvalidOperation: (root/Microsoft/…gurationManager:String) , CimException + FullyQualifiedErrorId : DscResourceNotFound + PSComputerName : labdscpscore01 VERBOSE: Operation ‘Invoke CimMethod’ complete. VERBOSE: Time taken for configuration job to complete is 2.763 seconds

Appreciate any suggestions as I am out of ideas…
Cheers!

3

Pawel,

Couple of questions:

  • Are you compiling and running on the same machine (labdscpscore01)?
  • Does get-DSCResource return xWebAdministration when you run it on the target machine (labdscpscore01 )?
  • Where (folder path) do you have the resources installed on the target machine (labdscpscore01)?

MarkG

4

Hiya Mark,

Firt of all - I see that formatting gone wrong, so the script I am trying to adapt is here:
https://github.com/PowerShellOrg/dsc-summit-precon/blob/master/7.PullServer/1.Config_PullServer-Advanced.ps1

I am compiling on different machine - labdc01.

No the xWebAdministration resource is not there (I thought that this should install it)

Resources are in:
PS C:\Users\Administrator> Get-DscResource | ft path
Path

C:\Windows\system32\WindowsPowershell\v1.0\Modules\PsDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\MSF…
C:\Windows\system32\WindowsPowershell\v1.0\Modules\PsDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource…
C:\Windows\system32\WindowsPowershell\v1.0\Modules\PsDesiredStateConfiguration\DSCResources\MSFT_GroupResource\MSFT_…

And here is the moment I start feeling stupid… I think all I need to do is to add something like this to this configuration:

Ehh…will try and let know how it was but I think that would be it, wouldn’t be?

5

Now I know that I need to distribute these modules separately (somehow I thought it would be installed by configuration).

Thank you for help Mark!
Pawel

6

Glad you got it worked out, Pawel!

MarkG