Hello!
I am building a DSC Pull Server HTTPS.
Pull config:
configuration PullHTTPS { param ( [string[]]$NodeName = 'localhost', [ValidateNotNullOrEmpty()] [string] $certificateThumbPrint, [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $RegistrationKey ) Import-DSCResource -ModuleName xPSDesiredStateConfiguration Import-DSCResource –ModuleName PSDesiredStateConfiguration Node $NodeName { WindowsFeature DSCServiceFeature { Ensure = 'Present' Name = 'DSC-Service' } xDscWebService PSDSCPullServer { Ensure = 'Present' EndpointName = 'PSDSCPullServer' Port = 8080 PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer" CertificateThumbPrint = $certificateThumbPrint ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules" ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" State = 'Started' UseSecurityBestPractices = $true #DisableSecurityBestPractices = 'SecureTLSProtocols' DependsOn = '[WindowsFeature]DSCServiceFeature' } File RegistrationKeyFile { Ensure = 'Present' Type = 'File' DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt" Contents = $RegistrationKey } } } PullHTTPS -certificateThumbprint 'MyCertificate' -RegistrationKey 'MyRegistrationKey' -OutputPath c:\Configs\PullServer Start-DscConfiguration -Path c:\Configs\PullServer -Wait -Verbose
LCM Config on the target node:
[DSCLocalConfigurationManager()] configuration PullClientConfigID { Node localhost { Settings { RefreshMode = 'Pull' RefreshFrequencyMins = 30 RebootNodeIfNeeded = $true ConfigurationModeFrequencyMins = 15 ConfigurationMode = 'ApplyAndMonitor' } ConfigurationRepositoryWeb MySite { ServerURL = 'https://MySite:8080/PSDSCPullServer.svc/' AllowUnsecureConnection = $false RegistrationKey = 'MyRegistrationKey' ConfigurationNames = @('web') } ReportServerWeb MySite { ServerURL = 'https://MySite:8080/PSDSCPullServer.svc/' AllowUnsecureConnection = $false RegistrationKey = 'MyRegistrationKey' } } } PullClientConfigID -OutputPath c:\Configs\TargetNodes
when I do “Set-DscLocalConfigurationManager -Path c:\Configs\TargetNodes -force” to apply the LCM config, I get this errors:
Registration of the Dsc Agent with the server https://qfrspvsma002:8080/PSDSCPullServer.svc/ failed. The underlying error is: Failed to register Dsc Agent with AgentId 0011F6B4-0012-11E7-80BD-00155DA7BE14 with the server https://MySite:8080/PSDSCPullServer.svc//Nodes(AgentId='0011F6B4-0012-11E7-80BD-00155DA7BE14'). . + CategoryInfo : InvalidResult: (root/Microsoft/...gurationManager:String) [], CimException + FullyQualifiedErrorId : RegisterDscAgentCommandFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.RegisterDscAgentCommand + PSComputerName : localhost
I think it’s a problem of certificate but I don’t know how to fix it.
I have created a selfsigned certificated on my pull server.
Thank’s for your help.