I’m trying to write up a small DSC PoC (vs Ansible), and as part of that, I want to copy required DSC Resources to the Windows 2016 server I’m running it on.
The server doesn’t have internet access, so I can’t download them directly from the Gallery.
Configuration Data:
$ConfigurationData = @{
AllNodes = @(
@{
NodeName="*"
PSDscAllowPlainTextPassword=$True
PSDscAllowDomainUser=$True
}
);
}
The Configuration:
Configuration DSCPOCCopyDSCResources {
param (
[Parameter()]
[PSCredential]$Credential
)
Node 'localhost' {
File DirectoryCopy
{
SourcePath = "\\Share\Common\DevSupport\PowerShell.DSC.Resources"
DestinationPath = "C:\Program Files\WindowsPowerShell\Modules"
Recurse = $True
Type = "Directory"
Ensure = "Present"
PSDSCRunAsCredential = $Credential
}
}
}
Then I run:
$Cred = (Get-Credential)
DSCPOCCopyDSCResources -OutputPath C:\Temp\ -ConfigurationData $ConfigurationData -Credential (Get-Credential)
I then get this output/error:
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer SRV-PSDSC03 with user sid S-1-5-21-3324808359-1710566943-1674697894-74334.
VERBOSE: [SRV-PSDSC03]: LCM: [ Start Set ]
VERBOSE: [SRV-PSDSC03]: LCM: [ Start Resource ] [[File]DirectoryCopy]
VERBOSE: [SRV-PSDSC03]: LCM: [ Start Test ] [[File]DirectoryCopy]
VERBOSE: [SRV-PSDSC03]: [[File]DirectoryCopy] Access is denied.
VERBOSE: [SRV-PSDSC03]: [[File]DirectoryCopy] The related file/directory is: \\Share\Common\DevSupport\PowerShell.DSC.Resources.
VERBOSE: [SRV-PSDSC03]: [[File]DirectoryCopy] The path cannot point to the root directory or to the root of a net share.
VERBOSE: [SRV-PSDSC03]: [[File]DirectoryCopy] The related file/directory is: \\Share\Common\DevSupport\PowerShell.DSC.Resources.
VERBOSE: [SRV-PSDSC03]: [[File]DirectoryCopy] SourcePath must be specified if you want to configure the destination directory recursively. Make sure that SourcePath is a directory and that it
is accessible.
SourcePath must be specified if you want to configure the destination directory recursively. Make sure that SourcePath is a directory and that it is accessible.
+ CategoryInfo : InvalidArgument: (:) [], CimException
+ FullyQualifiedErrorId : MI RESULT 4
+ PSComputerName : localhost
I first tried Credential instead of PSDSCRunAsCredential, but same error.
The user sid corresponds to my admin account.
Any ideas what I am doing wrong?
I have also tried opening the share in Explorer as well as running Test-Path, both successful…
you have to pass $Credential to DSCPOCCopyDSCResources while compiling the MOF. You can have a Credential parameter for DSCPOCCopyDSCResources and pass it while compiling the mof.
The credential used with Start-DSCConfiguration is used to push the configuration, but not to apply the configuration.
[quote quote=170059]you have to pass $Credential to DSCPOCCopyDSCResources while compiling the MOF. You can have a Credential parameter for DSCPOCCopyDSCResources and pass it while compiling the mof.
The credential used with Start-DSCConfiguration is used to push the configuration, but not to apply the configuration.[/quote]
Thanks, I overlooked that. My code in the OP has been changed t show what it is now, and now I sadly get a different error:
PSDesiredStateConfiguration\Configuration : System.InvalidOperationException error processing property 'PSDSCRunAsCredential' OF TYPE 'File': Converting and storing encrypted passwords as plain text is not recommended. For more
information on securing credentials in MOF file, please refer to MSDN blog: http://go.microsoft.com/fwlink/?LinkId=393729
At line:32 char:3
+ File
At line:25 char:1
+ Configuration DSCPOCCopyDSCResources {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Write-Error], InvalidOperationException
+ FullyQualifiedErrorId : FailToProcessProperty,Configuration
And no MOF is generated.
Below blog posts will help you to resolve this.
[quote quote=170137]Below blog posts will help you to resolve this.
Safely using PSCredentials in a Powershell DSC Configuration
<iframe class="wp-embedded-content" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="" src="https://blogs.infosupport.com/safely-using-pscredentials-in-a-powershell-dsc-configuration/embed/#?secret=LsVIwCfn0U" width="600" height="338" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" sandbox="allow-scripts" data-secret="LsVIwCfn0U" data-mce-fragment="1"></iframe>
https://blogs.technet.microsoft.com/ashleymcglone/2015/12/18/using-credentials-with-psdscallowplaintextpassword-and-psdscallowdomainuser-in-powershell-dsc-configuration-data/
[/quote]
Marvellous, thanks, I’ll give that a whirl on Monday when I’m back at the grindstone…
So, it turns out that the real problem was using
NodeName=“*”
instead of
NodeName=“localhost”
in my $ConfigurationData.
Changing that so my $ConfigurationData now reads like this, fixed it:
$ConfigurationData = @{
AllNodes = @(
@{
NodeName="localhost"
PSDscAllowPlainTextPassword=$True
PSDscAllowDomainUser=$True
}
)
}
However!
I now have a similar struggle, in that I can’t create a new file on a share -__-
Super annoying, and tempted to make a new post…
Always welcome,you can make a new post with the new issue…