How to get rid of PSDscAllowPlainTextPassword (PS 4)

We are security tightening up scripts at the moment. Who has built a successful example of using Certificates and Thumbprint instead of using the notoriously bad PSDscAllowPlainTextPassword Attribute using PowerShell 4.0.

Configuration ExampleConfig
			 [string]	$myUserName 
		    ,[string]	$myFullName
            ,[PSCredential]	$myPassword

	Node $AllNodes.where{ $_.Role.Contains("myrole") }.NodeName
        User MyUser
            UserName = $myUserName
            Ensure = "Present"
            FullName = $myFullName
            Password = $myPassword

             CertificateId = $node.Thumbprint 

# cut the first half that declared the parameters and values

$ConfigData = @{
    AllNodes = @(
            NodeName = ""
			myUserName = $userName
		    myFullName = $userName
            myPassword = $userCreds
            CertificateFile ="C:\GSPS-Source\Certificates\sfb-thm-tenant.local.cer" 
            Thumbprint= "‎F6E950F331F06EE605D804DB4811fB647B697668"

$sn_mofPath = "C:\MOF"
ExampleConfig -ConfigurationData $ConfigData -myUserName $userName -myPassword $userCreds -myFullName $userName `
                  -OutputPath $sn_mofPath

Set-DscLocalConfigurationManager -ComputerName "" `
              -Path $sn_mofPath `
              -Credential $creds

Start-DscConfiguration -Verbose -Wait -Force `
              -ComputerName "" `
              -Path $sn_mofPath `
              -Credential $creds

I followed the following procedure: and I am getting the following output.

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' =
 MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer SFB-THM-TOR with user sid S-1-5-21-2948782706-3721813811-4249131776-500.
VERBOSE: [SFB-THM-TENANT]: LCM:  [ Start  Set      ]
VERBOSE: [SFB-THM-TENANT]: LCM:  [ Start  Resource ]  [[User]MyUser]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : InvalidArgument: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 4
    + PSComputerName        :
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.383 seconds

Additional Information: The mof files are encrypend, the certificate is a self signed certificate on the target machine that I have exported to the local machine I run the scripts from. (so private key is on the target machine).

This is the script that I used to create the Self signed cert:

Any help apreciated

I’ve done this successfully numerous times, but not using a self-signed certificate.

I’ve used SS certs before with no issue; I tested your code quickly and all seemed ok; I’m assuming that when you use

PSDSCAllowPlainTextPassword = $true
that the DSC runs fine?