Https Pull Server Issues

I’ve been attempting to set up a DSC Pull Server at my organization. I’m able to set up the pull server as http (AllowUnencryptedTraffic) with no issues. I can also see XML when I visit the page.

When I attempt to configure it using the example at

I get no DSC errors, but it doesn’t appear the PullServer.svc is set up correctly. When I try to visit the page, I get a “Page can’t be found message”.

I have WMF 5.0 installed on the pull server and the client machine. Both are 2012R2.

I’m wondering, should I be able to see xml when I navigate to https://localhost:8080/PullServer.svc on the local pull server?

Hi,

you’re missing the link to show us what sample you followed
but make sure the following is correct:

  1. you have the certificate already on the node where the pull server will be installed
  2. the thumbprint of the certificate appears in the thumbprint property inside the script or your passing it as
    parameter when you run the configuration script.

https://msdn.microsoft.com/en-us/powershell/dsc/pullserver

Pull server doesn’t actually use XML, and unless it receives a proper request - including headers - it won’t return a reply, or can return a 401 or 404. You can’t really just browse to it.

In terms of SSL, that’s all configured at the IIS level.

Sorry about the missing link. Here’s what I was following https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
The only thing I changed was PhysicalPath, since our IIS stuff is on a different drive. It’s set to D:\Inetpub\PSDSCPullServer

I have the certificate installed on the node and it’s signed from my organizations root CA. I’ve tried passing it as a parameter, and putting it directly into the script. I never get any errors when setting up the pull server.

When I try to register with a pull server, I’m getting the error (server names changed to protect the innocent):

Registration of the Dsc Agent with the server https://server:8080/PSDSCPullServer.svc failed. The underlying error is: Failed to register Dsc Agent with AgentId F6053A93-4EC4-11E6-80E8-005056886E76 with the
server https://server/PSDSCPullServer.svc/Nodes(AgentId=‘F6053A93-4EC4-11E6-80E8-005056886E76’). .

I’m confused.

You set the pull server up originally as HTTP; you’re trying to switch to HTTPS. Why is there a certificate on the node?

The nodes don’t use certificates in a normal SSL scenario. The server needs an SSL certificate, just as with any web server. Is that already in place?

Sorry, I misspoke I meant server, not node. The certificate is installed on the server.

You should use IIS Manager to ensure that the cert is properly bound to the website.

Additionally, since you seem to be using ConfigurationNames, make sure the node is configured to use a valid RegistrationKey, and that the server has a matching one. You can also try removing the pull server’s database and log files to sort of force it to “start over.”

I’m a little concerned about the “used to be able to see XML,” because the service on the pull server shouldn’t return XML under normal operation. It either returns nothing (the registration PUT operation), or it returns an octet-stream (configuration MOF or module POST operations). I’ve got all that documented in “The DSC Book” on LeanPub, now.

I ended up re-imaging the server to start over. It ended up being a problem with IIS. We change the IIS default path to another drive (D:\Inetpub). Once I changed the physical path to D:\Inetpub, it worked. Thanks for all of your help!