Hello Experts,
I have configured a Secure DSC Pull Server using the script available at this link.
I didn’t receive any errors during the configuration. However, after finishing the configuration when I ran Get-DscConfiguration command I am getting below error:
Get-DscConfiguration -Verbose
VERBOSE: An LCM method call arrived from computer TestPullServer with user sid S-1-5-21-96684026-1888757961-1698245536-547389.
VERBOSE: [TestPullServer]: LCM: [ Start Get ]
VERBOSE: [TestPullServer]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started: DSC-Service
VERBOSE: [TestPullServer]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeeded: DSC-Service
VERBOSE: [TestPullServer]: LCM: [ End Get ] [[WindowsFeature]DSCServiceFeature] in 0.5320 seconds.
Get-DscConfiguration : Method invocation failed because [System.Collections.ObjectModel.Collection`1[[System.Management.Automation.PSObject, System.Management.Automation, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35]]] does not contain a method named 'Format'.
At line:1 char:1
+ Get-DscConfiguration -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
+ FullyQualifiedErrorId : MethodNotFound,Get-DscConfiguration
Get-DscConfiguration : The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo 'C:\Temp\Create-PullServerV2.ps1::89::9::xDscWebService' threw one or more non-terminating errors while running
the Get-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
At line:1 char:1
+ Get-DscConfiguration -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
+ FullyQualifiedErrorId : NonTerminatingErrorFromProvider,Get-DscConfiguration
I have performed few steps found at random forums on the internet and found that the issue is related to the Certificate that I have used with the Pull Server. I added the certificate to the Root certificate store and also ran below code to resolve some other issue I started facing. Below is the code:
Add-Type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
# If still getting below error:
# Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
#
# Run below commands:
#
[System.Net.ServicePointManager]::SecurityProtocol += [System.Net.SecurityProtocolType]::Tls11
[System.Net.ServicePointManager]::SecurityProtocol += [System.Net.SecurityProtocolType]::Tls12
However, any configuration is working fine locally on the pull server but it is failing on any other node with below error:
WinRM cannot process the request. The following error occurred while using Kerberos authentication:
Cannot find the computer testNode.contoso.com. Verify that the computer exists on the
network and that the name provided is spelled correctly.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimExceptio
n
+ FullyQualifiedErrorId : HRESULT 0x80070035
+ PSComputerName : testNode.contoso.com
I am able to ping the target node, I am able to test the WinRM connection using Test-WSMan. Not sure how to resolve this error.
The WINRM Kerberos Authentication issue is also resolved after I used below method:
Start-DscConfiguration -Path .\WebServerConfig -Verbose -Wait -CimSession (New-CimSession -ComputerName localhost -Credential "contoso\adminuser")
However, when I run
Get-DSCConfiguration
on PullServer, I am still getting below error:
Get-DscConfiguration : Method invocation failed because [System.Collections.ObjectModel.Collection`1[[System.Management.Automation.PSObject, System.Management.Automation, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35]]] does not contain a method named 'Format'.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
+ FullyQualifiedErrorId : MethodNotFound,Get-DscConfiguration
Get-DscConfiguration : The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo 'C:\Temp\Create-PullServerV2.ps1::89::9::xDscWebService' threw one or more non-terminating errors while running
the Get-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
+ FullyQualifiedErrorId : NonTerminatingErrorFromProvider,Get-DscConfiguration