So I have this new Pull Server, and mind you this is my first foray into DSC, and i got it setup with a SSL cert and all that jazz and was able to confirm it’s at least providing the proper response when I perform this:
([xml](Invoke-WebRequest "https://$($fqdn):8080/psdscpullserver.svc" | % Content)).service.workspace.collection.href
I get the expected result of
Configurations Modules Action Module StatusReport Node Reports Nodes
So I’m thinking all is good, so I go to do my pull client registration and wham, I get this,
he client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
Well, I’m using a secure config over IIS, so WinRM shouldn’t be a factor. So my question is, what am I missing here? My configs are below, and I wish I knew where things where being logged so I would have something to look at, but even the IIS logs are pretty sparse.
Pull Server Config
param ( [string[]]$NodeName = 'localhost', [ValidateNotNullOrEmpty()] [string] $certificateThumbPrint, [Parameter(HelpMessage='This should be a string with enough entropy (randomness) to protect the registration of clients to the pull server. We will use new GUID by default.')] [ValidateNotNullOrEmpty()] [string] $RegistrationKey # A guid that clients use to initiate conversation with pull server ) Import-DSCResource -ModuleName xPSDesiredStateConfiguration Import-DSCResource -ModuleName PSDesiredStateConfiguration Import-DSCResource -ModuleName xWebAdministration Import-DSCResource -ModuleName xComputerManagement Node $NodeName { LocalConfigurationManager { ConfigurationMode = "ApplyAndMonitor" #https://docs.microsoft.com/en-us/powershell/dsc/metaconfig RebootNodeIfNeeded = $false } WindowsFeature IISMgmt { Ensure = "Present" Name = "Web-Mgmt-Console" Source = "c:\i386\sources\sxs" } WindowsFeature DSCServiceFeature { Ensure = "Present" Name = "DSC-Service" Source = "c:\i386\sources\sxs" } WindowsFeature WinAuth { Ensure = "Present" Name = "web-Windows-Auth" Source = "c:\i386\sources\sxs" } WindowsFeature NETHTTPActivation { Ensure = "Present" Name = "NET-HTTP-Activation" Source = "c:\i386\sources\sxs" } WindowsFeature ISE { Ensure = "Absent" Name = "PowerShell-ISE" Source = "c:\i386\sources\sxs" } xDscWebService PSDSCPullServer { Ensure = "Present" EndpointName = "PSDSCPullServer" Port = 8080 PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer" CertificateThumbPrint = $certificateThumbPrint ModulePath = "$env:ProgramFiles\WindowsPowerShell\DscService\Modules" ConfigurationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\Configuration" State = "Started" DependsOn = @("[WindowsFeature]DSCServiceFeature", "[WindowsFeature]WinAuth", "[WindowsFeature]NETHTTPActivation") AcceptSelfSignedCertificates = $false Enable32BitAppOnWin64 = $false UseSecurityBestPractices = $false } File RegistrationKeyFile { Ensure = 'Present' Type = 'File' DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt" Contents = $RegistrationKey } #Stop the default WebSite xWebSite StopDefaultSite { Ensure = "Present" Name = "Default Web Site" State = "Stopped" PhysicalPath = "$env:SystemDrive\inetpub\wwwroot" DependsOn = "[WindowsFeature]DSCServiceFeature" } } }
Client Registration
[DSCLocalConfigurationManager()] configuration PullClientRegistration { param ( [ValidateNotNullOrEmpty()] [string]$NodeName, [ValidateNotNullOrEmpty()] [string]$RegistrationKey, [ValidateNotNullOrEmpty()] [string]$PullServer ) Node $NodeName { Settings { RefreshMode = 'Pull' RebootNodeIfNeeded = $false ConfigurationMode = "ApplyAndMonitor" ConfigurationModeFrequencyMins = 15 } ConfigurationRepositoryWeb $PullServer { ServerURL = "https://$($PullServer):8080/PSDSCPullServer.svc" RegistrationKey = $RegistrationKey ConfigurationNames = @('ClientConfig') AllowUnsecureConnection = $false #ConfigurationNames = @($Target) } ReportServerWeb $PullServer { ServerURL = "https://$($PullServer):8080/PSDSCPullServer.svc" RegistrationKey = $RegistrationKey } } }
Test ClientConfig
configuration ClientConfig { Import-DscResource -ModuleName PSDesiredStateConfiguration Node localhost { WindowsFeature ISE { Ensure = "Absent" Name = "PowerShell-ISE" Source = "c:\i386\sources\sxs" } Service EPOPS { Name = "End Point Operations Management Agent" StartupType = "Automatic" State = "Running" } } }