Node cannot pull configurations

DSC
#1

Hi
I have what i think is a working pull server on as MS server 2012R2 with WMF 5 installed. The node is also running MS server 2012R2 with WMF 5.

I can access the Pull Server’s site (XML) without issues on both the Pull Server (vm01) and the node (vm08) which i want to pull configurations.
Setup is based on the https://msdn.microsoft.com/en-us/powershell/dsc/pullserver :

PULL SERVER:

$ConfigurationData = @{
   AllNodes = @(
        @{
            NodeName="*"
            PSDscAllowPlainTextPassword=$true
            PSDscAllowDomainUser = $true
         }
        @{
            NodeName='localhost'
         }
    )
}



#https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
configuration DeployDscPullServer
{ 
    param  
    ( 
            [string[]]$NodeName = 'Present', 
            [ValidateNotNullOrEmpty()] [string] $certificateThumbPrint,
            [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $RegistrationKey 
     ) 

     Import-DSCResource -ModuleName xPSDesiredStateConfiguration 
     Import-DscResource –ModuleName PSDesiredStateConfiguration



     Node $AllNodes.NodeName 
     { 
         WindowsFeature DSCServiceFeature 
         { 
             Ensure = 'Present'
             Name   = 'DSC-Service'             
         } 

         WindowsFeature IISMgmtConsole
         { 
             Ensure = 'Present'
             Name   = 'Web-Mgmt-Console'             
         } 

         xDscWebService PSDSCPullServer 
         { 
             Ensure                  = 'Present' 
             EndpointName            = 'PSDSCPullServer' 
             Port                    = 8080 
             PhysicalPath            = "$env:SystemDrive\inetpub\PSDSCPullServer" 
             CertificateThumbPrint   = $certificateThumbPrint          
             ModulePath              = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules" 
             ConfigurationPath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" 
             State                   = 'Started'
             DependsOn               = '[WindowsFeature]DSCServiceFeature'                         
         } 

        File RegistrationKeyFile
        {
            Ensure          = 'Present'
            Type            = 'File'
            DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
            Contents        = $RegistrationKey
        }
    }
}




#RUN CONFIGURATION
$MofConfigFile = DeployDscPullServer -ConfigurationData $configurationData -certificateThumbPrint $Thumbprint -RegistrationKey $RegKey -OutputPath c:\Configs\PullServer 

# This creates a MOF at:
$MofConfigDirectory = $MofConfigFile.DirectoryName

#RUN MOF
Start-DscConfiguration -Path $MofConfigDirectory -Wait -verbose -force

CONFIGURATION:
I made a simple first file configuration for testing purpose. It runs fine on the node (vm08) when running locally. But i am not able to make the node pull it from the pull server. For testing purpose, I’m not using the certificate encryption.

$ConfigurationData = @{
    AllNodes = @(
        @{
            NodeName="*"
            PSDscAllowPlainTextPassword=$true
            PSDscAllowDomainUser = $true
         }
        @{
            NodeName="vm08"
            #CertificateFile = 'C:\Keys\SqlNode.cer'
            #Thumbprint = '42235A417BE23ADDE72F1593BDE665106262CF7C'
         }
    )
}



Configuration copytest
{
Import-DscResource –ModuleName PSDesiredStateConfiguration

    Node $AllNodes.NodeName     
    {     
        File test
        {
            DestinationPath = 'c:\here\ok.ps1'
            Ensure = 'Present'
            Recurse = $true
            SourcePath = 'c:\ok.ps1'
            Type =  'File'
        }
    }

}

copytest -ConfigurationData $ConfigurationData -OutputPath C:\Configs\TargetNodes

Remove-item 'C:\Program Files\WindowsPowerShell\DscService\Configuration\*'

copy 'C:\Configs\TargetNodes\vm08.mof' 'C:\Program Files\WindowsPowerShell\DscService\Configuration'

New-DSCCheckSum -path "C:\Program Files\WindowsPowerShell\DscService\Configuration\"

#TEST pull using the https://gist.github.com/JamesDawson/6787277 - Invoke-PullonNode.ps1 
cd '\\share\testing'
.\Invoke-PullonNode.ps1 -computername 'vm08'
cd C:\windows\System32

LCM on node (vm08):

ActionAfterReboot              : ContinueConfiguration
AgentId                        : A3E37E75-48E0-11E6-80D9-005056837311
AllowModuleOverWrite           : False
CertificateID                  : 42235A417BE23ADDE72F1593BDE665106262CF7C
ConfigurationDownloadManagers  : {[ConfigurationRepositoryWeb]PullSrv}
ConfigurationID                : 
ConfigurationMode              : ApplyAndAutoCorrect
ConfigurationModeFrequencyMins : 15
Credential                     : 
DebugMode                      : {NONE}
DownloadManagerCustomData      : 
DownloadManagerName            : 
LCMCompatibleVersions          : {1.0, 2.0}
LCMState                       : Idle
LCMStateDetail                 : 
LCMVersion                     : 2.0
StatusRetentionTimeInDays      : 10
PartialConfigurations          : 
RebootNodeIfNeeded             : True
RefreshFrequencyMins           : 30
RefreshMode                    : Pull
ReportManagers                 : {[ReportServerWeb]PullSrv}
ResourceModuleManagers         : {[ResourceRepositoryWeb]PullSrv}
PSComputerName

Get-DscConfiguraion on node:
When i try to get-dscconfiguration on the node (vm08) i just get:

PS C:\WINDOWS\system32> Get-DscConfiguration
Get-DscConfiguration : Current configuration does not exist. Execute Start-DscConfiguration command with -Path parameter to specify a configuration file and create a current configuration 
first.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : MI RESULT 1,Get-DscConfiguration

Any tips are welcome!
brgs.
BJørn

#2

There are two ways to pull a configuration

  1. Let the DSC engine do it for you when the Pull timer kicks in
  2. You can trigger a pull by doing an Update-DscConfiguration from the node where the LCM is.

Get-DscConfiguration is used for getting the current state of the machine once a configuration has been applied.

#3

Hi Induh
Thank you for the reply.

When running update-dscConfiguration on the node (vm08) I get:

PS C:\Windows\system32> Update-DscConfiguration

Id     Name            PSJobTypeName   State         HasMoreData     Location             Command                  
--     ----            -------------   -----         -----------     --------             -------                  
114    Job114          Configuratio... Running       True            localhost            Update-DscConfiguration  



PS C:\Windows\system32> Get-DscConfiguration
Get-DscConfiguration : Current configuration does not exist. Execute Start-DscConfiguration command with -Path parameter to specify a configuration file and create a current configuration first.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : MI RESULT 1,Get-DscConfiguration


PS C:\Windows\system32> Get-DscConfigurationStatus

Status     StartDate                 Type            Mode  RebootRequested      NumberOfResources             
------     ---------                 ----            ----  ---------------      -----------------             
Failure    04.08.2016 09:15:04       Initial         Pull  False

Node cant seem to get hold of the configuration that is on the pull server.

brgs

Bjørn

#4

This is how i set the LCM on my node remotely from my workstation:

$PullServer = 'vm01'
$node = 'vm08'
$RegkeyFromLocation = 'e6998480-49a3-4134-8a05-b1f59f42be20'
$NodeThumbprint = '42235A417BE23ADDE72F1593BDE665106262CF7C'
$cred = Get-Credential contoso\accountA

#---------------------------------
#CONFIGURE LCM
#---------------------------------
#Bruker registrationkey fra over.
[DSCLocalConfigurationManager()]
configuration PullClientConfigID
{
        param (
        [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [array] $NodeName,
        [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $PullServer,
        [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $NodeThumbprint,
        [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $RegistrationKey
    )

    Node $NodeName
    {
        Settings
        {
            RefreshMode          = 'Pull'
            RefreshFrequencyMins = 30 
            RebootNodeIfNeeded   = $true
            #AllowModuleOverwrite = $true
            ConfigurationMode = "ApplyAndAutocorrect"
            CertificateID = $NodeThumbprint

        }

        ConfigurationRepositoryWeb PullSrv
        {
            ServerURL          = "https://$PullServer"+":8080/PSDSCPullServer.svc"
            RegistrationKey    = $RegkeyFromLocation

            #Velg en konfigurasjon du vil noden skal kjøre igang
            ConfigurationNames = @("copytest")
        }   

        ReportServerWeb PullSrv
        {
            ServerURL       = "https://$PullServer"+":8080/PSDSCPullServer.svc"
            RegistrationKey = $RegkeyFromLocation
        }

        ResourceRepositoryWeb PullSrv
        {
            ServerURL = "https://$PullServer"+":8080/PSDSCPullServer.svc"
            RegistrationKey = $RegkeyFromLocation
        }

    }
}





#Create mof-meta
PullClientConfigID -OutputPath c:\Configs\TargetNodes -NodeName $node -PullServer $PullServer -Thumbprint $NodeThumbprint -RegistrationKey $RegkeyFromLocation

New-DscChecksum -path c:\Configs\TargetNodes

#Remote deploy from workstation:
Write-Host "Starting CimSession"

$cim = New-CimSession -ComputerName $node -Credential $cred

Write-Host "Writing config"
Set-DscLocalConfigurationManager -CimSession $cim -Path c:\Configs\TargetNodes -Verbose
#5

Hmm, trying to set the lcm locally with verbose and wait parameters on the node it actually gives me:

PS C:\Windows\system32> Update-DscConfiguration -Wait -verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = PerformRequiredConfigurationChecks,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguratio
n'.
VERBOSE: An LCM method call arrived from computer vm08 with user sid S-1-5-21-195968190-741174349-770780043-93293.
VERBOSE: [vm08]:                            [] Executing Get-Action with configuration 's checksum: .
VERBOSE: [vm08]:                            [] Executing Get-Action with configuration 's checksum failed. Please check the availability of pull server.
The attempt to get the action from server https://vm01:8080///PSDSCPullServer.svc/Nodes(AgentId='A3E37E75-48E0-11E6-80D9-005056837311')/GetDscAction failed because pullserver is not available or there is no  registered node wi
th AgentId A3E37E75-48E0-11E6-80D9-005056837311 on the server.
    + CategoryInfo          : ResourceUnavailable: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : WebDownloadManagerGetActionNodeConfigurationNotFound,Microsoft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 2.205 seconds

PS C:\Windows\system32>
#6

I see this guy has the same issue as me, unresolved.
https://www.reddit.com/r/PowerShell/comments/4gvjye/issue_registering_new_dsc_node_to_pull_server/

#7

So I figured out what I was doing wrong. When compiling the file configuration, the mof file was named after the node (wm08.mof). I simply changed the name to the name of my configuration (copytest.mof), created a new dscChecksum and put these files in the dsc configuration path on the pull server. voila. works perfectly.

brgs

Bjørn Roalkvam