Nodes will not accept Pull config LCM

DSC
1

Hi all,

I have been using DSC for a while now via Push and it’s been working great. However, I am now trying to set up a Pull server and I’m really struggling. I’ve followed instructions, and everything looks like it’s working until the point where I get errors without any meaning.

The Pull server looks fine as far as I can tell, it was installed on a fresh 2012r2 server with all updates and WMF5.

I used xPSDesiredStateConfiguration 3.10 and followed the guide here: https://msdn.microsoft.com/en-us/powershell/dsc/pullserver

When I try to push the example LCM script to any test node (also fresh 2012r2 servers with all updates and WMF5) I get the error:

Registration of the Dsc Agent with the server https://DSCPull:8080/PSDSCPullServer.svc failed. The underlying error is: Failed to
register Dsc Agent with AgentId 18C4E1F5-271D-11E6-80CE-00155D74AA49 with the server
https://dscpull:8080/PSDSCPullServer.svc/Nodes(AgentId=‘18C4E1F5-271D-11E6-80CE-00155D74AA49’). .
+ CategoryInfo : InvalidResult: (root/Microsoft/…gurationManager:String) , CimException
+ FullyQualifiedErrorId : RegisterDscAgentCommandFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.RegisterDscAgent
Command
+ PSComputerName : localhost

I get an identical entry in the event log, which is also not really pointing me in any meaningful direction.

I’m really at the end of my tether with this, it seems like the Pull server simply doesn’t work and doesn’t want to explain why.

Any help would be appreciated.

2

Hey Musketeer – can you post your LCM config that your sending to the nodes?

3

Hi Jason,

The latest LCM I have tried is:

[DSCLocalConfigurationManager()]
configuration DSCTestNode02LCM
{
    Node localhost
    {
        Settings
        {
            RefreshMode = 'Pull'
            RefreshFrequencyMins = 30 
            RebootNodeIfNeeded = $true
            ConfigurationMode = 'ApplyAndAutoCorrect'
            ConfigurationModeFrequencyMins = 15
        }
        ConfigurationRepositoryWeb DSCPull
        {
            ServerURL = 'https://DSCPull:8080/PSDSCPullServer.svc'
            RegistrationKey = 'XXXXXXXX'
            ConfigurationNames = 'DSCTestNode02Config'
        }      
    }
}
DSCTestNode02LCM
Set-DSCLocalConfigurationManager localhost –Path .\PullClient –Verbose -force

This was largely copied from https://www.florinloghiade.ro/2016/02/powershell-dsc-building-a-pull-server-on-wmf-5/ which is a post from Feb of this year. That said, I also tried the one from https://msdn.microsoft.com/en-us/powershell/dsc/pullserver (adjusted for my environment in the same way) which is from last Friday with the same result. The only difference in the LCM on the second page is the ReportServerWeb section, which I believe is not required unless you’re using a different server for reporting.

Am I being really stupid? Is there something obvious here that I’m doing wrong or misunderstanding?

Thanks for your help.

4

Hmmm… well at first glance – your using a secured website for Configrepo – but I’m not seeing the thumbprint of the certificate for the website.

  1. Do you have a certificate install and configured for the website?
  2. If so, put the thumbprint into the repository web section – similar to this:
ConfigurationRepositoryWeb DSCHTTPS {
                ServerURL = 'https://DSC.company.pri:8080/PSDSCPullServer.svc'
                CertificateID = $Thumbprint # <----------------------------------------------------Thumbprint
                AllowUnsecureConnection = $False
                RegistrationKey = "XXXXXXXXX" 
                ConfigurationNames = @("RoleSNMP") 
            }

I have code that grabs it for me

$Thumbprint=Invoke-Command -Computername $ComputerName {Get-Childitem Cert:\LocalMachine\My | Where-Object {$_.FriendlyName -like “DSCPull”} | Select-Object -ExpandProperty ThumbPrint}

5

Hmmm… well at first glance – your using a secured website for Configrepo – but I’m not seeing the thumbprint of the certificate for the website.

  1. Do you have a certificate install and configured for the website?
  2. If so, put the thumbprint into the repository web section – similar to this:

ConfigurationRepositoryWeb DSCHTTPS {
ServerURL = ‘https://DSC.company.pri:8080/PSDSCPullServer.svc
CertificateID = $Thumbprint # <----------------------------------------------------Thumbprint
AllowUnsecureConnection = $False
RegistrationKey = “XXXXXXXXX”
ConfigurationNames = @(“RoleSNMP”)
}

I have code that grabs it for me

$Thumbprint=Invoke-Command -Computername $ComputerName {Get-Childitem Cert:\LocalMachine\My | Where-Object {$_.FriendlyName -like “DSCPull”} | Select-Object -ExpandProperty ThumbPrint}

6

Hi Jason,

I’ve just updated this (added that line between ServerURL and RegistrationKey) and unfortunately still get the same error.

Is there another log I can look to besides the Event Viewer to perhaps get a bit more info?

Thanks again.

7

Here’s some documentation about the logs — https://msdn.microsoft.com/en-us/powershell/dsc/troubleshooting

Just out of curiosity, what kind of certificate is set to the pull server?

8

@Musketeer: Notice that what Jason linked is the Pull Server Script, not the LCM script.

You need the Thumbprint of a certificate that’s already present on the server holding the pull server
and when you create the mof file for the pull server, you need to supply the thumbprint.

you dont need to change your LCM script at all.
On a different note: you have to use the ReportServer section. Even if its on the same node, else it wont be turned on at all. The difference is that if its on the same node as the pull server, you dont have to resupply the RegistrationKey as its the same.

This is a sample of a Pull server script

Configuration CreatePullServer
{
    param
    (
        [ValidateNotNullOrEmpty()][string] $ComputerName,
        [ValidateNotNullOrEmpty()][String] $CertificateThumbprint
    )

    Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 3.10.0.0

    Node $ComputerName
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure    = 'Present'
            Name      = 'DSC-Service'
        }

        xDscWebService PSDSCPullServer
        {
            Ensure                       = 'Present'
            EndpointName                 = 'PSDSCPullServer'
            Port                         = 8080
            PhysicalPath                 = 'D:\WebSites\PSDSCPullServer'
            CertificateThumbPrint        = $CertificateThumbprint
            State                        = 'Started'
            ModulePath                   = 'C:\Program Files\WindowsPowerShell\DscService\Modules'
            ConfigurationPath            = 'C:\Program Files\WindowsPowerShell\DscService\Configuration'
            RegistrationKeyPath          = 'C:\Program Files\WindowsPowerShell\DscService'
            AcceptSelfSignedCertificates = $false
The other thing I've encountered before was a case a pull server was created on an existing IIS Server that had the URLScan applied to its 
            IsComplianceServer           = $false
            DependsOn                    = '[File]RegistrationKeyFile'
         }

         File RegistrationKeyFile
         {
            Ensure          = 'Present'
            Type            = 'File'
            DestinationPath = 'C:\Program Files\WindowsPowerShell\DscService\RegistrationKeys.txt'
            Contents        = '5e2e5153-62b8-44a3-958e-198eafc7218a'
            DependsOn       = '[WindowsFeature]DSCServiceFeature'
         }
    }
}


# Certificate should also be installed at the target server beforehand
$myCertPath = '.\DSCPullServer.pfx'
$myCertThumbprint = (Get-PfxCertificate -FilePath $myCertPath).Thumbprint

CreatePullServer -ComputerName SRV1 -CertificateThumbprint $myCertThumbprint -OutputPath '.\'

Start-DscConfiguration -ComputerName SRV1 -path '.\' -Force -Wait -Verbose

configuration blocking certain HTTP Verbs. This will show on the URLScan logs is such block was active

9

Doh! thanks Arie – not enough coffee this morning!

10

seems i cant reedit my original post, as it intervened inside the mid of the code, but the last part after the code is this:

I have noticed something before when i installed a pull server on an existing IIS, that had a URLScan active
and was blocking some HTTP verbs that the Pull server was using. You can look at the URLScan logs and if a blocking has occurred
you will see it in there.

11

Thanks to everyone for your help, I’ve done some more digging into this and I’m fairly certain that as suggested, there is a problem with the Pull server itself rather than my LCM scripts.

I have rolled back the VM for the Pull server and tried to deploy again with what I’ve learned. Here is the script I’m using, based on a combination of the MS post I mentioned previously and Arie’s post above:

 configuration Make_xDscPullServer
{ 
    param  
    ( 
            [string[]]$NodeName = 'localhost', 

            [ValidateNotNullOrEmpty()] 
            [string] $certificateThumbPrint,

            [Parameter(Mandatory)]
            [ValidateNotNullOrEmpty()]
            [string] $RegistrationKey 
     ) 


     Import-DSCResource -ModuleName 'xPSDesiredStateConfiguration' -ModuleVersion 3.10.0.0
     Import-DscResource –ModuleName 'PSDesiredStateConfiguration'

     Node $NodeName 
     { 
         WindowsFeature DSCServiceFeature 
         { 
             Ensure    = 'Present'
             Name      = 'DSC-Service'
             DependsOn = '[File]RegistrationKeyFile'
             
         } 

         xDscWebService PSDSCPullServer 
         { 
             Ensure                  = 'Present' 
             EndpointName            = 'PSDSCPullServer' 
             Port                    = 8080 
             PhysicalPath            = 'C:\inetpub\PSDSCPullServer'
             CertificateThumbPrint   = $certificateThumbPrint          
             ModulePath              = 'C:\Program Files\WindowsPowerShell\DscService\Modules' 
             ConfigurationPath       = 'C:\Program Files\WindowsPowerShell\DscService\Configuration' 
             RegistrationKeyPath     = 'C:\Program Files\\WindowsPowerShell\DscService'
             State                   = 'Started'
             DependsOn               = '[WindowsFeature]DSCServiceFeature'                         
         } 

        File RegistrationKeyFile
        {
            Ensure          = 'Present'
            Type            = 'File'
            DestinationPath = 'C:\Program Files\WindowsPowerShell\DscService\RegistrationKeys.txt'
            Contents        = $RegistrationKey
        }
    }
}

# To find the Thumbprint for an installed SSL certificate for use with the pull server list all certifcates in your local store 
# and then copy the thumbprint for the appropriate certificate by reviewing the certificate subjects
# dir Cert:\LocalMachine\my

# Then include this thumbprint when running the configuration
# Make_xDSCPullServer -certificateThumbprint 'ThumbPrintForMyCertificate' -RegistrationKey 'A-Guid-I-Created' -OutputPath c:\Configs\PullServer

# Run the compiled configuration to make the target node a DSC Pull Server
# Start-DscConfiguration -Path c:\Configs\PullServer -Wait -Verbose -force

Notes at the bottom because, hey, write once right?

The certificate I’m using is created for my org’s internal Active Directory Certificate Services server. I’ve created once specifically for this with the SANs for DSCPull and DSCPull.MyDomain.Office. You can browse from the target node to the DSC page at https://dscpull:8080/PSDSCPullServer.svc/ without any cert errors, so it looks like the cert is OK.

I’m certain I’ve done everything I can think of here, but when the Start-DscConfiguration line at the bottom is run, I get the following:

PS H:\> Start-DscConfiguration -Path c:\Configs\PullServer -Wait -Verbose -force
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSC
LocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DSCPULL with user sid S-1-5-21-158750696-1666205297-2108502058-35423.
VERBOSE: [DSCPULL]: LCM:  [ Start  Set      ]
VERBOSE: [DSCPULL]: LCM:  [ Start  Resource ]  [[File]RegistrationKeyFile]
VERBOSE: [DSCPULL]: LCM:  [ Start  Test     ]  [[File]RegistrationKeyFile]
VERBOSE: [DSCPULL]:                            [[File]RegistrationKeyFile] The destination object was found and no action is required.
VERBOSE: [DSCPULL]: LCM:  [ End    Test     ]  [[File]RegistrationKeyFile]  in 0.0150 seconds.
VERBOSE: [DSCPULL]: LCM:  [ Skip   Set      ]  [[File]RegistrationKeyFile]
VERBOSE: [DSCPULL]: LCM:  [ End    Resource ]  [[File]RegistrationKeyFile]
VERBOSE: [DSCPULL]: LCM:  [ Start  Resource ]  [[WindowsFeature]DSCServiceFeature]
VERBOSE: [DSCPULL]: LCM:  [ Start  Test     ]  [[WindowsFeature]DSCServiceFeature]
VERBOSE: [DSCPULL]:                            [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started: DSC-Ser
vice
VERBOSE: [DSCPULL]:                            [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeeded: DSC-S
ervice
VERBOSE: [DSCPULL]: LCM:  [ End    Test     ]  [[WindowsFeature]DSCServiceFeature]  in 0.6900 seconds.
VERBOSE: [DSCPULL]: LCM:  [ Skip   Set      ]  [[WindowsFeature]DSCServiceFeature]
VERBOSE: [DSCPULL]: LCM:  [ End    Resource ]  [[WindowsFeature]DSCServiceFeature]
VERBOSE: [DSCPULL]: LCM:  [ Start  Resource ]  [[xDSCWebService]PSDSCPullServer]
VERBOSE: [DSCPULL]: LCM:  [ Start  Test     ]  [[xDSCWebService]PSDSCPullServer]
VERBOSE: [DSCPULL]:                            [[xDSCWebService]PSDSCPullServer] Check Ensure
VERBOSE: [DSCPULL]:                            [[xDSCWebService]PSDSCPullServer] The Website PSDSCPullServer is not present
VERBOSE: [DSCPULL]: LCM:  [ End    Test     ]  [[xDSCWebService]PSDSCPullServer]  in 0.2030 seconds.
VERBOSE: [DSCPULL]: LCM:  [ Start  Set      ]  [[xDSCWebService]PSDSCPullServer]
VERBOSE: [DSCPULL]:                            [[xDSCWebService]PSDSCPullServer] Create the IIS endpoint
VERBOSE: [DSCPULL]:                            [[xDSCWebService]PSDSCPullServer] Setting up endpoint at - https://DSCPULL:8080/PSDSCPu
llServer.svc
VERBOSE: [DSCPULL]:                            [[xDSCWebService]PSDSCPullServer] Verify that the certificate with the provided thumbpr
int exists in CERT:\LocalMachine\MY\
VERBOSE: [DSCPULL]:                            [[xDSCWebService]PSDSCPullServer] Checking IIS requirements
VERBOSE: [DSCPULL]:                            [[xDSCWebService]PSDSCPullServer] Delete the App Pool if it exists
The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script 
block, or a CommandInfo object.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : BadExpression
    + PSComputerName        : localhost
 
The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script 
block, or a CommandInfo object.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : BadExpression
    + PSComputerName        : localhost
 
The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script 
block, or a CommandInfo object.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : BadExpression
    + PSComputerName        : localhost
 
VERBOSE: [DSCPULL]: LCM:  [ End    Set      ]  [[xDSCWebService]PSDSCPullServer]  in 2.8200 seconds.
The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo 
'\\denfile\SystemData\PowerShell\ServerSetup\DSC\MakePullServer.ps1::29::10::xDscWebService' threw one or more non-terminating 
errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called 
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost
 
VERBOSE: [DSCPULL]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost
 
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 4.355 seconds

It looks like everything is just fine until it gets to the “[[xDSCWebService]PSDSCPullServer] Delete the App Pool if it exists” line.

Has anyone seen this before or got nay idea what it might be which is causing this?

Interestingly, even with these errors, I can browse to https://dscpull:8080/PSDSCPullServer.svc/ and view the XML is generates. So SOMETHING is installed, but it seems like not functioning properly.

12

Can you please share the version of xpsdesiredstateconfiguration that you are using?

13

@Musketeer: Few things to do -

-I’m assuming you have installed WMF 5 (RTM or newer) on the node that will serve as a pullserver.
-I’m assuming you have installed WMF 5 (RTM or newer) on the statin, server you creating the mof files on. Preferably the same version
of WMF5 as the one on the pullserver.
-I’m assuming you have xPSDesiredStateConfiguration module with version 3.10.0.0 on the pullserver already.

  1. Using your code will result in a localhost.mof
    Not sure how the IIS reacts to that, but can you use the same method I did, without any defaults for the node name
    and with supplying it as part of the command, and then apply the dsc script again to the node.

  2. Since you can open the pullserver website but in the logs the website didn’t exist, yet it faulted on the application pool
    I can only assume the rollback of the vm wasn’t really to a clean state ?

A web site in IIS cant be accessed if it doesn’t have a matching and valid application pool. When the pullserver script works, one of the things it does is create an application pool called PSWS with localsystem as its identity and links the PSDSCPullServer endpoint to that application pool.

Go to the IIS management, looks for a PSWS application pool and delete it and then delete the pullserver web site.
Now try running the pullserver script again.

  1. I haven’t yet tried creating a pullserver from version 3.10.0.0 so hopefully there’s no bug there, though I didn’t find
    any comments or posts of issues with 3.10.0.0 specifically. To avoid a hint of a problem, I would go to the
    PowerShell Gallery and download xPSDesiredStateConfiguration version 3.9.0.0 and try with that.

Other then that the script looks ok.
Generally speaking you dont need the Import-Module PS… as its installed by WMF 5 and is part of the $Env:PSModulePath
and I wouldn’t use a depends on for a WindowsFeature as that should always be the first thing that gets installed and others
should be based on it.

14

@Musketeer: I am able to repro this and I will file a bug on our end to fix the xpsdesiredstateconfiguration with version 3.10.0.0. I have tried this with xPSdesiredStateConfiguration 3.9.0.0 and the configuration succeeds.

15

Hi all,

Thanks a lot to everyone who posted in this thread!

Indhu, it’s great to know I’m not just doing something wrong.

I was able to roll the server back, install 3.9 and then run the setup script. This worked without errors! I can see XML at https://dscpull:8080/PSDSCPullServer.svc/ which all looks like it should according to what I’ve seen. So far so good!

However, when I try to set up a machine to check in with this I get an error.

I have 2 test nodes, both are fresh built 2012r2 servers deployed from the same template as all my production and test servers. Both are fully updated to WMF5 and all current patches and have no other software installed.

One is on my production domain (domain.office) and the other is on a testing domain (testing.domain.office).

On the production domain, I am using the following LCM script:

[DSCLocalConfigurationManager()]
configuration DSCTestNode01LCM
{
    Node localhost
    {
        
        Settings
        {
            RefreshMode = 'Pull'
            RefreshFrequencyMins = 30 
        }
        
        ConfigurationRepositoryWeb DSCPull
        {
            ServerURL = 'https://DSCPull:8080/PSDSCPullServer.svc'
            RegistrationKey = 'Guid-I-Created'
            ConfigurationNames = 'DSCTestNode01'
        }

        ReportServerWeb DSCPull
        {
            ServerURL = 'https://DSCPull:8080/PSDSCPullServer.svc'
            RegistrationKey = 'Guid-I-Created'
        }
    }
}
DSCTestNode01LCM
Set-DSCLocalConfigurationManager localhost –Path .\PullClient –Verbose

I get the following error:

VERBOSE: Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target "M
SFT_DSCLocalConfigurationManager".
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendMetaCo
nfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/W
indows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DSCTESTNODE01 with user sid S-1-5-21-158750696-16
66205297-2108502058-35423.
VERBOSE: [DSCTESTNODE01]: LCM:  [ Start  Set      ]
VERBOSE: [DSCTESTNODE01]: LCM:  [ Start  Resource ]  [MSFT_DSCMetaConfiguration]
VERBOSE: [DSCTESTNODE01]: LCM:  [ Start  Set      ]  [MSFT_DSCMetaConfiguration]
VERBOSE: [DSCTESTNODE01]: LCM:  [ End    Set      ]  [MSFT_DSCMetaConfiguration]  in 0.0310 seconds
.
VERBOSE: [DSCTESTNODE01]: LCM:  [ End    Resource ]  [MSFT_DSCMetaConfiguration]
VERBOSE: [DSCTESTNODE01]: LCM:  [ End    Set      ]
Registration of the Dsc Agent with the server https://DSCPull:8080/PSDSCPullServer.svc failed. 
The underlying error is: The attempt to register Dsc Agent with AgentId 
7C2F14B2-27FE-11E6-80BF-00155D754D15 with the server 
https://dscpull:8080/PSDSCPullServer.svc/Nodes(AgentId='BlahBlahBlah') 
returned unexpected response code Unauthorized. .
    + CategoryInfo          : InvalidResult: (root/Microsoft/...gurationManager:String) [], CimEx 
   ception
    + FullyQualifiedErrorId : RegisterDscAgentUnsuccessful,Microsoft.PowerShell.DesiredStateConfi 
   guration.Commands.RegisterDscAgentCommand
    + PSComputerName        : localhost
 
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Set-DscLocalConfigurationManager finished in 0.329 seconds.

The server on the test domain give a similar error:

Registration of the Dsc Agent with the server https://DSCPull:8080/PSDSCPullServer.svc failed. 
The underlying error is: Failed to register Dsc Agent with AgentId 
18C4E1F5-271D-11E6-80CE-00155D74AA49 with the server 
https://dscpull:8080/PSDSCPullServer.svc/Nodes(AgentId='BlahBlahBlah'). .
    + CategoryInfo          : InvalidResult: (root/Microsoft/...gurationManager:String) [], CimEx 
   ception
    + FullyQualifiedErrorId : RegisterDscAgentCommandFailed,Microsoft.PowerShell.DesiredStateConf 
   iguration.Commands.RegisterDscAgentCommand
    + PSComputerName        : localhost

Anyone seen this before? Both servers can access the XML via https using a browser. Certificates are all trusted and look good.

16

@Musketeer: Can you get me some additional logs from both the testing machines and the machine where the Pull Server is installed? The way to do this is to use the New-xDscDiagnosticsZip cmdlet from the xDscDiagnostics module here GitHub - dsccommunity/xDscDiagnostics: This module contains cmdlets for analyzing DSC event logs.

It looks like the test machine on the production domain fails with an “Unauthorized” error and the one on the test domain fails with a different error. Is that right?

Unauthorized error can happen for the following scenarios

  1. Invalid RegistrationKey - Can you please check if this could be the case?
  2. Invalid Certificate - You have already validated this.
17

Hi everyone,

I have managed to get to the bottom of the problem with the server on my domain, the tooling I was using was just pushing the same mof over and over with the old/wrong ConfigurationID!

Fixed that, no more problems with that server!

However, I have managed to get some progress on the test domain machine, although it still isn’t working right. I’m still getting the “Failed to register Dsc Agent with the server” error when I push the following LCM config:

[DSCLocalConfigurationManager()]
configuration DSCTestNode02LCM
{
    Node localhost
    {
        
        Settings
        {
            RefreshMode = 'Pull'
            RefreshFrequencyMins = 30
            RebootNodeIfNeeded = $true
            ConfigurationMode = 'ApplyAndMonitor'
            ConfigurationModeFrequencyMins = 15
        }
        
        ConfigurationRepositoryWeb DSCPull
        {
            ServerURL = "https://DSCPull:8080/PSDSCPullServer.svc"
            RegistrationKey = "Guid-I-made-up"
            ConfigurationNames = "DSCTestNode02"
        }

        ReportServerWeb DSCPull
        {
            ServerURL = 'https://DSCPull:8080/PSDSCPullServer.svc'
            RegistrationKey = 'Guid-I-made-up'
        }
    }
}
DSCTestNode02LCM -OutputPath \\Server\MOFs\DSCTestNode02
Set-DSCLocalConfigurationManager localhost –Path \\Server\MOFs\DSCTestNode02 –Verbose

However, if I remove the section about the ReportServerWeb section and the ConfigurationNames and RegistrationKey from the ConfigurationRepositoryWeb section and add the following line to the Settings section:

ConfigurationID = "ab3b171a-848a-491b-aa9b-9a4e52c219f7"

effectively turning this into a v1 Pull config, it works just fine.

I would expect this from a server with WMF4, but the output from PSVersionTable from both nodes is identical.

Name                           Value                                                              
----                           -----                                                              
PSVersion                      5.0.10586.117                                                      
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                            
BuildVersion                   10.0.10586.117                                                     
CLRVersion                     4.0.30319.34209                                                    
WSManStackVersion              3.0                                                                
PSRemotingProtocolVersion      2.3                                                                
SerializationVersion           1.1.0.1

This is baffling. The icons on the start bar on node02 (test child domain) are the old ones from WMF4, although all the other machines which have WMF5 have the new style icons. It’s as if WMF5 hasn’t properly installed all the DSC updates which make ConfigurationNames work.

I built a fresh server on the testing domain and LCM registers fine on that using ConfigurationNames. It appears the problem is restricted to this one server and may be a bad install of WMF5.

I’ve tried uninstalling WMF5 and re-installing on the troubled node, but no luck.

18

And a while later, the LCM on the new test node is no longer working. Where it used to work fine, I now get the same “Failed to register Dsc Agent with the server” error.

19

@Musketeer: Are both these nodes trying to register at the same time?
There was a bug in our Pull Server where we were accessing the database in a way that would fail in a multi-threaded scenario. We have fixed this issue for our next release.

But in order to truly confirm that this is the issue, can you please send me the logs from both the nodes and the Pull Server? You can collect the logs by running the cmdlet New-xDscDiagnosticszip from xDscDiagnostics module from GitHub - dsccommunity/xDscDiagnostics: This module contains cmdlets for analyzing DSC event logs.

20

Hi Indhu,

How best can I get this zip to you?