Thanks to everyone for your help, I’ve done some more digging into this and I’m fairly certain that as suggested, there is a problem with the Pull server itself rather than my LCM scripts.
I have rolled back the VM for the Pull server and tried to deploy again with what I’ve learned. Here is the script I’m using, based on a combination of the MS post I mentioned previously and Arie’s post above:
configuration Make_xDscPullServer
{
param
(
[string[]]$NodeName = 'localhost',
[ValidateNotNullOrEmpty()]
[string] $certificateThumbPrint,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $RegistrationKey
)
Import-DSCResource -ModuleName 'xPSDesiredStateConfiguration' -ModuleVersion 3.10.0.0
Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
Node $NodeName
{
WindowsFeature DSCServiceFeature
{
Ensure = 'Present'
Name = 'DSC-Service'
DependsOn = '[File]RegistrationKeyFile'
}
xDscWebService PSDSCPullServer
{
Ensure = 'Present'
EndpointName = 'PSDSCPullServer'
Port = 8080
PhysicalPath = 'C:\inetpub\PSDSCPullServer'
CertificateThumbPrint = $certificateThumbPrint
ModulePath = 'C:\Program Files\WindowsPowerShell\DscService\Modules'
ConfigurationPath = 'C:\Program Files\WindowsPowerShell\DscService\Configuration'
RegistrationKeyPath = 'C:\Program Files\\WindowsPowerShell\DscService'
State = 'Started'
DependsOn = '[WindowsFeature]DSCServiceFeature'
}
File RegistrationKeyFile
{
Ensure = 'Present'
Type = 'File'
DestinationPath = 'C:\Program Files\WindowsPowerShell\DscService\RegistrationKeys.txt'
Contents = $RegistrationKey
}
}
}
# To find the Thumbprint for an installed SSL certificate for use with the pull server list all certifcates in your local store
# and then copy the thumbprint for the appropriate certificate by reviewing the certificate subjects
# dir Cert:\LocalMachine\my
# Then include this thumbprint when running the configuration
# Make_xDSCPullServer -certificateThumbprint 'ThumbPrintForMyCertificate' -RegistrationKey 'A-Guid-I-Created' -OutputPath c:\Configs\PullServer
# Run the compiled configuration to make the target node a DSC Pull Server
# Start-DscConfiguration -Path c:\Configs\PullServer -Wait -Verbose -force
Notes at the bottom because, hey, write once right?
The certificate I’m using is created for my org’s internal Active Directory Certificate Services server. I’ve created once specifically for this with the SANs for DSCPull and DSCPull.MyDomain.Office. You can browse from the target node to the DSC page at https://dscpull:8080/PSDSCPullServer.svc/ without any cert errors, so it looks like the cert is OK.
I’m certain I’ve done everything I can think of here, but when the Start-DscConfiguration line at the bottom is run, I get the following:
PS H:\> Start-DscConfiguration -Path c:\Configs\PullServer -Wait -Verbose -force
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSC
LocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DSCPULL with user sid S-1-5-21-158750696-1666205297-2108502058-35423.
VERBOSE: [DSCPULL]: LCM: [ Start Set ]
VERBOSE: [DSCPULL]: LCM: [ Start Resource ] [[File]RegistrationKeyFile]
VERBOSE: [DSCPULL]: LCM: [ Start Test ] [[File]RegistrationKeyFile]
VERBOSE: [DSCPULL]: [[File]RegistrationKeyFile] The destination object was found and no action is required.
VERBOSE: [DSCPULL]: LCM: [ End Test ] [[File]RegistrationKeyFile] in 0.0150 seconds.
VERBOSE: [DSCPULL]: LCM: [ Skip Set ] [[File]RegistrationKeyFile]
VERBOSE: [DSCPULL]: LCM: [ End Resource ] [[File]RegistrationKeyFile]
VERBOSE: [DSCPULL]: LCM: [ Start Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [DSCPULL]: LCM: [ Start Test ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [DSCPULL]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started: DSC-Ser
vice
VERBOSE: [DSCPULL]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeeded: DSC-S
ervice
VERBOSE: [DSCPULL]: LCM: [ End Test ] [[WindowsFeature]DSCServiceFeature] in 0.6900 seconds.
VERBOSE: [DSCPULL]: LCM: [ Skip Set ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [DSCPULL]: LCM: [ End Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [DSCPULL]: LCM: [ Start Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [DSCPULL]: LCM: [ Start Test ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [DSCPULL]: [[xDSCWebService]PSDSCPullServer] Check Ensure
VERBOSE: [DSCPULL]: [[xDSCWebService]PSDSCPullServer] The Website PSDSCPullServer is not present
VERBOSE: [DSCPULL]: LCM: [ End Test ] [[xDSCWebService]PSDSCPullServer] in 0.2030 seconds.
VERBOSE: [DSCPULL]: LCM: [ Start Set ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [DSCPULL]: [[xDSCWebService]PSDSCPullServer] Create the IIS endpoint
VERBOSE: [DSCPULL]: [[xDSCWebService]PSDSCPullServer] Setting up endpoint at - https://DSCPULL:8080/PSDSCPu
llServer.svc
VERBOSE: [DSCPULL]: [[xDSCWebService]PSDSCPullServer] Verify that the certificate with the provided thumbpr
int exists in CERT:\LocalMachine\MY\
VERBOSE: [DSCPULL]: [[xDSCWebService]PSDSCPullServer] Checking IIS requirements
VERBOSE: [DSCPULL]: [[xDSCWebService]PSDSCPullServer] Delete the App Pool if it exists
The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script
block, or a CommandInfo object.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : BadExpression
+ PSComputerName : localhost
The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script
block, or a CommandInfo object.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : BadExpression
+ PSComputerName : localhost
The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script
block, or a CommandInfo object.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : BadExpression
+ PSComputerName : localhost
VERBOSE: [DSCPULL]: LCM: [ End Set ] [[xDSCWebService]PSDSCPullServer] in 2.8200 seconds.
The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo
'\\denfile\SystemData\PowerShell\ServerSetup\DSC\MakePullServer.ps1::29::10::xDscWebService' threw one or more non-terminating
errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : NonTerminatingErrorFromProvider
+ PSComputerName : localhost
VERBOSE: [DSCPULL]: LCM: [ End Set ]
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 4.355 seconds
It looks like everything is just fine until it gets to the “[[xDSCWebService]PSDSCPullServer] Delete the App Pool if it exists” line.
Has anyone seen this before or got nay idea what it might be which is causing this?
Interestingly, even with these errors, I can browse to https://dscpull:8080/PSDSCPullServer.svc/ and view the XML is generates. So SOMETHING is installed, but it seems like not functioning properly.