Partial Configurations - naming conventions

DSC
1

Hello,

I’m dealing with partial configurations. I’m using only one pull server and multiple configurations. I’m using configuration names and two kind of configurations:

  1. Configurations for a role, in this case W10 client workstations
    • Documents follow the naming convention [ConfigurationName].mof
  2. Configurations for a especific node
    • Documents follow the naming convention [ConfigurationName].[NodeName].mof
    • As documentations states, I'm allowed to do this since I have WMF 5.1 in the server
My problem is that nodes cannot find in the server mof documents following the 2nd naming convention.

Let me paste my configurations and LCM:

#Configura el servicio de extracción http (modo pull) para un grupo de nodos

[DSCLocalConfigurationManager()]

Configuration LCM_W10Node
{
param(
[ValidateNotNullOrEmpty()]
[string] $NodeName = 'localhost',
[ValidateNotNullOrEmpty()]
[string] $RegistrationKey #same as the one used to setup pull server in previous configuration
)

Node $NodeName {

Settings {
RefreshMode = 'Pull'
RefreshFrequencyMins = 30
ConfigurationMode = 'ApplyAndAutoCorrect'
ConfigurationModeFrequencyMins = 60
AllowModuleOverwrite = $true
RebootNodeIfNeeded = $true
CertificateID = "XXXXXXXXXXXXXXXX" #certificate for credential encryption

}

ConfigurationRepositoryWeb DSCHTTP {

ServerURL = 'http://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
RegistrationKey = $RegistrationKey
ConfigurationNames = @("w10client", "DevexpressDeployment", "MakeAdministrator")
AllowUnsecureConnection = $true
}

ReportServerWeb ReportServer {
ServerURL = 'http://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
AllowUnsecureConnection = $true

}

PartialConfiguration w10client {
Description = "w10client"
ConfigurationSource = @("[ConfigurationRepositoryWeb]DSCHTTP")
RefreshMode = "Pull"
}

PartialConfiguration MakeAdministrator{

Description = "MakeAdministrator"
ConfigurationSource = @("[ConfigurationRepositoryWeb]DSCHTTP")
RefreshMode = "Pull"
DependsOn = '[PartialConfiguration]w10client'
}

PartialConfiguration DevexpressDeployment{
Description = "DevexpressDeployment"
ConfigurationSource = @("[ConfigurationRepositoryWeb]DSCHTTP")
RefreshMode = "Pull"
}
}
}

$TestData= @{

AllNodes = @(
@{
NodeName = "vdeploytest-w10"
};
);
}

Configuration MakeAdministrator {
    param(
        [Parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        [PsCredential] $credential
        )
    Import-DscResource -ModuleName xPSDesiredStateConfiguration

    Node $AllNodes.NodeName {
        
        $Members = @('Administrador', "$($Node.User)", 'DGGH\Informatica', 'DGGH\Administrador')

        xGroup AdministradorLocal {
            GroupName = "Administradores"
            MembersToInclude = $Members
            Credential = $credential
        }
    }
}

The MakeAdministration document is the one annoying me. On update-dscconfiguration I get a warning saying:

Error executing Get-Action in the partial configuration 'MakeAdministrator'. Check the partial configuration and the checksum both exist in the server
This is my insfraestructure:
  • Server: Windows Server 2012 + WFM 5.1
  • Powershell version 5.1.1449.1012
  • Node OS: Windows 10 1709
Can any one help?
2

I think I’m probably not following along, so let me know where I’m not getting it, please ;).

I would expect the node to attempt to pull MakeAdministrator.mof and MakeAdministrator.mof.checksum from http://vmdt01.dggh.es:8080/PSDSCPullServer.svc.

Is that how you’ve set it up? And obviously permissions on the MOF and CHECKSUM files would need to be appropriate. And we’ll gloss over the dangers of using HTTP :).

3

I think I wrote the post too quickly, sorry about that.

MakeAdministrator document is named MakeAdministrator.[NodeName].mof and is located at the default path

$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration

where I have other partial documents which are being extracted succesfully (so I guess permission issues should be ruled out). I have also the correspondent MakeAdministrator.[NodeName].mof.checksum in the right place.

I don’t have problems extracting/executing documents named [ConfigurationName].mof. It seems that problems arise when using the [ConfigurationName].[Node].mof naming convention.

Am I doing wrong with the mof’s naming?

Regarding https, yes, I know …, I’ve been trying to set it up unsuccesfully :frowning: I have a post related to this in the forum.

4

I finally achieved what I wanted to, although not in the way I thought it should be at first. I’ll try to explain.

I followed a mixed (pull and push) partial configuration approach. One of the configurations (MakeAdministrator) had to be in ‘PUSH’ RefreshMode because it includes node-specific data, as a matter of fact, user-specific data which I get from a configuration data variable.

At first, I tried to use ‘PULL’ RefreshMode with the naming convention that includes the name of the node on it ([ConfigurationName].[NodeName].mof) but the document wasn’t never found, even though the documentations allow this naming convention. (See https://docs.microsoft.com/en-us/powershell/dsc/partialconfigs#naming-configuration-documents-on-the-pull-server-in-powershell-51)

Finally, I could make it work with this LCM

#Configura el servicio de extracción http (modo pull) para un grupo de nodos
[DSCLocalConfigurationManager()]
Configuration LCM_W10Node 
{
   param
    (
        [ValidateNotNullOrEmpty()]
        [string] $NodeName = 'localhost',

        [ValidateNotNullOrEmpty()]
        [string] $RegistrationKey #same as the one used to setup pull server in previous configuration
    )
	Node $NodeName {
		Settings {
		    RefreshMode = 'Pull'
		    RefreshFrequencyMins = 30
                    ConfigurationMode = 'ApplyAndAutoCorrect'
                    ConfigurationModeFrequencyMins = 60
                    AllowModuleOverwrite = $true
                    RebootNodeIfNeeded = $true
                    CertificateID = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX" #certificate for credential encryption

        }

        ConfigurationRepositoryWeb DSCHTTP {
            ServerURL = 'http://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
            RegistrationKey = $RegistrationKey
            ConfigurationNames = @('w10client') 
            AllowUnsecureConnection = $true
        }

        ReportServerWeb ReportServer {
            ServerURL = 'http://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
            AllowUnsecureConnection = $true
        }
        
        PartialConfiguration MakeAdministrator {
            Description = "Makes some default user and a custom user administrator of the node"
            RefreshMode = "Push"
            DependsOn = '[PartialConfiguration]w10client'
        }

        PartialConfiguration w10client {
            Description = "w10client"
            ConfigurationSource = @("[ConfigurationRepositoryWeb]DSCHTTP")
            RefreshMode = "Pull"
        }
	}
}

One thing that amazes me is that if I include ‘MakeAdministrator’ in the ConfigurationrepositoryWeb.ConfigurationNames this way

Settings {
ConfigurationNames = @('w10client', 'MakeAdministrator')
}

I get an error saying I lack one of the partial configuration names in the LCM for the node.

I can’t understand this, but anyway.