Pull Server / LCM Config sanity check-Failed to register DSC Agent with Agentid

I need a sanity check please… I cannot figure out what I’m doing wrong on my config. The Pull server config runs with no red. The LCM confg dies with the dreaded “Failed to register DSC Agent with Agentid”

I know, bad practice to put the regkey in the config file. I did that just so I could see it. My config is just turning off the spooler service.

Pull Server Config

[pre]

Configuration New-DSCPullServer {
param (
[Parameter(Mandatory=$true)]
[ValidateNotNullorEmpty()]
[System.String] $NodeName,
[Parameter(Mandatory=$true)]
[ValidateNotNullorEmpty()]
[System.String] $CertificateThumbprint
)
Import-DscResource-ModuleName PSDesiredStateConfiguration, xPSDesiredStateConfiguration
Node $NodeName
{
LocalConfigurationManager
{
ActionAfterReboot = 'ContinueConfiguration'
ConfigurationMode = 'ApplyandAutoCorrect'
RebootNodeIfNeeded = $false
}
WindowsFeature DSCServiceFeature
{
Ensure = 'Present'
Name = 'DSC-Service'
}
WindowsFeature IISConsole
{
Ensure = 'Present'
Name = 'Web-Mgmt-Console'
DependsOn = '[WindowsFeature]DSCServiceFeature'
}
xDSCWebService PSDSCPullServer
{
Ensure = 'Present'
EndpointName = 'PSDSCPullServer'
Port = 8080
PhysicalPath = "$env:SYSTEMDRIVE\inetpub\wwwroot\PSDSCPullServer"
CertificateThumbPrint = $CertificateThumbprint
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
RegistrationKeyPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\"
State = 'Started'
UseSecurityBestPractices = $true
DependsOn = '[WindowsFeature]DSCServiceFeature'
}
File RegistrationKey
{
Ensure = 'Present'
DestinationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\registrationkey.txt"
Contents = '7541765d-9d4c-4634-be97-76152528379e'
Type = 'File'
}
}
}
[/pre]

Spooler Config

[pre]

configuration PrintSpooler {
param ()
Node localhost
{
Service PrintSpooler
{
Ensure = 'Present'
Name = 'Spooler'
StartupType = 'Disabled'
State = 'Stopped'
}
Log RemoteRegistry
{
Message = 'Spooler configuration complete'
DependsOn = '[Service]PrintSpooler'
}
}
}
[/pre]

 

LCM Config

[pre]

[DSCLocalConfigurationManager()]
configuration LCM-HTTPS
{
param
(
[Parameter(Mandatory= $true)]
[string[]]$ComputerName,

[Parameter(Mandatory= $true)]
[string]$regKey,

[Parameter(Mandatory= $true)]
[string]$pullThumbprint
)
Node localhost
{
Settings
{
AllowModuleOverwrite = $true
ConfigurationMode = ‘ApplyAndAutoCorrect’
RefreshMode = ‘Pull’
RefreshFrequencyMins = 30
}
ConfigurationRepositoryWeb HTTPs
{
ServerURL = ‘https://DSC-DC:8080/PSDSCPullServer.svc
CertificateID = $pullThumbprint
RegistrationKey = $regKey
AllowUnsecureConnection = $false
ConfigurationNames = @(‘PrintSpooler’)
}
}
}

[/pre]

Any thoughts? What am I missing?

I figured it out. The error was not related to the PowerShell code at all.

I created a custom CNAME DNS record for my pull server url, something like pull.dsc.local. Turns out when you create the domain certificate in IIS the common name has to match that URL exactly. Otherwise, you get this not so descriptive error when trying to register the LCMs.