I am testing a configuration (using PUSH mode) which configures two windows services on a server (along with many other things) including credentials. I have setup a certificate for encrypting the credentials and followed what I believe are all the steps to do this. Pushing the config produces a strange result where the credentials for the first service work correctly but the second service fails and the configuration stops. Both services are being configured with the same credentials that are being inputted once when the MOF files are created.
I can’t find anything useful in the DSC configuration logs and the error in the console looks pretty generic…
VERBOSE: [TESTN4APP01]: LCM: [ Start Resource ] [[Service]svc_Node2_name::[N4_Common] ]
VERBOSE: [TESTN4APP01]: LCM: [ End Set ]
The SendConfigurationApply function did not succeed.
+ CategoryInfo : InvalidArgument: (root/Microsoft/…gurationManager:String) , CimException
+ FullyQualifiedErrorId : MI RESULT 4
+ PSComputerName : testn4app01
One thing I’m unsure about is the LocalConfigurationManager shows the configured certificate thumbprint prefixed with a “?” eg:
CertificateID : ?db27ee7410b3ba43c16b382a076d55183685f43c
Is this normal for the CertificateID? I’ve double checked the config and meta MOF and the strings look correct. Has it been mangled and are there any other logs that will hint at what the issue is with decrypting the credentials?