“Start-DscConfiguration -Path "D:\DSC\Mof-files" -wait -Verbose -Force”
Above works as expected and its pushes the configuration to the servers as per.mof (2 .mof in this case vm1.mof and vm2.mof)
How do I use Update-DscConfiguration for pull mode where I cannot specify the path of the .mof files
Update-DscConfiguration in pull mode works fine in case of multiple server using same config using below method:
$guid=Get-DscLocalConfigurationManager -CimSession DevOpsVM2 | Select-Object -ExpandProperty ConfigurationID
# Specify source folder of configuration
$source = "D:\DSC\Mof-files\VM1.mof"
# Destination is the Share on the SMB pull server
$dest = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration\$guid.mof"
Copy-Item -Path $source -Destination $dest
#Then on Pull server make checksum
New-DSCChecksum $dest
Update-DscConfiguration -ComputerName $AllNodes -wait -Verbose
Below is the sample script I am using to configure web Server and SQL server:
$ConfigurationData =
@{
AllNodes =
@(
@{
NodeName = "*"
LogPath = "D:\Scripts"
PSDscAllowPlainTextPassword=$true
PSDscAllowDomainUser=$true
$MyCredentials=IMPORT-CLIXML D:\DSC\SecureCredentials.xml
},
@{
NodeName = “VM1"
Role = "QA-WebServer"
},
@{
NodeName = “VM2"
Role = "SQLServer"
}
);
NonNodeData = ""
}
configuration ConfigureWebServer
{
Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
node $AllNodes.Where{$_.Role -eq "QA-WebServer"}.NodeName
{
File DirectoryCopy
{
Copy some files
}
Group AddADUserToLocalAdminGroup
{
GroupName= 'Administrators'
Ensure= 'Present'
MembersToInclude= "domain\DevUser01"," domain\DevUser05"
Credential = $MyCredentials
}
# Install the IIS feature on the server.
WindowsFeature AddWebServer
{
Name = "Web-Server"
Ensure = "Present"
}
}
node $AllNodes.Where{$_.Role -eq "SQLServer"}.NodeName
{
# Remove the IIS feature on the server.
WindowsFeature RemoveWebSQL
{
Name = "Web-Server"
Ensure = "Absent"
}
Group AddUserToLocalAdmin
{
GroupName='Administrators'
Ensure= 'Present'
MembersToInclude= " domain\DevUser02"," domain\DevUser03"," domain\DevUser04"
Credential = $MyCredentials
# PsDscRunAsCredential = $DCredential
}
}
}
ConfigureWebServer -ConfigurationData $ConfigurationData -OutputPath D:\DSC\Mof-files\
For Update-DscConfiguration, you do not need to specify any paths. Two conditions need to satisfy for Update-DscConfiguration
- Managed nodes have ConfigurationID property set in LCM
- The Pull Server has the MOFs with the name - ConfigurationID.MOF
What is the error you are seeing when you execute Update-DscConfiguration?
Thanks Indhu for quick response…
I am meeting both the condition you have indicated:
- Managed nodes have ConfigurationID property set in LCM, below is how its done
$ComputerName = ‘VM1’,‘VM2’Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP\Test -Verbose -Force
$guid=Get-DscLocalConfigurationManager -Computer VM1 | Select-Object -ExpandProperty ConfigurationID
- The Pull Server has the MOFs with the name – ConfigurationID.MOF
Copying the mof with ConfigurationID as name to pull server using below:
$source = "C:\DSC\HTTP\Test\VM1.mof"
# Destination is the Share on the SMB pull server
$dest = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration\$guid.mof"
Copy-Item -Path $source -Destination $dest
So now pull server has the mof file for VM1 and named after the LCM ConfigurationID, ConfigurationID is same in case of both server VM1 (web server) and VM2 (sql server)
When i run Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
its looks only the configuration defined for VM1 where role is web server, its not able to see the configuration defined for VM2.
Problem seems to be due to fact that ConfigurationID.MOF is mapped with either VM1 or VM2 configurations not both
So we should somehow have 2 MOFs with the name ConfigurationID.MOF present of the pull server, if this is the case how do we achieve this.
The idea of using the same ConfigurationID in more the one node is only of you want the same mof applied to the all the nodes. In your case that’s two distinct configurations so you need two separate ConfigurationID.
As a side note, you do not need a ConfigurationID if you work with WMF 5.0 and implement the new AgentID and RegistrationKey method for node registration to the pull server. This will allow you to set what ever name you want to the mof as you have to use that same name in the LCM script using the ConfigurationNames property.
Thanks Arie for your input.
You got is correct in my case i will be using more than 2 different configurations/mof for different server layers (web, App , sql,SSRS etc…)
I m using WMF 5.0 , do you have sample script or point me to some resource using Agent Id and Registration key with pull server.
below is what i am using to configure the pull client LCM:
[DSCLocalConfigurationManager()]
Configuration LCM_HTTPPullClient
{
#RebootNodeIfNeeded = $true
param
(
[Parameter(Mandatory=$true)]
[string[]]$ComputerName,
[Parameter(Mandatory=$true)]
[string]$guid
)
Node $ComputerName
{
Settings
{
AllowModuleOverwrite = $True
ConfigurationMode ='ApplyAndAutoCorrect'
RefreshMode = 'Pull'
ConfigurationModeFrequencyMins = 15
ConfigurationID = $guid
}
ConfigurationRepositoryWeb DSCHTTP
{
#ConfigurationNames = 'DSCHTTP'
ServerURL = 'http://VM1:8080/PSDSCPullServer.svc/'
AllowUnsecureConnection = $true
}
}
}
# List of server that will act as pull client server Computer list
$ComputerName= Get-Content -Path "C:\DSC\PullClientServers.txt"
# Create Guid for the pull client server
$guid=Get-DscLocalConfigurationManager -CimSession VM2 | Select-Object -ExpandProperty ConfigurationID
# Create the pull client server.Meta.Mof in folder
LCM_HTTPPullClient -ComputerName $ComputerName -Guid $guid -OutputPath C:\DSC\HTTP\Test
Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP\Test -Verbose -Force
Thanks Arie,
I refereed the MSDN https://msdn.microsoft.com/en-us/powershell/dsc/pullServer and changed my configuration accordingly.
everything went fine except getting kept below error while using Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
VERBOSE: Operation ‘Invoke CimMethod’ complete.
The attempt to get the action from server http://devopsvm1:8080///PSDSCPullServer.svc//Nodes(AgentId=‘B7C25E3A-55C6-11E6-80DD-000D3A914775’)/GetDscAction failed because pullserver is not available or there is no registered node with AgentId B7C25E3A-55C6-11E6-80DD-000D3A914775 on the server.
+ CategoryInfo : ResourceUnavailable: (root/Microsoft/…gurationManager:String) , CimException
+ FullyQualifiedErrorId : WebDownloadManagerGetActionNodeConfigurationNotFound,Micros oft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand + PSComputerName : DevOpsVM2
Tried many things nothing helped , something is wrong somewhere but cant figure it out :-(…
refereed https://powershell.org/forums/topic/failure-to-pull-configuration-v5/ where similar issue is being discussed…
Configuration works like charm when using below which is like using push method :
Start-DscConfiguration -Path “$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration” -wait -Verbose -Force
My Goal is to have many server with different roles having different configurations , if there is better way to achieve please suggest,
here is script i am using for your reference:
#---------------------------
# 1. Configure Pull server
#---------------------------
configuration SetupHTTPPullServer
{
param
(
[string[]]$NodeName = 'DevOpsVM1',
#[ValidateNotNullOrEmpty()]
#[string] $certificateThumbPrint
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $RegistrationKey
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 3.12.0.0
Import-DscResource –ModuleName PSDesiredStateConfiguration
Import-DscResource -ModuleName xWebAdministration -ModuleVersion 1.12.0.0
Node $NodeName
{
WindowsFeature InstallIIS
{
Ensure = "Present"
Name = "Web-Server"
IncludeAllSubFeature = $true
}
WindowsFeature DSCServiceFeature
{
Ensure = "Present"
Name = "DSC-Service"
DependsOn = '[WindowsFeature]InstallIIS'
}
xDscWebService DSCPullServer
{
Ensure = 'Present'
EndpointName = 'PSDSCPullServer'
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
CertificateThumbPrint = "AllowUnencryptedTraffic"
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = "Started"
DependsOn = '[WindowsFeature]DSCServiceFeature','[WindowsFeature]InstallIIS'
}
xDscWebService DSCComplianceServer
{
Ensure = 'Present'
EndpointName = 'PSDSCComplianceServer'
Port = 9080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
CertificateThumbPrint = "AllowUnencryptedTraffic"
State = "Started"
# IsComplianceServer = $true
DependsOn = '[WindowsFeature]InstallIIS','[WindowsFeature]DSCServiceFeature','[xDSCWebService]DSCPullServer'
}
File RegistrationKeyFile
{
Ensure = 'Present'
Type = 'File'
DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
#Contents = $RegistrationKey
Contents = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
}
}
}
SetupHTTPPullServer -RegistrationKey '8a66fa6f-5756-41c9-86cc-fff7500a6696' -OutputPath C:\DSC\PullServer\HTTP
#--------------
#2. Configure DSC LCM for Client Server
#--------------
[DSCLocalConfigurationManager()]
Configuration LCM_HTTPPullClient
{
param
(
[Parameter(Mandatory=$true)]
[string[]]$ComputerName
)
Node $ComputerName
{
Settings
{
AllowModuleOverwrite = $True
ConfigurationMode ='ApplyAndAutoCorrect'
RefreshMode = 'Pull'
ConfigurationModeFrequencyMins = 15
RefreshFrequencyMins = 30
#RebootNodeIfNeeded = $true
}
ConfigurationRepositoryWeb DSCHTTP
{
ServerURL = 'http://DevOpsVM1:8080/PSDSCPullServer.svc/'
RegistrationKey = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
ConfigurationNames = @('ConfigureWebServer')
AllowUnsecureConnection = $true
}
ReportServerWeb DSCHTTP
{
ServerURL = 'http://DevOpsVM1:8080/PSDSCPullServer.svc/'
RegistrationKey = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
AllowUnsecureConnection = $True
}
}
}
# List of server that will act as pull client server Computer list
$ComputerName= Get-Content -Path "C:\DSC\PullClientServers.txt"
# Create the pull client server.Meta.Mof in folder
LCM_HTTPPullClient -ComputerName $ComputerName -OutputPath C:\DSC\HTTP
Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP -Verbose #-Force
# ------------------------
# 3. Configuration setting
#-------------------------
$ConfigurationData =
@{
AllNodes =
@(
@{
NodeName = "*"
LogPath = "D:\Scripts"
PSDscAllowPlainTextPassword=$true
PSDscAllowDomainUser=$true
$MyCredentials=IMPORT-CLIXML C:\DSC\SecureCredentials.xml
},
@{
NodeName = Get-Content -Path "C:\DSC\DSCClient-QA-WebServer.txt"
Role = "QA-WebServer"
},
@{
NodeName = Get-Content -Path "C:\DSC\DSCClient-SQLServer.txt"
Role = "SQLServer"
},
@{
NodeName = Get-Content -Path "C:\DSC\DSCClient-Prod-WebServer.txt"
Role = "Prod-WebServer"
PSDscAllowDomainUser=$true
PSDscAllowPlainTextPassword=$true
}
);
NonNodeData = ""
}
configuration ConfigureWebServer
{
Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
Import-DscResource –ModuleName 'xPSDesiredStateConfiguration'
node $AllNodes.Where{$_.Role -eq "QA-WebServer"}.NodeName
{
File DirectoryCopy
{
Ensure = "Present"
Type = "Directory"
Force = $true
Recurse = $true
SourcePath = "\\DEVOPSVM1\Script"
DestinationPath = "C:\Test"
}
Group AddADUserToLocalAdminGroup
{
GroupName= "Administrators"
Ensure= "Present"
MembersToInclude= "domain\DevUser01","domain\DevOpsAdmin"
Credential = $MyCredentials
# PsDscRunAsCredential = $DCredential
}
WindowsFeature AddWebServer
{
Name = "Web-Server"
Ensure = "Present"
IncludeAllSubFeature = $true
}
}
node $AllNodes.Where{$_.Role -eq "SQLServer"}.NodeName
{
WindowsFeature RemoveWebSQL
{
Name = "Web-Server"
Ensure = "Absent"
IncludeAllSubFeature = $true
}
Group AddUserToLocalAdmin
{
GroupName="Administrators"
Ensure= "Present"
MembersToInclude= "domain\DevUser02"
Credential = $MyCredentials
# PsDscRunAsCredential = $DCredential
}
}
}
ConfigureWebServer -ConfigurationData $ConfigurationData -OutputPath $env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration
#-----------------------------------------------
# 4. Create checksum file and apply configuration:
#-----------------------------------------------
New-DSCChecksum -Path "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
It generates .mof and checksum files for all the servers.
Also get sucess message while setting Clint LCM : Registration of the Dsc Agent with the server http://DevOpsVM1:8080/PSDSCPullServer.svc/ was successful
You’re using WMF 5.0 but your script is a WMF 4.0 version for the pull server script.
There is no more PSDSCComplianceServer in WMF 5.0.
I’m writing a more full answer that ill post bit later
Thanks Arie , Yes DSCComplianceServer was the left over from old script.
Tried without it as well but running into same issues, will wait for your further help on this.
Thanks for your help
Hello Arie , just checking if you were able to get further with your script .
Thanks