Update-DscConfiguration doesn’t work for multiple server roles using pull Method

“Start-DscConfiguration -Path “D:\DSC\Mof-files” -wait -Verbose -Force”
Above works as expected and its pushes the configuration to the servers as per.mof (2 .mof in this case vm1.mof and vm2.mof)

How do I use Update-DscConfiguration for pull mode where I cannot specify the path of the .mof files
Update-DscConfiguration in pull mode works fine in case of multiple server using same config using below method:

$guid=Get-DscLocalConfigurationManager -CimSession DevOpsVM2 | Select-Object -ExpandProperty ConfigurationID
# Specify source folder of configuration

$source = "D:\DSC\Mof-files\VM1.mof"
# Destination is the Share on the SMB pull server

$dest = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration\$guid.mof"

Copy-Item -Path $source -Destination $dest
#Then on Pull server make checksum
New-DSCChecksum $dest
Update-DscConfiguration -ComputerName $AllNodes -wait -Verbose 

Below is the sample script I am using to configure web Server and SQL server:

 
$ConfigurationData = 
@{

    AllNodes = 
    @(
        @{
            NodeName           = "*"
            LogPath            = "D:\Scripts"
            PSDscAllowPlainTextPassword=$true
            PSDscAllowDomainUser=$true
            $MyCredentials=IMPORT-CLIXML D:\DSC\SecureCredentials.xml
            
        },


        @{
            NodeName = “VM1"
            Role     = "QA-WebServer"

        },

        @{
            NodeName = “VM2"
            Role     = "SQLServer"
        }


    );

   NonNodeData = ""
  
  
}


configuration ConfigureWebServer
{


   Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
   node $AllNodes.Where{$_.Role -eq "QA-WebServer"}.NodeName
   
    {
 
        File DirectoryCopy
        {
Copy some files 
        }

        Group AddADUserToLocalAdminGroup
        {
            GroupName= 'Administrators'   
            Ensure= 'Present'             
            MembersToInclude= "domain\DevUser01"," domain\DevUser05"
            Credential = $MyCredentials    
        }

 # Install the IIS feature on the server.
      WindowsFeature AddWebServer
        {
           
            Name = "Web-Server"
            Ensure = "Present"
        }


     }

  node $AllNodes.Where{$_.Role -eq "SQLServer"}.NodeName
   
    {
    
 # Remove the IIS feature on the server.

        WindowsFeature RemoveWebSQL
        {
            Name = "Web-Server"
            Ensure = "Absent"
        }

        Group AddUserToLocalAdmin
        {
            GroupName='Administrators'   
            Ensure= 'Present'             
            MembersToInclude= " domain\DevUser02"," domain\DevUser03"," domain\DevUser04"
            Credential = $MyCredentials    
          #  PsDscRunAsCredential = $DCredential
        }
       
       }


}

ConfigureWebServer -ConfigurationData $ConfigurationData -OutputPath D:\DSC\Mof-files\

For Update-DscConfiguration, you do not need to specify any paths. Two conditions need to satisfy for Update-DscConfiguration

  1. Managed nodes have ConfigurationID property set in LCM
  2. The Pull Server has the MOFs with the name - ConfigurationID.MOF

What is the error you are seeing when you execute Update-DscConfiguration?

Thanks Indhu for quick response…
I am meeting both the condition you have indicated:

  1. Managed nodes have ConfigurationID property set in LCM, below is how its done
    $ComputerName = ‘VM1’,‘VM2’
    Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP\Test -Verbose -Force
    $guid=Get-DscLocalConfigurationManager -Computer VM1 | Select-Object -ExpandProperty ConfigurationID
    
  2. The Pull Server has the MOFs with the name – ConfigurationID.MOF
    Copying the mof with ConfigurationID as name to pull server using below:
 $source = "C:\DSC\HTTP\Test\VM1.mof"
    # Destination is the Share on the SMB pull server
    $dest = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration\$guid.mof"
    Copy-Item -Path $source -Destination $dest
  

So now pull server has the mof file for VM1 and named after the LCM ConfigurationID, ConfigurationID is same in case of both server VM1 (web server) and VM2 (sql server)

When i run Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
its looks only the configuration defined for VM1 where role is web server, its not able to see the configuration defined for VM2.

Problem seems to be due to fact that ConfigurationID.MOF is mapped with either VM1 or VM2 configurations not both
So we should somehow have 2 MOFs with the name ConfigurationID.MOF present of the pull server, if this is the case how do we achieve this.

The idea of using the same ConfigurationID in more the one node is only of you want the same mof applied to the all the nodes. In your case that’s two distinct configurations so you need two separate ConfigurationID.

As a side note, you do not need a ConfigurationID if you work with WMF 5.0 and implement the new AgentID and RegistrationKey method for node registration to the pull server. This will allow you to set what ever name you want to the mof as you have to use that same name in the LCM script using the ConfigurationNames property.

Thanks Arie for your input.
You got is correct in my case i will be using more than 2 different configurations/mof for different server layers (web, App , sql,SSRS etc…)
I m using WMF 5.0 , do you have sample script or point me to some resource using Agent Id and Registration key with pull server.

below is what i am using to configure the pull client LCM:

[DSCLocalConfigurationManager()]
Configuration LCM_HTTPPullClient 
{
    #RebootNodeIfNeeded = $true
   
    param
        (
            [Parameter(Mandatory=$true)]
            [string[]]$ComputerName,
 
            [Parameter(Mandatory=$true)]
            [string]$guid
        )           

    Node $ComputerName 
    {    

    Settings
        {
            AllowModuleOverwrite = $True
            ConfigurationMode ='ApplyAndAutoCorrect'
            RefreshMode = 'Pull'
            ConfigurationModeFrequencyMins = 15
            ConfigurationID = $guid
        }

    ConfigurationRepositoryWeb  DSCHTTP 
        {
            #ConfigurationNames = 'DSCHTTP'
            ServerURL = 'http://VM1:8080/PSDSCPullServer.svc/'
            AllowUnsecureConnection = $true
        }
    }
}

# List of server that will act as pull client server Computer list 
$ComputerName= Get-Content -Path "C:\DSC\PullClientServers.txt"


# Create Guid for the pull client server
$guid=Get-DscLocalConfigurationManager -CimSession VM2 | Select-Object -ExpandProperty ConfigurationID


# Create the pull client server.Meta.Mof in folder

LCM_HTTPPullClient -ComputerName $ComputerName -Guid $guid  -OutputPath C:\DSC\HTTP\Test
Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP\Test -Verbose -Force

Start here:
https://msdn.microsoft.com/en-us/powershell/dsc/pullServer

Thanks Arie,
I refereed the MSDN https://msdn.microsoft.com/en-us/powershell/dsc/pullServer and changed my configuration accordingly.
everything went fine except getting kept below error while using Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose

VERBOSE: Operation ‘Invoke CimMethod’ complete.
The attempt to get the action from server http://devopsvm1:8080///PSDSCPullServer.svc//Nodes(AgentId=‘B7C25E3A-55C6-11E6-80DD-000D3A914775’)/GetDscAction failed because pullserver is not available or there is no registered node with AgentId B7C25E3A-55C6-11E6-80DD-000D3A914775 on the server.
+ CategoryInfo : ResourceUnavailable: (root/Microsoft/…gurationManager:String) [], CimException
+ FullyQualifiedErrorId : WebDownloadManagerGetActionNodeConfigurationNotFound,Micros oft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand + PSComputerName : DevOpsVM2

Tried many things nothing helped , something is wrong somewhere but cant figure it out :-(…
refereed https://powershell.org/forums/topic/failure-to-pull-configuration-v5/ where similar issue is being discussed…

Configuration works like charm when using below which is like using push method :
Start-DscConfiguration -Path “$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration” -wait -Verbose -Force

My Goal is to have many server with different roles having different configurations , if there is better way to achieve please suggest,
here is script i am using for your reference:

#---------------------------
# 1. Configure Pull server
#---------------------------
configuration SetupHTTPPullServer
{
   param 
        (
           [string[]]$NodeName = 'DevOpsVM1',
            #[ValidateNotNullOrEmpty()]
            #[string] $certificateThumbPrint
            [Parameter(Mandatory)]
            [ValidateNotNullOrEmpty()]
            [string] $RegistrationKey
        )
     Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 3.12.0.0
     Import-DscResource –ModuleName  PSDesiredStateConfiguration
     Import-DscResource -ModuleName xWebAdministration -ModuleVersion 1.12.0.0    
     Node $NodeName
        {
            WindowsFeature  InstallIIS 
            {
                Ensure = "Present"
                Name   = "Web-Server"
                IncludeAllSubFeature = $true
            }

            WindowsFeature  DSCServiceFeature
            {
                Ensure = "Present"
                Name   = "DSC-Service"
                DependsOn = '[WindowsFeature]InstallIIS'
            }
       
        xDscWebService  DSCPullServer
            {
                Ensure                  = 'Present'
                EndpointName            = 'PSDSCPullServer'
                Port                    =  8080
                PhysicalPath            = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
                CertificateThumbPrint   = "AllowUnencryptedTraffic"
                ModulePath              = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
                ConfigurationPath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
                State                   = "Started"
                DependsOn               = '[WindowsFeature]DSCServiceFeature','[WindowsFeature]InstallIIS'
            }

        xDscWebService  DSCComplianceServer
            {
                Ensure                  = 'Present'
                EndpointName            = 'PSDSCComplianceServer'
                Port                    =  9080
                PhysicalPath            = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
                CertificateThumbPrint   = "AllowUnencryptedTraffic"
                State                   = "Started"
               # IsComplianceServer      = $true
                DependsOn = '[WindowsFeature]InstallIIS','[WindowsFeature]DSCServiceFeature','[xDSCWebService]DSCPullServer'
            }

        File RegistrationKeyFile
            {
                Ensure          = 'Present'
                Type            = 'File'
                DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
                #Contents        = $RegistrationKey
                Contents        = '8a66fa6f-5756-41c9-86cc-fff7500a6696'

            }
         }
}

SetupHTTPPullServer -RegistrationKey '8a66fa6f-5756-41c9-86cc-fff7500a6696' -OutputPath C:\DSC\PullServer\HTTP

#--------------
#2. Configure DSC LCM for Client Server
#--------------
[DSCLocalConfigurationManager()]
Configuration LCM_HTTPPullClient 
{
      param
        (
            [Parameter(Mandatory=$true)]
            [string[]]$ComputerName
         )           

    Node $ComputerName 
    {    
    Settings
        {
            AllowModuleOverwrite = $True
            ConfigurationMode ='ApplyAndAutoCorrect'
            RefreshMode = 'Pull'
            ConfigurationModeFrequencyMins = 15
            RefreshFrequencyMins = 30
            #RebootNodeIfNeeded = $true        
        }

    ConfigurationRepositoryWeb  DSCHTTP 
        {
            ServerURL = 'http://DevOpsVM1:8080/PSDSCPullServer.svc/'
            RegistrationKey    = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
            ConfigurationNames = @('ConfigureWebServer')
            AllowUnsecureConnection = $true     
        }

    ReportServerWeb DSCHTTP
        {
            ServerURL       = 'http://DevOpsVM1:8080/PSDSCPullServer.svc/'
            RegistrationKey = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
            AllowUnsecureConnection = $True
        }
    }
}

# List of server that will act as pull client server Computer list 
$ComputerName= Get-Content -Path "C:\DSC\PullClientServers.txt"

# Create the pull client server.Meta.Mof in folder
LCM_HTTPPullClient -ComputerName $ComputerName -OutputPath C:\DSC\HTTP
Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP -Verbose #-Force

# ------------------------
# 3. Configuration setting
#-------------------------

$ConfigurationData = 
@{
    AllNodes = 
    @(
        @{
            NodeName           = "*"
            LogPath            = "D:\Scripts"
            PSDscAllowPlainTextPassword=$true
            PSDscAllowDomainUser=$true
            $MyCredentials=IMPORT-CLIXML C:\DSC\SecureCredentials.xml          
        },

        @{
            NodeName = Get-Content -Path "C:\DSC\DSCClient-QA-WebServer.txt"
            Role     = "QA-WebServer"
        },

        @{
            NodeName = Get-Content -Path "C:\DSC\DSCClient-SQLServer.txt"
            Role     = "SQLServer"
        },

        @{
            NodeName = Get-Content -Path "C:\DSC\DSCClient-Prod-WebServer.txt"
            Role     = "Prod-WebServer"
            PSDscAllowDomainUser=$true
            PSDscAllowPlainTextPassword=$true
        }
    );
   NonNodeData = ""
}

configuration ConfigureWebServer
{  
   Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
   Import-DscResource –ModuleName 'xPSDesiredStateConfiguration'

   node $AllNodes.Where{$_.Role -eq "QA-WebServer"}.NodeName
    {
         File DirectoryCopy
        {
            Ensure = "Present" 
            Type = "Directory" 
            Force = $true
            Recurse = $true
            SourcePath = "\\DEVOPSVM1\Script"
            DestinationPath = "C:\Test"    
        }

        Group AddADUserToLocalAdminGroup
        {
            GroupName= "Administrators"   
            Ensure= "Present"             
            MembersToInclude= "domain\DevUser01","domain\DevOpsAdmin"
            Credential = $MyCredentials    
          #  PsDscRunAsCredential = $DCredential
        }

      WindowsFeature AddWebServer
        {       
            Name = "Web-Server"
            Ensure = "Present"
            IncludeAllSubFeature = $true
        }
    } 
  node $AllNodes.Where{$_.Role -eq "SQLServer"}.NodeName  
    {
    
        WindowsFeature RemoveWebSQL
        {
            Name = "Web-Server"
            Ensure = "Absent"
            IncludeAllSubFeature = $true
        }

        Group AddUserToLocalAdmin
        {
            GroupName="Administrators"   
            Ensure= "Present"             
            MembersToInclude= "domain\DevUser02"
            Credential = $MyCredentials    
          #  PsDscRunAsCredential = $DCredential
        }       
     }    
}

ConfigureWebServer -ConfigurationData $ConfigurationData -OutputPath $env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration

#-----------------------------------------------
# 4. Create checksum file and apply configuration:
#-----------------------------------------------
New-DSCChecksum -Path "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose

It generates .mof and checksum files for all the servers.
Also get sucess message while setting Clint LCM : Registration of the Dsc Agent with the server http://DevOpsVM1:8080/PSDSCPullServer.svc/ was successful

You’re using WMF 5.0 but your script is a WMF 4.0 version for the pull server script.
There is no more PSDSCComplianceServer in WMF 5.0.

I’m writing a more full answer that ill post bit later :slight_smile:

Thanks Arie :slight_smile: , Yes DSCComplianceServer was the left over from old script.
Tried without it as well but running into same issues, will wait for your further help on this.
Thanks for your help

Hello Arie , just checking if you were able to get further with your script .
Thanks