Welcome › Forums › DSC (Desired State Configuration) › Cannot create pull server across domains
This topic contains 6 replies, has 3 voices, and was last updated by
-
AuthorPosts
-
August 1, 2014 at 10:02 am #17703
Hello,
I had built a DSC pull server on a local VM, and am now looking to build it out in our shared lab environment. However, I'm not able to execute the Start-DSCConfiguration command. I have tried it with the -Credential argument as well without luck.
PS C:\dsc# Start-DscConfiguration .\CreatePullServer -Wait WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer dscpullserver.lab.net. Verify that the computer exists on the network and that the name provided is spelled correctly. + CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException + FullyQualifiedErrorId : HRESULT 0x80070035 + PSComputerName : dscpullserver.lab.net PS C:\dsc# ping dscpullserver.lab.net Pinging dscpullserver.lab.net. [10.0.17.152] with 32 bytes of data: Reply from 10.0.17.152: bytes=32 time=39ms TTL=120
Any idea?
Thanks.
Mike
-
August 1, 2014 at 10:55 am #17707
I assume that you are you running Start-DSCConfiguration from the VM you are trying to create the Pull Server on? Whether you are or not, you might try killing any WMI processes ( Get-Process wmip* | Stop-Process) on the machine you are running the command from and see if that fixes it.
-
August 1, 2014 at 11:00 am #17708
No, I was executing Start-Configuration from my workstation. Is this only supported to run on the server destined to be the pull server?
-
August 1, 2014 at 11:05 am #17709
Nope, not at all. I built my Pull Server from my Windows 8.1 Workstation, I was just asking. I would seriously try to kill all the WMI Processes and try it again. I have seen lots of weird things happen with DSC that were solved by doing that.
-
August 1, 2014 at 1:25 pm #17714
That didn't work for me. I'm spinning up another Windows 2012 R2 server to use as my 'workstation', residing in the same domain. Will see if that fixes me.
-
August 8, 2014 at 12:44 am #17881
If your two domains aren't connected by trusts, then you obviously can't use Kerberos authentication. You'll have to either set up CredSSP, apply the DSC configuration from a trusted machine or apply the configuration locally.
There's an ebook available on PowerShell remoting: https://powershell.org/ebooks/
-
August 8, 2014 at 6:31 am #17900
Yes, there is a one way trust, from my workstation domain to my second domain. I can connect via UNC path using the same credentials.
-
AuthorPosts
The topic ‘Cannot create pull server across domains’ is closed to new replies.