Cannot create pull server across domains

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Michael Craig Michael Craig 2 years, 4 months ago.

  • Author
    Posts
  • #17703
    Profile photo of Michael Craig
    Michael Craig
    Participant

    Hello,

    I had built a DSC pull server on a local VM, and am now looking to build it out in our shared lab environment. However, I'm not able to execute the Start-DSCConfiguration command. I have tried it with the -Credential argument as well without luck.

    PS C:\dsc# Start-DscConfiguration .\CreatePullServer -Wait
    WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer dscpullserver.lab.net. Verify that the computer
    exists on the network and that the name provided is spelled correctly.
        + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
        + FullyQualifiedErrorId : HRESULT 0x80070035
        + PSComputerName        : dscpullserver.lab.net
    
    PS C:\dsc# ping dscpullserver.lab.net
    
    Pinging dscpullserver.lab.net. [10.0.17.152] with 32 bytes of data:
    Reply from 10.0.17.152: bytes=32 time=39ms TTL=120

    Any idea?

    Thanks.

    Mike

  • #17707
    Profile photo of Jacob Benson
    Jacob Benson
    Member

    I assume that you are you running Start-DSCConfiguration from the VM you are trying to create the Pull Server on? Whether you are or not, you might try killing any WMI processes ( Get-Process wmip* | Stop-Process) on the machine you are running the command from and see if that fixes it.

  • #17708
    Profile photo of Michael Craig
    Michael Craig
    Participant

    No, I was executing Start-Configuration from my workstation. Is this only supported to run on the server destined to be the pull server?

  • #17709
    Profile photo of Jacob Benson
    Jacob Benson
    Member

    Nope, not at all. I built my Pull Server from my Windows 8.1 Workstation, I was just asking. I would seriously try to kill all the WMI Processes and try it again. I have seen lots of weird things happen with DSC that were solved by doing that.

  • #17714
    Profile photo of Michael Craig
    Michael Craig
    Participant

    That didn't work for me. I'm spinning up another Windows 2012 R2 server to use as my 'workstation', residing in the same domain. Will see if that fixes me.

  • #17881
    Profile photo of Martin Nielsen
    Martin Nielsen
    Participant

    If your two domains aren't connected by trusts, then you obviously can't use Kerberos authentication. You'll have to either set up CredSSP, apply the DSC configuration from a trusted machine or apply the configuration locally.

    There's an ebook available on PowerShell remoting: https://powershell.org/ebooks/

  • #17900
    Profile photo of Michael Craig
    Michael Craig
    Participant

    Yes, there is a one way trust, from my workstation domain to my second domain. I can connect via UNC path using the same credentials.

You must be logged in to reply to this topic.