Cannot create pull server across domains

Welcome Forums DSC (Desired State Configuration) Cannot create pull server across domains

This topic contains 6 replies, has 3 voices, and was last updated by

Michael Craig
 
Participant
4 years, 3 months ago.

  • Author
    Posts
  • August 1, 2014 at 10:02 am #17703
    Michael Craig

    Participant
    Points: 0
    Rank: Member

    Hello,

    I had built a DSC pull server on a local VM, and am now looking to build it out in our shared lab environment. However, I'm not able to execute the Start-DSCConfiguration command. I have tried it with the -Credential argument as well without luck.

    PS C:\dsc# Start-DscConfiguration .\CreatePullServer -Wait
WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer dscpullserver.lab.net. Verify that the computer
exists on the network and that the name provided is spelled correctly.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : HRESULT 0x80070035
    + PSComputerName        : dscpullserver.lab.net

PS C:\dsc# ping dscpullserver.lab.net

Pinging dscpullserver.lab.net. [10.0.17.152] with 32 bytes of data:
Reply from 10.0.17.152: bytes=32 time=39ms TTL=120

    Any idea?

    Thanks.

    Mike

  • August 1, 2014 at 10:55 am #17707
    Jacob Benson

    Participant
    Points: 21
    Rank: Member

    I assume that you are you running Start-DSCConfiguration from the VM you are trying to create the Pull Server on? Whether you are or not, you might try killing any WMI processes ( Get-Process wmip* | Stop-Process) on the machine you are running the command from and see if that fixes it.

  • August 1, 2014 at 11:00 am #17708
    Michael Craig

    Participant
    Points: 0
    Rank: Member

    No, I was executing Start-Configuration from my workstation. Is this only supported to run on the server destined to be the pull server?

  • August 1, 2014 at 11:05 am #17709
    Jacob Benson

    Participant
    Points: 21
    Rank: Member

    Nope, not at all. I built my Pull Server from my Windows 8.1 Workstation, I was just asking. I would seriously try to kill all the WMI Processes and try it again. I have seen lots of weird things happen with DSC that were solved by doing that.

  • August 1, 2014 at 1:25 pm #17714
    Michael Craig

    Participant
    Points: 0
    Rank: Member

    That didn't work for me. I'm spinning up another Windows 2012 R2 server to use as my 'workstation', residing in the same domain. Will see if that fixes me.

  • August 8, 2014 at 12:44 am #17881
    Martin Nielsen

    Participant
    Points: 0
    Rank: Member

    If your two domains aren't connected by trusts, then you obviously can't use Kerberos authentication. You'll have to either set up CredSSP, apply the DSC configuration from a trusted machine or apply the configuration locally.

    There's an ebook available on PowerShell remoting: https://powershell.org/ebooks/

  • August 8, 2014 at 6:31 am #17900
    Michael Craig

    Participant
    Points: 0
    Rank: Member

    Yes, there is a one way trust, from my workstation domain to my second domain. I can connect via UNC path using the same credentials.

  • Author
    Posts

The topic ‘Cannot create pull server across domains’ is closed to new replies.