Cannot create pull server across domains

This topic contains 6 replies, has 3 voices, and was last updated by  Michael Craig 3 years, 9 months ago.

  • Author
  • #17703

    Michael Craig


    I had built a DSC pull server on a local VM, and am now looking to build it out in our shared lab environment. However, I'm not able to execute the Start-DSCConfiguration command. I have tried it with the -Credential argument as well without luck.

    PS C:\dsc# Start-DscConfiguration .\CreatePullServer -Wait
    WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer Verify that the computer
    exists on the network and that the name provided is spelled correctly.
        + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
        + FullyQualifiedErrorId : HRESULT 0x80070035
        + PSComputerName        :
    PS C:\dsc# ping
    Pinging [] with 32 bytes of data:
    Reply from bytes=32 time=39ms TTL=120

    Any idea?



  • #17707

    Jacob Benson

    I assume that you are you running Start-DSCConfiguration from the VM you are trying to create the Pull Server on? Whether you are or not, you might try killing any WMI processes ( Get-Process wmip* | Stop-Process) on the machine you are running the command from and see if that fixes it.

  • #17708

    Michael Craig

    No, I was executing Start-Configuration from my workstation. Is this only supported to run on the server destined to be the pull server?

  • #17709

    Jacob Benson

    Nope, not at all. I built my Pull Server from my Windows 8.1 Workstation, I was just asking. I would seriously try to kill all the WMI Processes and try it again. I have seen lots of weird things happen with DSC that were solved by doing that.

  • #17714

    Michael Craig

    That didn't work for me. I'm spinning up another Windows 2012 R2 server to use as my 'workstation', residing in the same domain. Will see if that fixes me.

  • #17881

    Martin Nielsen

    If your two domains aren't connected by trusts, then you obviously can't use Kerberos authentication. You'll have to either set up CredSSP, apply the DSC configuration from a trusted machine or apply the configuration locally.

    There's an ebook available on PowerShell remoting:

  • #17900

    Michael Craig

    Yes, there is a one way trust, from my workstation domain to my second domain. I can connect via UNC path using the same credentials.

You must be logged in to reply to this topic.