Cannot create pull server across domains

This topic contains 6 replies, has 3 voices, and was last updated by  Michael Craig 3 years ago.

  • Author
    Posts
  • August 1, 2014 at 10:02 am #17703

    Michael Craig
    Participant

    Hello,

    I had built a DSC pull server on a local VM, and am now looking to build it out in our shared lab environment. However, I'm not able to execute the Start-DSCConfiguration command. I have tried it with the -Credential argument as well without luck.

    PS C:\dsc# Start-DscConfiguration .\CreatePullServer -Wait
WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer dscpullserver.lab.net. Verify that the computer
exists on the network and that the name provided is spelled correctly.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : HRESULT 0x80070035
    + PSComputerName        : dscpullserver.lab.net

PS C:\dsc# ping dscpullserver.lab.net

Pinging dscpullserver.lab.net. [10.0.17.152] with 32 bytes of data:
Reply from 10.0.17.152: bytes=32 time=39ms TTL=120

    Any idea?

    Thanks.

    Mike

  • August 1, 2014 at 10:55 am #17707

    Jacob Benson
    Member

    I assume that you are you running Start-DSCConfiguration from the VM you are trying to create the Pull Server on? Whether you are or not, you might try killing any WMI processes ( Get-Process wmip* | Stop-Process) on the machine you are running the command from and see if that fixes it.

  • August 1, 2014 at 11:00 am #17708

    Michael Craig
    Participant

    No, I was executing Start-Configuration from my workstation. Is this only supported to run on the server destined to be the pull server?

  • August 1, 2014 at 11:05 am #17709

    Jacob Benson
    Member

    Nope, not at all. I built my Pull Server from my Windows 8.1 Workstation, I was just asking. I would seriously try to kill all the WMI Processes and try it again. I have seen lots of weird things happen with DSC that were solved by doing that.

  • August 1, 2014 at 1:25 pm #17714

    Michael Craig
    Participant

    That didn't work for me. I'm spinning up another Windows 2012 R2 server to use as my 'workstation', residing in the same domain. Will see if that fixes me.

  • August 8, 2014 at 12:44 am #17881

    Martin Nielsen
    Participant

    If your two domains aren't connected by trusts, then you obviously can't use Kerberos authentication. You'll have to either set up CredSSP, apply the DSC configuration from a trusted machine or apply the configuration locally.

    There's an ebook available on PowerShell remoting: https://powershell.org/ebooks/

  • August 8, 2014 at 6:31 am #17900

    Michael Craig
    Participant

    Yes, there is a one way trust, from my workstation domain to my second domain. I can connect via UNC path using the same credentials.

  • Author
    Posts

You must be logged in to reply to this topic.