I am wondering if someone will be able to help. I am in the process creating resources which the pull server will deploy to the desired nodes. I have one resource where I want to check if the services is running and running with domain service account. I want to use a certificate to encrypt the password, but how can I do so in a Pull Server Mode. I have separate data file of all the nodes and the Certificate file and the thumbprint within the data file, but I am finding running the configuration it is keep on throwing an error: (Below is the error)
ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Credential' OF TYPE 'Service': Converting and storing encrypted passwords as plain text is not.
There is seems not to be much info on the web. If someone can point to me a article or blog, or etc that would be useful.
Using a certificate to protect credentials is no different between push or pull mode; the problem is that your configuration isn't correctly encrypting the password. DSC sees the password as plain-text, which is why you get the error, and which is why setting plain text to True makes it work. Without seeing the configuration, or at least the relevant bits of it, it's difficult to say what's wrong.
Pull/Push mode has no impact on encryption. Encryption happens when you run the configuration to create a MOF, and decryption happens on the target node. How the MOF gets to the target node – push or pull – doesn't make a difference.