July 16, 2015 at 1:40 am #27556
I am wondering if someone will be able to help. I am in the process creating resources which the pull server will deploy to the desired nodes. I have one resource where I want to check if the services is running and running with domain service account. I want to use a certificate to encrypt the password, but how can I do so in a Pull Server Mode. I have separate data file of all the nodes and the Certificate file and the thumbprint within the data file, but I am finding running the configuration it is keep on throwing an error: (Below is the error)
ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Credential' OF TYPE 'Service': Converting and storing encrypted passwords as plain text is not.
There is seems not to be much info on the web. If someone can point to me a article or blog, or etc that would be useful.
July 16, 2015 at 2:23 am #27557
Noticed if I add PSDscAllowPlainTextPassword = $true into the data file it creates the mof file
July 16, 2015 at 7:22 am #27570
Note that you shouldn't post the first reply to your own posts; see Rules of Conduct under https://powershell.org/faq-page/. I almost didn't see this.
Using a certificate to protect credentials is no different between push or pull mode; the problem is that your configuration isn't correctly encrypting the password. DSC sees the password as plain-text, which is why you get the error, and which is why setting plain text to True makes it work. Without seeing the configuration, or at least the relevant bits of it, it's difficult to say what's wrong.
Pull/Push mode has no impact on encryption. Encryption happens when you run the configuration to create a MOF, and decryption happens on the target node. How the MOF gets to the target node – push or pull – doesn't make a difference.
July 16, 2015 at 7:28 am #27571
Thank you for your help. I am now able to go ahead and create the configuration scripts for all the nodes.
And thank you for informing me in regards to the etiquette for writing in forum.
You must be logged in to reply to this topic.