DSC and HTTPS protocol problem

Welcome Forums DSC (Desired State Configuration) DSC and HTTPS protocol problem

This topic contains 6 replies, has 3 voices, and was last updated by

4 years, 4 months ago.

  • Author
  • #20529

    Points: 0
    Rank: Member

    Has anyone tried to get Powershell DSC (Windows 2012 R2 & Reskit wave 8) pull server to work with HTTPS? I tried following these steps http://www.systemcentercentral.com/day-6-configuring-an-https-dsc-pull-server/, but when I ran get-dscconfiguration in pull server I get error

    "Get-DscConfiguration : The following exception occurred while retrieving the string: "Exception calling "ToString" with "0"
    argument(s): "There is no Runspace available to run scripts in this thread. You can provide one in the DefaultRunspace property of
    the System.Management.Automation.Runspaces.Runspace type. The script block you attempted to invoke was: if( $this.Proto...n)
    At line:1 char:1
    + Get-DscConfiguration
    + ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfigurat
    ion], CimException
    + FullyQualifiedErrorId : MI RESULT 1,Get-DscConfiguration"

    It seems to be working without HTTPS by using unencrypted HTTP.

    Any idea what is wrong?

    Configuration can be found from here: http://pastebin.com/TXuDNRbP

  • #20654

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    So, I'd need to see a bit more of what you're actually doing (you don't really mention at what point in the process this error is happening), and if you're following someone else's steps you might contact them about this, but in general, yes, I've set up DSC on several machines to use HTTPS for the pull server.

  • #20656

    Points: 0
    Rank: Member

    This is what i have done basically (same steps as in that article) step by step:
    -new virtual machine windows 2012 r2 for pull server
    -new self signed certificate on the same computer and checked that the certificate is in local machine storage
    -enabled dsc feature
    -download and extract xPSDesiredStateConfiguration to modules directory %programfiles%\WindowsPowerShell\modules
    -Enable a WS Management listener
    -run this configuration in powershell http://pastebin.com/TXuDNRbP
    -after this i tried to verify the configuration with get-dscconfiguration command on pull server
    -this is the point where i get the error after i ran the command above on the pull server

    I must be missing something, but what....?

  • #20657

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    So, I'm not sure a self-signed cert would work. The target node has to "trust" the certificate presented by the web server, and by definition a self-signed cert is only trusted by the machine that generated the cert. So that wouldn't work for SSL. The SSL cert on the pull server needs to be a real SSL cert.

    But that's not necessarily the problem you're having, since you're not even getting the configuration to run. I'm not sure how you set up a WS-Man listener; it should have been sufficient to simply run Enable-PSRemoting. WS-Man doesn't need to be set up to use SSL.

    Are you able to manually verify that any of the config completed? Running Get-WindowsFeature should show the DSC service feature, for example, and you should be able to verify that the file paths contain the .svc files, and so on.

  • #20663

    Points: 0
    Rank: Member

    That's true, if you use self-signed you have to have that same certificate on client side also.

    I have tried both set-wsmanquickconfig and enable-psremoting -force (see attachment).

    Get-windowsfeature returns this:
    Get-WindowsFeature -name DSC*

    Display Name Name Install State
    ———— —- ————-
    [X] Windows PowerShell Desired State Configurati... DSC-Service Installed

    I tried setting up DSC pull server without HTTPS and that seems to be working ok on the same server. When I change "CertificateThumbPrint" value to use certificate thumbprint it inserts the config ok, but get-dscconfiguration shows the same error as before. So I figured out that there must be something that needs to be also changed when you change from HTTP to HTTPS

  • #20669

    Points: 0
    Rank: Member

    Could just be a bug in the xDscWebService resource. If I get some time, I'll see if I can reproduce this.

  • #20701

    Points: 0
    Rank: Member

    Thanks. Maybe it is something that I have missed with those steps....

The topic ‘DSC and HTTPS protocol problem’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort