Tagged: DSC HTTPS PULL
November 12, 2014 at 5:35 am #20529
Has anyone tried to get Powershell DSC (Windows 2012 R2 & Reskit wave 8) pull server to work with HTTPS? I tried following these steps http://www.systemcentercentral.com/day-6-configuring-an-https-dsc-pull-server/, but when I ran get-dscconfiguration in pull server I get error
"Get-DscConfiguration : The following exception occurred while retrieving the string: "Exception calling "ToString" with "0"
argument(s): "There is no Runspace available to run scripts in this thread. You can provide one in the DefaultRunspace property of
the System.Management.Automation.Runspaces.Runspace type. The script block you attempted to invoke was: if( $this.Proto...n)
At line:1 char:1
+ CategoryInfo : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfigurat
+ FullyQualifiedErrorId : MI RESULT 1,Get-DscConfiguration"
It seems to be working without HTTPS by using unencrypted HTTP.
Any idea what is wrong?
Configuration can be found from here: http://pastebin.com/TXuDNRbP
November 18, 2014 at 10:07 am #20654
So, I'd need to see a bit more of what you're actually doing (you don't really mention at what point in the process this error is happening), and if you're following someone else's steps you might contact them about this, but in general, yes, I've set up DSC on several machines to use HTTPS for the pull server.
November 18, 2014 at 10:35 am #20656
This is what i have done basically (same steps as in that article) step by step:
-new virtual machine windows 2012 r2 for pull server
-new self signed certificate on the same computer and checked that the certificate is in local machine storage
-enabled dsc feature
-download and extract xPSDesiredStateConfiguration to modules directory %programfiles%\WindowsPowerShell\modules
-Enable a WS Management listener
-run this configuration in powershell http://pastebin.com/TXuDNRbP
-after this i tried to verify the configuration with get-dscconfiguration command on pull server
-this is the point where i get the error after i ran the command above on the pull server
I must be missing something, but what....?
November 18, 2014 at 10:49 am #20657
So, I'm not sure a self-signed cert would work. The target node has to "trust" the certificate presented by the web server, and by definition a self-signed cert is only trusted by the machine that generated the cert. So that wouldn't work for SSL. The SSL cert on the pull server needs to be a real SSL cert.
But that's not necessarily the problem you're having, since you're not even getting the configuration to run. I'm not sure how you set up a WS-Man listener; it should have been sufficient to simply run Enable-PSRemoting. WS-Man doesn't need to be set up to use SSL.
Are you able to manually verify that any of the config completed? Running Get-WindowsFeature should show the DSC service feature, for example, and you should be able to verify that the file paths contain the .svc files, and so on.
November 18, 2014 at 11:48 pm #20663
That's true, if you use self-signed you have to have that same certificate on client side also.
I have tried both set-wsmanquickconfig and enable-psremoting -force (see attachment).
Get-windowsfeature returns this:
Get-WindowsFeature -name DSC*
Display Name Name Install State
———— —- ————-
[X] Windows PowerShell Desired State Configurati... DSC-Service Installed
I tried setting up DSC pull server without HTTPS and that seems to be working ok on the same server. When I change "CertificateThumbPrint" value to use certificate thumbprint it inserts the config ok, but get-dscconfiguration shows the same error as before. So I figured out that there must be something that needs to be also changed when you change from HTTP to HTTPS
November 19, 2014 at 4:39 am #20669
Could just be a bug in the xDscWebService resource. If I get some time, I'll see if I can reproduce this.
November 20, 2014 at 12:12 am #20701
Thanks. Maybe it is something that I have missed with those steps....
You must be logged in to reply to this topic.