The following are the machine's configurations for my server and nodes:
Whilst if I use Configuration Names approach I get the error earlier, during the node registration.
Configuration Name Approach
May somebody in the Powershell Community or the DevOps Collective Inc. give me a hint of where could be the matter?
Use Wireshark on the client to monitor the negotiation of the session. The errors look to me like they could be due to TLS negotiation errors. e.g. the server is expecting TLS 1.2 or higher and the client is requesting 1.0 or lower.
I've not done a lot with DSC but I'm seeing a few .NET applications failing to connect to some servers now. Fixing it usually involves updating either the client software (which has been built using a later version of .NET framework) or upgrading the .NET framework itself.
Googling some articles on PowerShell and TLS it looks like it may default to TLS 1.0.
On my fully patched Windows 10 an Invoke-WebRequest to PowerShell.org fails. Wireshark shows it attempts to use TLS 1.0:
TLSv1 Record Layer: Handshake Protocol: Client Hello
This is immediately follow by the site sending a RST, closing the connection.
You can force PowerShell use to a newer version with
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
The Invoke-WebRequest to PowerShell.org then succeeds:
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
I assume setting SecurityProtocol type will be honoured by DSC but I don't have a set up to test it on.
You must be logged in to reply to this topic.