DSC Push deployment to a machine in a different domain

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of John Ludlow John Ludlow 1 month, 3 weeks ago.

  • Author
    Posts
  • #55415
    Profile photo of John Ludlow
    John Ludlow
    Participant

    Hi,

    We want to use DSC to build our test environments (mainly ESX, though there is some Hyper-V usage), and also to run automated tests. Because these are test environments, they all exist in separate domains. When we're done, we want to have a configuration (or set of configurations) which will

      create a vm and configure it as the domain controller with a new domain
      create whatever test machines are required for that environment and join them to the domain
      install and configure a specified build of our product
      install fitnesse and run the fitnesse tests, and collect/publish the results

    And then do the whole thing again the next day with a different build

    Right now, though, I am just trying to get a single machine set up in my test domain (I'll worry about creating the domain later). I can ping the machine just fine, and connect with a remote PowerShell session. However, Start-DSCConfiguration is giving me this error:

    PS> Start-DscConfiguration -Path .\SqlServerSetup\ -Verbose -Wait                                                                                                                                     
    VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.                        
    VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.                        
    WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer e1-sql.e1.local. Verify that the computer exists on the network and that the name provided is spelled correctly.               
        + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException                                                                                                                                                     
        + FullyQualifiedErrorId : HRESULT 0x80070035                                                                                                                                                                                                            
        + PSComputerName        : e1-sql.e1.local                                                                                                                                                                                                               
                                                                                                                                                                                                                                                                
    VERBOSE: Operation 'Invoke CimMethod' complete.                                                                                                                                                                                                             
    WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer e1-ev.e1.local. Verify that the computer exists on the network and that the name provided is spelled correctly.                
        + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException                                                                                                                                                     
        + FullyQualifiedErrorId : HRESULT 0x80070035                                                                                                                                                                                                            
        + PSComputerName        : e1-ev.e1.local                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                
    VERBOSE: Operation 'Invoke CimMethod' complete.                                                                                                                                                                                                             
    VERBOSE: Time taken for configuration job to complete is 0.028 seconds                                                                                                                                                                                                                                                                                                                                                                                        

    (I'm basically following this example to get my SQL Server set up: https://www.youtube.com/watch?v=cXv7aLiGAus)

    I've had stuff working in the past from VM-to-VM, so I think this appears to be because I'm connecting from a different domain.

    One thing I did try was copying everything to a VM in that environment and then running Start-DscConfiguration from a remote session. That gave me a different error about the logon session not existing.

    Any ideas or suggestions would be appreciated

    • This topic was modified 1 month, 3 weeks ago by Profile photo of John Ludlow John Ludlow.
  • #55430
    Profile photo of Stefan Werner
    Stefan Werner
    Participant

    I might be barking up the wrong tree here, but the two things I would look at are...

    1. are you providing a valid credential?
    2. can your DNS resolve the e1-sql.e1.local FQDN?

    Youtube is throttle at work for use, so I can't really look at the link you posted without it buffering for what seems like half a century.

    • #55433
      Profile photo of John Ludlow
      John Ludlow
      Participant

      Hi Stefan, thanks for replying

      Don't worry – that was my first thought as well. The credentials (I'm using e1\administrator) and machine address work OK with New-PSSession, so I think they are valid. I've been trying all sorts of things just to confirm my own sanity.

      The video is titled "Powershell DSC – Installing SQL Server 2014 on Server Core" by Michael Bird, and shows DSC setting up SQL Server on some Hyper-V VMs, in case those details shed any light.

      I guess I'm looking for confirmation that what I describe should work in a universe that makes sense.

      In fact one thing I just tried a few minutes ago in a madly random fashion is this

      $session = New-CimSession -ComputerName e1-sql.e1.local -Credential e1\administrator
      Start-DscConfiguration -Path .\SqlServerSetup\ -Verbose -Wait -CimSession $session
      

      This was able to connect and apply the configuration (though I'd stripped the configuration back to just starting notepad – I'm now starting to add everything back in so it does something useful).

      Thanks

  • #55447
    Profile photo of Don Jones
    Don Jones
    Keymaster

    So, what you're trying to do should work – but when you're crossing domain boundaries, the authentication can get a little tricky. It's not necessarily enough to just specify a domain\user, because by default only Kerberos is available on the receiving machine, and it won't just take a domain/user. Although you're not using Remoting, you're using the same underlying WS-MAN protocol as Remoting, so the advice in "Secrets of PowerShell Remoting" would still in large part apply. It's on our eBooks menu – free.

  • #55493
    Profile photo of John Ludlow
    John Ludlow
    Participant

    Hi Don,

    I'll be sure to take a look at that eBook.

    Using -CimSession seems to work just fine. I think by default it tries to find out information about the machine in order to build a session object, and it's a little overly fussy about being able to resolve that information by querying the domain. But if you give it a properly constructed CIM session object, it's happy with that so it gets around the issue.

    This might mean the stuff wrapping the configuration gets a little more interesting.

    Thanks very much to both you and Stefan for your help

You must be logged in to reply to this topic.