Encrypting Credentials - Production Preview

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Paul Kimber Paul Kimber 1 year, 4 months ago.

  • Author
    Posts
  • #29359
    Profile photo of Paul Kimber
    Paul Kimber
    Participant

    Hi,

    Using the latest production preview I'm trying to set-up credential protection using DSC's in-build mechanism. I'm using a self-signed certificate and encrypting with the public key on the machine building the MOF. The target instance has the certificate installed in Cert:\LocalMachine\My and has the private key available. My target instance is configured as follows.


    [DscLocalConfigurationManager()]
    Configuration MetaConfig
    {
    Settings
    {
    RefreshFrequencyMins = 30
    RefreshMode = 'PULL'
    ConfigurationMode = 'ApplyAndMonitor'
    AllowModuleOverwrite = $true
    RebootNodeIfNeeded = $true
    ConfigurationModeFrequencyMins = 15
    ActionAfterReboot = 'ContinueConfiguration'
    DebugMode = 'All'

    }

    ConfigurationRepositoryWeb ConfigurationManager
    {
    ServerURL = 'https://MyPullServer.com/PSDSCPullServer.svc/'
    RegistrationKey = 'MRegKey'
    CertificateID = 'MyThumbPrint'
    ConfigurationNames = 'Vagrant_US'
    AllowUnsecureConnection = $false
    }
    }

    I get the following error on the target machine.

    The Local Configuration Manager is not configured with a certificate. Resource '[cLEAPRegionalSettings]leapRegional' in configuration 'MakeTheMof' cannot be processed.
    + CategoryInfo : ObjectNotFound: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 6
    + PSComputerName : localhost

    Is this an issue with the certificate? Have anyone got this working with a self-signed certificate? Does anyone have any tips to drill down further and get a more useful error message?

    This guy seems to be having the same issue:

    https://connect.microsoft.com/PowerShell/Feedback/Details/1399853

    Any help would be much appriciated.

    Thanks

  • #29363
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Just for giggles, what happens if you move or copy your CertificateID up under Settings? (If it behaves like previous versions, you'll get an error about that being unsupported in LCM version 2.0.0, but I just want to make sure something hasn't changed recently.)

    What you've done so far looks correct to me, though.

  • #29414
    Profile photo of Paul Kimber
    Paul Kimber
    Participant

    Thanks Dave. It works great if I move the CertificateID to Settings. I had tried this in the April release and it threw the error you mentioned.

You must be logged in to reply to this topic.