Author Posts

May 13, 2017 at 9:42 pm

Hi Guys, I am trying to build DSC on server core with code:

$ConfigData=@{
# Node specific data
AllNodes = @(

# All Servers need following identical information
@{
NodeName = '*'
# PSDscAllowPlainTextPassword = $true;
# PSDscAllowDomainUser = $true

},

# Unique Data for each Role
@{
NodeName = 'labdscpscore01'
Role = @('Web', 'PullServer')

PullServerEndPointName = 'PSDSCPullServer'
PullserverPort = 8080 #< – ask me why I use this port PullserverPhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer" PullserverModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules" PullServerConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" PullServerThumbPrint = Invoke-Command -Computername 'localhost' {Get-Childitem Cert:\LocalMachine\My | Where-Object {$_.FriendlyName -like "*dscps*"} | Select-Object -ExpandProperty ThumbPrint} ComplianceServerEndPointName = 'PSDSCComplianceServer' ComplianceServerPort = 9080 ComplianceServerPhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer" ComplianceServerThumbPrint = 'AllowUnencryptedTraffic' } ); } Configuration WebNodes { # Import the module that defines custom resources Import-DscResource -Module PSDesiredStateConfiguration, xPSDesiredStateConfiguration, xWebAdministration # Dynamically find the applicable nodes from configuration data Node $AllNodes.where{$_.Role -eq 'Web'}.NodeName { # # Install the IIS role WindowsFeature IIS { Ensure = "Present" Name = "Web-Server" } # # Make sure the following defaults cannot be removed: WindowsFeature DefaultDoc { Ensure = "Present" Name = "Web-Default-Doc" DependsOn = '[WindowsFeature]IIS' } WindowsFeature HTTPErrors { Ensure = "Present" Name = "Web-HTTP-Errors" DependsOn = '[WindowsFeature]IIS' } WindowsFeature HTTPLogging { Ensure = "Present" Name = "Web-HTTP-Logging" DependsOn = '[WindowsFeature]IIS' } WindowsFeature StaticContent { Ensure = "Present" Name = "Web-Static-Content" DependsOn = '[WindowsFeature]IIS' } WindowsFeature RequestFiltering { Ensure = "Present" Name = "Web-Filtering" DependsOn = '[WindowsFeature]IIS' } # # Install additional IIS components to support the Web Application WindowsFeature NetExtens4 { Ensure = "Present" Name = "Web-Net-Ext45" DependsOn = '[WindowsFeature]IIS' } WindowsFeature AspNet45 { Ensure = "Present" Name = "Web-Asp-Net45" DependsOn = '[WindowsFeature]IIS' } WindowsFeature ISAPIExt { Ensure = "Present" Name = "Web-ISAPI-Ext" DependsOn = '[WindowsFeature]IIS' } WindowsFeature ISAPIFilter { Ensure = "Present" Name = "Web-ISAPI-filter" DependsOn = '[WindowsFeature]IIS' } # # I don't want these defaults for Web-Server to ever be enabled: WindowsFeature DirectoryBrowsing { Ensure = "Absent" Name = "Web-Dir-Browsing" DependsOn = '[WindowsFeature]IIS' } WindowsFeature StaticCompression { Ensure = "Absent" Name = "Web-Stat-Compression" DependsOn = '[WindowsFeature]IIS' } # # I don't want these Additional settings for Web-Server to ever be enabled: # This list is shortened for demo purposes. I include eveything that should not be installed WindowsFeature ASP { Ensure = "Absent" Name = "Web-ASP" DependsOn = '[WindowsFeature]IIS' } WindowsFeature CGI { Ensure = "Absent" Name = "Web-CGI" DependsOn = '[WindowsFeature]IIS' } WindowsFeature IPDomainRestrictions { Ensure = "Absent" Name = "Web-IP-Security" DependsOn = '[WindowsFeature]IIS' } # !!!!! # GUI Remote Management of IIS requires the following: – people always forget this until too late WindowsFeature Management { Name = 'Web-Mgmt-Service' Ensure = 'Present' } Registry RemoteManagement { # Can set other custom settings inside this reg key Key = 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server' ValueName = 'EnableRemoteManagement' ValueType = 'Dword' ValueData = '1' DependsOn = @('[WindowsFeature]IIS','[WindowsFeature]Management') } Service StartWMSVC { Name = 'WMSVC' StartupType = 'Automatic' State = 'Running' DependsOn = '[Registry]RemoteManagement' } # # Often, It's common to disable the default website and then create your own # – dont do this to Pull Servers, ADCS or other Services that use the default website xWebsite DefaultSite { Name = "Default Web Site" State = "Started" PhysicalPath = "C:\inetpub\wwwroot" DependsOn = "[WindowsFeature]IIS" } } #End Node Role Web ############################################################################### Node $AllNodes.where{$_.Role -eq 'PullServer'}.NodeName { # # This installs both, WebServer and the DSC Service for a pull server # # You could do everything manually – which I prefer WindowsFeature DSCServiceFeature { Ensure = "Present" Name = "DSC-Service" } xDscWebService PSDSCPullServer { Ensure = "Present" EndpointName = $Node.PullServerEndPointName Port = $Node.PullServerPort # <————————————— Why this port? PhysicalPath = $Node.PullserverPhysicalPath CertificateThumbPrint = $Node.PullServerThumbprint # <————————- Certificate Thumbprint ModulePath = $Node.PullServerModulePath ConfigurationPath = $Node.PullserverConfigurationPath State = "Started" DependsOn = "[WindowsFeature]DSCServiceFeature" UseSecurityBestPractices = $false } xDscWebService PSDSCComplianceServer { Ensure = "Present" EndpointName = $Node.ComplianceServerEndPointName Port = $Node.ComplianceServerPort PhysicalPath = $Node.ComplianceServerPhysicalPath CertificateThumbPrint = $Node.ComplianceServerThumbPrint State = "Started" # IsComplianceServer = $true – property removed in version 3.8.0.0 — dont know why DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer") UseSecurityBestPractices = $false } } # End Node PullServer } # End Config #break WebNodes -ConfigurationData $ConfigData -OutputPath .\ But when runnig this: Start-DscConfiguration -Path .\ -ComputerName labdscpscore01 -Verbose -Wait -Force I got: Mode LastWriteTime Length Name —- ————- —— —- -a—- 13.05.2017 23:30 18316 labdscpscore01.mof VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSC LocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. VERBOSE: An LCM method call arrived from computer LABDC01 with user sid S-1-5-21-191450192-3335740963-707932236-500. VERBOSE: [LABDSCPSCORE01]: LCM: [ Start Set ] VERBOSE: [LABDSCPSCORE01]: LCM: [ End Set ] The PowerShell DSC resource MSFT_xWebsite from module does not exist at the PowerShell module path nor is it registered as a WMI DSC resource. + CategoryInfo : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException + FullyQualifiedErrorId : DscResourceNotFound + PSComputerName : labdscpscore01 VERBOSE: Operation 'Invoke CimMethod' complete. VERBOSE: Time taken for configuration job to complete is 2.763 seconds I checked and module xWebAdministration in exact mentioned version is there in path C:\Program Files\WindowsPowerShell\Modules. I tried restart hosts (both authoring workstation and destination host) as I read about this here:

Remote Start-DscConfiguration cannot find DSC resources

Also tried like Dave suggested putting modules in C:\Windows\System32\WindowsPowerShell\v1.0 but didn't work either.

Is there something I am missing? Appreciate any help on this as I am out of ideas.

Cheers,
Pawel Jarosz

May 16, 2017 at 8:43 pm

Ok I see that it was pasted weirdly, so basically it tells me that MSFT_xWebsite is not there while it is:

The PowerShell DSC resource MSFT_xWebsite from module does not exist at the PowerShell module path nor is it registered as a WMI DSC resource. + CategoryInfo : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException + FullyQualifiedErrorId : DscResourceNotFound + PSComputerName : labdscpscore01 VERBOSE: Operation 'Invoke CimMethod' complete. VERBOSE: Time taken for configuration job to complete is 2.763 seconds

Appreciate any suggestions as I am out of ideas...
Cheers!

May 17, 2017 at 12:07 am

Pawel,

Couple of questions:
– Are you compiling and running on the same machine (labdscpscore01)?
– Does get-DSCResource return xWebAdministration when you run it on the target machine (labdscpscore01 )?
– Where (folder path) do you have the resources installed on the target machine (labdscpscore01)?

MarkG

May 18, 2017 at 8:06 pm

Hiya Mark,

Firt of all – I see that formatting gone wrong, so the script I am trying to adapt is here:
https://github.com/PowerShellOrg/dsc-summit-precon/blob/master/7.PullServer/1.Config_PullServer-Advanced.ps1

I am compiling on different machine – labdc01.

No the xWebAdministration resource is not there (I thought that this should install it)

Resources are in:
PS C:\Users\Administrator> Get-DscResource | ft *path*
Path
—-
C:\Windows\system32\WindowsPowershell\v1.0\Modules\PsDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\MSF...
C:\Windows\system32\WindowsPowershell\v1.0\Modules\PsDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource...
C:\Windows\system32\WindowsPowershell\v1.0\Modules\PsDesiredStateConfiguration\DSCResources\MSFT_GroupResource\MSFT_...

And here is the moment I start feeling stupid... I think all I need to do is to add something like this to this configuration:

https://david-obrien.net/2015/09/powershell-dsc-to-manage-powershell-modules/

Ehh..will try and let know how it was but I think that would be it, wouldn't be?

May 18, 2017 at 9:26 pm

Now I know that I need to distribute these modules separately (somehow I thought it would be installed by configuration).

Thank you for help Mark!
Pawel

May 19, 2017 at 11:52 pm

Glad you got it worked out, Pawel!

MarkG