Author Posts

June 22, 2016 at 5:16 am

This will probably get really long, so I apologize in advance. I am thorough.

Steps so far:
Installed Gui 2012 R2, ran all updates.
Installed WMF 5.0.
Running all newest DSC cmdlets and xDSC cmdlets. Everything super clean.
Followed instructions here: https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
Specifically, the "configuration Sample_xDscPullServer"

Result so far:
The last step (installing DSC Service/IIS) errored out, not good. I'm not sure if it matters or not, but the errors make me nervous, as this is the second time trying to set this thing up, and the first time I ran into a plethora of buggy looking things and I am wondering if they are related to the xDSCWebService resource.

This is the verbose output logged in a json file:

[
  {"time": "2016-06-21T21:43:47.579-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Set      ]      "},
  {"time": "2016-06-21T21:43:50.413-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Resource ]  [[WindowsFeature]DSCServiceFeature]  "},
  {"time": "2016-06-21T21:43:50.413-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Test     ]  [[WindowsFeature]DSCServiceFeature]  "},
  {"time": "2016-06-21T21:43:53.312-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started: DSC-Service"},
  {"time": "2016-06-21T21:43:53.719-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeeded: DSC-Service"},
  {"time": "2016-06-21T21:43:53.782-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Test     ]  [[WindowsFeature]DSCServiceFeature]  in 3.3680 seconds."},
  {"time": "2016-06-21T21:43:53.782-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Set      ]  [[WindowsFeature]DSCServiceFeature]  "},
  {"time": "2016-06-21T21:43:53.876-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[WindowsFeature]DSCServiceFeature] Installation started... "},
  {"time": "2016-06-21T21:43:54.157-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[WindowsFeature]DSCServiceFeature] Continue with installation?"},
  {"time": "2016-06-21T21:43:54.157-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[WindowsFeature]DSCServiceFeature] Prerequisite processing started..."},
  {"time": "2016-06-21T21:43:57.201-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[WindowsFeature]DSCServiceFeature] Prerequisite processing succeeded."},
  {"time": "2016-06-21T21:46:28.404-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[WindowsFeature]DSCServiceFeature] Installation succeeded."},
  {"time": "2016-06-21T21:46:28.435-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[WindowsFeature]DSCServiceFeature] Successfully installed the feature DSC-Service."},
  {"time": "2016-06-21T21:46:28.466-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Set      ]  [[WindowsFeature]DSCServiceFeature]  in 154.6850 seconds."},
  {"time": "2016-06-21T21:46:28.466-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Resource ]  [[WindowsFeature]DSCServiceFeature]  "},
  {"time": "2016-06-21T21:46:28.466-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Resource ]  [[xDSCWebService]PSDSCPullServer]  "},
  {"time": "2016-06-21T21:46:28.466-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Test     ]  [[xDSCWebService]PSDSCPullServer]  "},
  {"time": "2016-06-21T21:46:36.575-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[xDSCWebService]PSDSCPullServer] Check Ensure"},
  {"time": "2016-06-21T21:46:36.590-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[xDSCWebService]PSDSCPullServer] The Website PSDSCPullServer is not present"},
  {"time": "2016-06-21T21:46:36.590-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Test     ]  [[xDSCWebService]PSDSCPullServer]  in 8.1240 seconds."},
  {"time": "2016-06-21T21:46:36.590-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Set      ]  [[xDSCWebService]PSDSCPullServer]  "},
  {"time": "2016-06-21T21:46:36.700-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[xDSCWebService]PSDSCPullServer] Create the IIS endpoint"},
  {"time": "2016-06-21T21:46:37.075-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[xDSCWebService]PSDSCPullServer] Setting up endpoint at - https://KYLE-DSC:8080/PSDSCPullServer.svc"},
  {"time": "2016-06-21T21:46:37.122-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[xDSCWebService]PSDSCPullServer] Verify that the certificate with the provided thumbprint exists in CERT:\\LocalMachine\\MY\\"},
  {"time": "2016-06-21T21:46:37.263-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[xDSCWebService]PSDSCPullServer] Checking IIS requirements"},
  {"time": "2016-06-21T21:46:37.748-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[xDSCWebService]PSDSCPullServer] Delete the App Pool if it exists"},
  {"time": "2016-06-21T21:46:38.563-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[xDSCWebService]PSDSCPullServer] Remove the site if it already exists"},
  {"time": "2016-06-21T21:46:43.098-7:00", "type": "error", "message": "The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo object."},
  {"time": "2016-06-21T21:46:43.301-7:00", "type": "error", "message": "The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo object."},
  {"time": "2016-06-21T21:46:43.317-7:00", "type": "error", "message": "The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo object."},
  {"time": "2016-06-21T21:46:46.464-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Set      ]  [[xDSCWebService]PSDSCPullServer]  in 9.8730 seconds."},
  {"time": "2016-06-21T21:46:46.479-7:00", "type": "error", "message": "The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo '::20::10::xDscWebService' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details."},
  {"time": "2016-06-21T21:46:46.511-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Resource ]  [[File]RegistrationKeyFile]  "},
  {"time": "2016-06-21T21:46:46.526-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Test     ]  [[File]RegistrationKeyFile]  "},
  {"time": "2016-06-21T21:46:46.667-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[File]RegistrationKeyFile] The system cannot find the file specified.\r\n"},
  {"time": "2016-06-21T21:46:46.683-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[File]RegistrationKeyFile] The related file/directory is: C:\\Program Files\\WindowsPowerShell\\DscService\\RegistrationKeys.txt. "},
  {"time": "2016-06-21T21:46:46.683-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Test     ]  [[File]RegistrationKeyFile]  in 0.1560 seconds."},
  {"time": "2016-06-21T21:46:46.683-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ Start  Set      ]  [[File]RegistrationKeyFile]  "},
  {"time": "2016-06-21T21:46:46.698-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[File]RegistrationKeyFile] The system cannot find the file specified.\r\n"},
  {"time": "2016-06-21T21:46:46.698-7:00", "type": "verbose", "message": "[KYLE-DSC]:                            [[File]RegistrationKeyFile] The related file/directory is: C:\\Program Files\\WindowsPowerShell\\DscService\\RegistrationKeys.txt. "},
  {"time": "2016-06-21T21:46:46.714-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Set      ]  [[File]RegistrationKeyFile]  in 0.0320 seconds."},
  {"time": "2016-06-21T21:46:46.714-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Resource ]  [[File]RegistrationKeyFile]  "},
  {"time": "2016-06-21T21:46:46.714-7:00", "type": "verbose", "message": "[KYLE-DSC]: LCM:  [ End    Set      ]      "}
]

Also, here are the Events Logged by DSC as Windows Events; some of the information is the same as above. also, these events are in Reverse order. Sorry.

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} : Details logging completed for C:\Windows\System32\Configuration\Configurati
onStatus\{E4AC7EF6-3833-11E6-80B5-00155D058C04}-0.details.json.

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
MIResult: 1
Error Message: The SendConfigurationApply function did not succeed.
Message ID: MI RESULT 1
Error Category: 0
Error Code: 1
Error Type: MI

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
MIResult: 1
Error Message: The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo '::20::10::xDscWebService'
threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to
the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
Message ID: NonTerminatingErrorFromProvider
Error Category: 7
Error Code: 1
Error Type: MI

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
This event indicates that failure happens when LCM is processing the configuration. Error Id is 0x1. Error Detail is The
 SendConfigurationApply function did not succeed.. Resource Id is [xDSCWebService]PSDSCPullServer and Source Info is ::2
0::10::xDscWebService. Error Message is The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo ':
:20::10::xDscWebService' threw one or more non-terminating errors while running the Set-TargetResource functionality. Th
ese errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more detail
s..

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
MIResult: 1
Error Message: The expression after '&' in a pipeline element produced an object that was not valid. It must result in a
 command name, a script block, or a CommandInfo object.
Message ID: BadExpression
Error Category: 7
Error Code: 7
Error Type: MI

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_xDS
CWebService DSC resource. FullyQualifiedErrorId is BadExpression. Error Message is The expression after '&' in a pipelin
e element produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo obje
ct..

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
MIResult: 1
Error Message: The expression after '&' in a pipeline element produced an object that was not valid. It must result in a
 command name, a script block, or a CommandInfo object.
Message ID: BadExpression
Error Category: 7
Error Code: 7
Error Type: MI

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_xDS
CWebService DSC resource. FullyQualifiedErrorId is BadExpression. Error Message is The expression after '&' in a pipelin
e element produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo obje
ct..

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
MIResult: 1
Error Message: The expression after '&' in a pipeline element produced an object that was not valid. It must result in a
 command name, a script block, or a CommandInfo object.
Message ID: BadExpression
Error Category: 7
Error Code: 7
Error Type: MI

Job {E4AC7EF6-3833-11E6-80B5-00155D058C04} :
This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_xDS
CWebService DSC resource. FullyQualifiedErrorId is BadExpression. Error Message is The expression after '&' in a pipelin
e element produced an object that was not valid. It must result in a command name, a script block, or a CommandInfo obje
ct..

I'm not sure if this means that the Resource is broken, or simply throwing errors due to not having fit and finish checks in place to avoid unneeded error messages. I'll probably be digging into the project page and looking at the code pretty soon. In the meantime, I wanted to post what I'm seeing, in case it helps anyone else in the future.

I'll try to register an Agent, which did not work correctly the last time I tried. I eventually got it sort of working, but after undocumented troubleshooting steps, so I'm starting over from scratch. This time, I have a Hyper-V checkpoint, so it won't be so much trouble to go back.

June 22, 2016 at 6:38 am

So,

I'm still getting the same error I got last time, on the IIS side, where it says this is an Unauthorized response to Register a Node/Agent,

PS C:\DSC\Configs> Set-DscLocalConfigurationManager -Path .\DefaultLCMConfig -ComputerName kyle-ipam
Registration of the Dsc Agent with the server https://Kyle-DSC.home.local:8080/PSDSCPullServer.svc failed. The
underlying error is: The attempt to register Dsc Agent with AgentId D556460A-376D-11E6-80B5-00155D058C05 with the
server https://kyle-dsc.home.local:8080/PSDSCPullServer.svc/Nodes(AgentId='D556460A-376D-11E6-80B5-00155D058C05')
returned unexpected response code Unauthorized. .
    + CategoryInfo          : InvalidResult: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : RegisterDscAgentUnsuccessful,Microsoft.PowerShell.DesiredStateConfiguration.Commands.Reg
   isterDscAgentCommand
    + PSComputerName        : kyle-ipam

I do get the XML output from navigating to https://kyle-dsc.home.local:8080/PSDSCPullServer.svc/ , so the server is up and GET requests seem successful (Cert is also good). The PUT requests for adding the Node/Agent fail, and I have no idea what is going on internally.

I have to add some more details now.

This is my LCM config I'm pushing from the Pull Server:

[DSCLocalConfigurationManager()]
configuration DefaultLCMConfig
{
    param(
        [Parameter()]
        [ValidateScript({$_ -match "^[a-zA-Z0-9-]+$"})]
        [string]$Hostname="localhost"
    )

    Node $Hostname
    {
        Settings
        {
            ConfigurationModeFrequencyMins = 15
            RebootNodeIfNeeded = $true
            ConfigurationMode = 'ApplyAndAutoCorrect'
            ActionAfterReboot = 'ContinueConfiguration'
            RefreshMode = 'Pull'
            RefreshFrequencyMins = 30
            AllowModuleOverwrite = $true
            DebugMode = 'ForceModuleImport'
            StatusRetentionTimeInDays = 14
        }

        ConfigurationRepositoryWeb DSCRepo
        {
            AllowUnsecureConnection = $false
            RegistrationKey = 'ed231766-f20e-4cf3-93d3-a90ab23bd4f5'
            ServerURL = 'https://Kyle-DSC.home.local:8080/PSDSCPullServer.svc'
            ConfigurationNames = @('test')
        }

        ReportServerWeb DSCRepo
        {
            ServerURL = 'https://Kyle-DSC.home.local:8080/PSDSCPullServer.svc'
        }
    }
}

Also, to let you know, I also tried "AllowUnsecureConnection = $true", with no change.

Further details:

PowerShell Version – 5.0.10586.117
xPSDesiredStateConfiguration Version – 3.10.0.0 – xDSCWebService was updated like 19 days ago?

Am I missing something? Am I a complete idiot?

I can sort of fix this by fiddling with IIS, but I don't want to do that because it didn't fix everything reliably.

I also noticed there are a lot of commits recently to xPSDesiredStateConfiguration recently, so maybe that's part of my issue and others might not have seen it in the past?

  • This reply was modified 2 years, 2 months ago by  Kyle Berger.

June 22, 2016 at 9:48 am

Hi,

can you also post your pull server creation script and the commands you used to create it as well, please ?

I assume you already have a mof and checksum for the configurationname value residing in the configuration subfolder ?

June 23, 2016 at 2:07 am

"can you also post your pull server creation script and the commands you used to create it as well, please ?"

I did, by mentioning this:

Followed instructions here: https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
Specifically, the "configuration Sample_xDscPullServer"

I could have been more clear, though. The command is simply running the configuration and supplying the Cert thumbprint and GUID registration key, then compiling the configuration and an mof and applying the configuration. It is the same as on the Documentation.

I captured this in my personal notes: "Start-DscConfiguration -Path .\Sample_xDscPullServer -Wait -Verbose -ComputerName localhost"

"I assume you already have a mof and checksum for the configurationname value residing in the configuration subfolder ?"

Yes, but that shouldn't affect the Registration of a node, right? Hopefully not, anyway. (As a side note: I got pulls sort of working on the first Pull server attempt, put the checksum failed, so that is probably another bug to tackle later)

The problem I'm running into is I think there are some bugs in the IIS configuration, but difficult to prove, as the configuration is quite complex and I haven't been able to entirely follow the code on Github. I get to the general area, but my lack of IIS knowledge sort of hinders my investigation.

June 23, 2016 at 2:48 am

Well, I finally figured out how to setup trace logs for IIS. Here comes the info!


I posted some XML here earlier, and it didn't like that...

This is what I'm seeing that is telling:

remoteUserName="PSDSCUser"
userName="PSDSCUser"
tokenUserName="HOME\KYLE-DSC$"
authenticationType="PSDSCAuthentication"

I'm not familiar with what is meant by that Authentication Type.

I have no idea what or where PSDSCUser is.

It confirms I'm indeed getting a 401.3 error, which normally means the issue is local NTFS rights. I would concur, because I can make some changes and sort of get it working, although I haven't done that this time just yet.

https://support.microsoft.com/en-us/kb/942042

The PSWS Application Pool is configured to run as LocalSystem.

The PSDSCPullServer Site is configured only with Anonymous Authentication set to use IUSR locally.

I'm thinking something is up with the authentication settings, and perhaps other issues as well. I will continue to investigate further.

  • This reply was modified 2 years, 2 months ago by  Kyle Berger.

June 23, 2016 at 3:53 am

So,

I'm getting different responses after messing with the IIS rights. I've changed the user Identity of the PSWS Application Pool to run as ApplicationPoolIdentity, so I can then setup the rights to the Site based upon the PSWS Identity User as Full Permissions. I'm still running into issues, but they aren't the same 401.3 error as before. Registration of the node appears to still be sort of broken. Instead of erroring out quickly, it sits and runs for a good long time (401 seconds). It throws an error. The output is this:


PS C:\DSC\Configs> Set-DscLocalConfigurationManager -Path .\DefaultLCMConfig -ComputerName kyle-ipam -Verbose
VERBOSE: Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target
"MSFT_DSCLocalConfigurationManager".
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' =
SendMetaConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer KYLE-DSC with user sid
S-1-5-21-3149736864-2278915772-2866003438-1107.
VERBOSE: [KYLE-IPAM]: LCM:  [ Start  Set      ]
VERBOSE: [KYLE-IPAM]: LCM:  [ Start  Resource ]  [MSFT_DSCMetaConfiguration]
VERBOSE: [KYLE-IPAM]: LCM:  [ Start  Set      ]  [MSFT_DSCMetaConfiguration]
VERBOSE: [KYLE-IPAM]: LCM:  [ End    Set      ]  [MSFT_DSCMetaConfiguration]  in 0.0160 seconds.
VERBOSE: [KYLE-IPAM]: LCM:  [ End    Resource ]  [MSFT_DSCMetaConfiguration]
VERBOSE: [KYLE-IPAM]: LCM:  [ End    Set      ]
Registration of the Dsc Agent with the server https://Kyle-DSC.home.local:8080/PSDSCPullServer.svc failed. The
underlying error is: Failed to register Dsc Agent with AgentId D556460A-376D-11E6-80B5-00155D058C05 with the server
https://kyle-dsc.home.local:8080/PSDSCPullServer.svc/Nodes(AgentId='D556460A-376D-11E6-80B5-00155D058C05'). .
    + CategoryInfo          : InvalidResult: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : RegisterDscAgentCommandFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.Re
   gisterDscAgentCommand
    + PSComputerName        : kyle-ipam

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Set-DscLocalConfigurationManager finished in 401.33 seconds.

It pulls the 'test' configuration, but doesn't seem to apply it correctly, as it is for some odd reason set to "Ensure = 'absent'" on the Pull client.

The failure does not appear to be registered in the event logs:

PS C:\DSC\Configs> Get-xDscOperation

ComputerName   SequenceId TimeCreated           Result   JobID                                 AllEvents
------------   ---------- -----------           ------   -----                                 ---------
KYLE-DSC       1          6/22/2016 8:08:18 PM  Success                                        {@{Message=; TimeC...
KYLE-DSC       2          6/22/2016 8:07:19 PM  Success                                        {@{Message=; TimeC...
KYLE-DSC       3          6/22/2016 8:07:19 PM  Success  96e05508-38ef-11e6-80b7-00155d058c04  {@{Message=Operati...
KYLE-DSC       4          6/22/2016 7:52:25 PM  Success  7e72b1f0-38ed-11e6-80b7-00155d058c04  {@{Message=Running...
KYLE-DSC       5          6/22/2016 7:52:24 PM  Success                                        {@{Message=; TimeC...
KYLE-DSC       6          6/22/2016 7:52:24 PM  Success  7e72b1ef-38ed-11e6-80b7-00155d058c04  {@{Message=Running...
KYLE-DSC       7          6/22/2016 7:37:24 PM  Success  65fb96c2-38eb-11e6-80b7-00155d058c04  {@{Message=Running...
KYLE-DSC       8          6/22/2016 7:22:27 PM  Success  4d8330de-38e9-11e6-80b7-00155d058c04  {@{Message=Running...
KYLE-DSC       9          6/22/2016 7:22:26 PM  Success  4d8330dd-38e9-11e6-80b7-00155d058c04  {@{Message=Running...
KYLE-DSC       10         6/22/2016 7:07:19 PM  Success  350ba6bf-38e7-11e6-80b7-00155d058c04  {@{Message=Operati...

After all of that, I decided to set the Site's Anonymous Authentication to use the Application Pool Identity user instead of IUSR to see what would happen, because I already set the Application Pool to use that same user. Figured, why not try it?

Doesn't work, same stuff.

I decided to change the PSWS Identity back to LocalSystem, and I'm directly back to Unauthorized. Ok, the original symptom is directly related to this setting.

I decided to set it to "Network Service" instead, and add NTFS Full Access Permissions to the Site for Network Service.

Now I'm back to the same thing about it being really slow to apply the LCM configuration and it sits there for a long time, and sort of kind of works but doesn't work.

Ok, I'm basically back to where I started and I have no idea what the hell is going on. I set the Identity and Authentication back to original settings, and Unauthorized is back. :'(

June 23, 2016 at 4:20 am

OMG,

I decided to take a look at my RegistrationKeys.txt after looking through the IIS trace again and realizing it also told me (very long file) that the Registration Key was not valid...

I check the file, and find out it is filled with the contents of the Certificate Thumbprint! The certificate thumbprint is also set correctly, so I didn't think anything of it previously.

I had these same issue on my last server, where I did set the RegistrationKeys.txt correctly (I checked), but for some reason this one is now apparently registering correctly. What in da heck?

I'm obviously totally mental. Well, I can't argue with the results. I'm still having issues with 'test' config, so I'll open another forum post for that if I can't figure it out myself. Until then, I suppose this is resolved by me making some kind of mistake that I didn't notice until now.

June 23, 2016 at 7:17 am

For future reference:

Dont change the application pool identity of PSWS. It has to be LocalSystem. That's how it was designed to work.
At least until a point in the future when or if they change it.

June 23, 2016 at 3:16 pm

Hi Kyle,

Did you make any headway into the error:

Error Message: The expression after '&' in a pipeline element produced an object that was not valid. It must result in a
command name, a script block, or a CommandInfo object.
Message ID: BadExpression
Error Category: 7
Error Code: 7
Error Type: MI

I am getting the same exact error when trying to create my pull server. I have gone to the extent of totally rebuilding the machine from a ISO so I know there are no remnants of old settings haunting me. I don't want to even try to set node configurations until I get a clean Pull Server build. If you figured anything out I would greatly appreciate your insights.

Thanks,

Ed

June 25, 2016 at 4:57 am

Ed,

So far, they seem to be errors we can ignore. At least as far as I have seen.

I re-ran the configuration after rebuilding the mof, and it created the registration key file correctly, so I must have stupidly pasted the Thumbprint twice. Other than that, most everything is working. I am having an issue with "ConfigurationNames = " when there is more than one configuration, which I'll post about shortly. I doubt that is related to the non-terminating errors associated with the Pull Server setup resources.