errors with HTTPS Pull server

This topic contains 3 replies, has 2 voices, and was last updated by  Arnold 2 months, 2 weeks ago.

  • Author
    Posts
  • #72193

    Arnold
    Participant

    Hello!
    I am building a DSC Pull Server HTTPS.
    Pull config:

    configuration PullHTTPS
    { 
        param  
        ( 
                [string[]]$NodeName = 'localhost', 
    
                [ValidateNotNullOrEmpty()] 
                [string] $certificateThumbPrint,
    
                [Parameter(Mandatory)]
                [ValidateNotNullOrEmpty()]
                [string] $RegistrationKey 
         ) 
    
    
         Import-DSCResource -ModuleName xPSDesiredStateConfiguration
         Import-DSCResource –ModuleName PSDesiredStateConfiguration
    
         Node $NodeName 
         { 
             WindowsFeature DSCServiceFeature 
             { 
                 Ensure = 'Present'
                 Name   = 'DSC-Service'             
             } 
    
             xDscWebService PSDSCPullServer 
             { 
                 Ensure                   = 'Present' 
                 EndpointName             = 'PSDSCPullServer' 
                 Port                     = 8080 
                 PhysicalPath             = "$env:SystemDrive\inetpub\PSDSCPullServer" 
                 CertificateThumbPrint    = $certificateThumbPrint          
                 ModulePath               = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules" 
                 ConfigurationPath        = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" 
                 State                    = 'Started'     
                 UseSecurityBestPractices = $true
                 #DisableSecurityBestPractices = 'SecureTLSProtocols'
                 DependsOn                = '[WindowsFeature]DSCServiceFeature'
             } 
    
            File RegistrationKeyFile
            {
                Ensure          = 'Present'
                Type            = 'File'
                DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
                Contents        = $RegistrationKey
            }
        }
    }
    
    PullHTTPS -certificateThumbprint 'MyCertificate' -RegistrationKey 'MyRegistrationKey' -OutputPath c:\Configs\PullServer
    Start-DscConfiguration -Path c:\Configs\PullServer -Wait -Verbose
    

    LCM Config on the target node:

    [DSCLocalConfigurationManager()]
    configuration PullClientConfigID
    {
        Node localhost
        {
            Settings
            {
                RefreshMode          = 'Pull'
                RefreshFrequencyMins = 30 
                RebootNodeIfNeeded   = $true
                ConfigurationModeFrequencyMins = 15
                ConfigurationMode = 'ApplyAndMonitor'
            }
    
            ConfigurationRepositoryWeb MySite
            {
                ServerURL          = 'https://MySite:8080/PSDSCPullServer.svc/'
                AllowUnsecureConnection =             $false
                RegistrationKey    = 'MyRegistrationKey'
    
                ConfigurationNames = @('web')
            }   
    
            ReportServerWeb MySite
            {
                ServerURL       = 'https://MySite:8080/PSDSCPullServer.svc/'
    AllowUnsecureConnection =             $false
                RegistrationKey = 'MyRegistrationKey'
    
            }
        }
    }
    
    PullClientConfigID -OutputPath c:\Configs\TargetNodes
    

    when I do "Set-DscLocalConfigurationManager -Path c:\Configs\TargetNodes -force" to apply the LCM config, I get this errors:

    Registration of the Dsc Agent with the server https://qfrspvsma002:8080/PSDSCPullServer.svc/ failed. The underlying error is: Failed to register Dsc Agent 
    with AgentId 0011F6B4-0012-11E7-80BD-00155DA7BE14 with the server 
    https://MySite:8080/PSDSCPullServer.svc//Nodes(AgentId='0011F6B4-0012-11E7-80BD-00155DA7BE14'). .
        + CategoryInfo          : InvalidResult: (root/Microsoft/...gurationManager:String) [], CimException
        + FullyQualifiedErrorId : RegisterDscAgentCommandFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.RegisterDscAgentCommand
        + PSComputerName        : localhost
    

    I think it's a problem of certificate but I don't know how to fix it.

    I have created a selfsigned certificated on my pull server.

    Thank's for your help.

  • #72199

    eugene r
    Participant
    • #72200

      Arnold
      Participant

      I still can't fixe my issues.

      I get this error in my eventviewer on the node:

      Job {5CDC0177-4ABB-11E7-80C7-00155DA7BE14} : 
      Http Client 0011F6B4-0012-11E7-80BD-00155DA7BE14 failed for WebReportManager for configuration 
      FullyQualifiedErrorId :ReportManagerSendStatusReportFailed
       CategoryInfo:InvalidResult: (:) [], InvalidOperationException
       ExceptionMessage:Failed to send status report to the server https://MySite:8080/PSDSCPullServer.svc//Nodes(AgentId='0011F6B4-0012-11E7-80BD-00155DA7BE14')/SendReport.
      , InnerExceptionSystem.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
         at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
         at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
         --- End of inner exception stack trace ---
         at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
         at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
         --- End of inner exception stack trace ---
         --- End of inner exception stack trace ---
         at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
         at Microsoft.PowerShell.DesiredStateConfiguration.Commands.SendDscStatusCommand.IssueRequest(HttpClient client, String subLink, ErrorRecord& errorRecord)
      ---> (Inner Exception #0) System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
         at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
         at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
         --- End of inner exception stack trace ---
         at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
         at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
         --- End of inner exception stack trace ---< ---
      
      .
      

      I think I haven't create a good certificate.
      I just did create a selfsigne certificate on my IIs server and after copy my Thundirbirt on c:cert/LM/My to configure my pull server.

      Could you help me.?
      Thank's

  • #72302

    Arnold
    Participant

    hello!

    Issue resolved. It was a problem of certificate with my SAN. I fix it.

    Thank's You

You must be logged in to reply to this topic.