Author Posts

June 6, 2017 at 2:18 pm

Hello!
I am building a DSC Pull Server HTTPS.
Pull config:

configuration PullHTTPS
{ 
    param  
    ( 
            [string[]]$NodeName = 'localhost', 

            [ValidateNotNullOrEmpty()] 
            [string] $certificateThumbPrint,

            [Parameter(Mandatory)]
            [ValidateNotNullOrEmpty()]
            [string] $RegistrationKey 
     ) 


     Import-DSCResource -ModuleName xPSDesiredStateConfiguration
     Import-DSCResource –ModuleName PSDesiredStateConfiguration

     Node $NodeName 
     { 
         WindowsFeature DSCServiceFeature 
         { 
             Ensure = 'Present'
             Name   = 'DSC-Service'             
         } 

         xDscWebService PSDSCPullServer 
         { 
             Ensure                   = 'Present' 
             EndpointName             = 'PSDSCPullServer' 
             Port                     = 8080 
             PhysicalPath             = "$env:SystemDrive\inetpub\PSDSCPullServer" 
             CertificateThumbPrint    = $certificateThumbPrint          
             ModulePath               = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules" 
             ConfigurationPath        = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" 
             State                    = 'Started'     
             UseSecurityBestPractices = $true
             #DisableSecurityBestPractices = 'SecureTLSProtocols'
             DependsOn                = '[WindowsFeature]DSCServiceFeature'
         } 

        File RegistrationKeyFile
        {
            Ensure          = 'Present'
            Type            = 'File'
            DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
            Contents        = $RegistrationKey
        }
    }
}

PullHTTPS -certificateThumbprint 'MyCertificate' -RegistrationKey 'MyRegistrationKey' -OutputPath c:\Configs\PullServer
Start-DscConfiguration -Path c:\Configs\PullServer -Wait -Verbose

LCM Config on the target node:

[DSCLocalConfigurationManager()]
configuration PullClientConfigID
{
    Node localhost
    {
        Settings
        {
            RefreshMode          = 'Pull'
            RefreshFrequencyMins = 30 
            RebootNodeIfNeeded   = $true
            ConfigurationModeFrequencyMins = 15
            ConfigurationMode = 'ApplyAndMonitor'
        }

        ConfigurationRepositoryWeb MySite
        {
            ServerURL          = 'https://MySite:8080/PSDSCPullServer.svc/'
            AllowUnsecureConnection =             $false
            RegistrationKey    = 'MyRegistrationKey'

            ConfigurationNames = @('web')
        }   

        ReportServerWeb MySite
        {
            ServerURL       = 'https://MySite:8080/PSDSCPullServer.svc/'
AllowUnsecureConnection =             $false
            RegistrationKey = 'MyRegistrationKey'

        }
    }
}

PullClientConfigID -OutputPath c:\Configs\TargetNodes

when I do "Set-DscLocalConfigurationManager -Path c:\Configs\TargetNodes -force" to apply the LCM config, I get this errors:

Registration of the Dsc Agent with the server https://qfrspvsma002:8080/PSDSCPullServer.svc/ failed. The underlying error is: Failed to register Dsc Agent 
with AgentId 0011F6B4-0012-11E7-80BD-00155DA7BE14 with the server 
https://MySite:8080/PSDSCPullServer.svc//Nodes(AgentId='0011F6B4-0012-11E7-80BD-00155DA7BE14'). .
    + CategoryInfo          : InvalidResult: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : RegisterDscAgentCommandFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.RegisterDscAgentCommand
    + PSComputerName        : localhost

I think it's a problem of certificate but I don't know how to fix it.

I have created a selfsigned certificated on my pull server.

Thank's for your help.

June 6, 2017 at 2:42 pm

I still can't fixe my issues.

I get this error in my eventviewer on the node:

Job {5CDC0177-4ABB-11E7-80C7-00155DA7BE14} : 
Http Client 0011F6B4-0012-11E7-80BD-00155DA7BE14 failed for WebReportManager for configuration 
FullyQualifiedErrorId :ReportManagerSendStatusReportFailed
 CategoryInfo:InvalidResult: (:) [], InvalidOperationException
 ExceptionMessage:Failed to send status report to the server https://MySite:8080/PSDSCPullServer.svc//Nodes(AgentId='0011F6B4-0012-11E7-80BD-00155DA7BE14')/SendReport.
, InnerExceptionSystem.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Microsoft.PowerShell.DesiredStateConfiguration.Commands.SendDscStatusCommand.IssueRequest(HttpClient client, String subLink, ErrorRecord& errorRecord)
---> (Inner Exception #0) System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---< ---

.

I think I haven't create a good certificate.
I just did create a selfsigne certificate on my IIs server and after copy my Thundirbirt on c:cert/LM/My to configure my pull server.

Could you help me.?
Thank's

June 7, 2017 at 1:38 pm

hello!

Issue resolved. It was a problem of certificate with my SAN. I fix it.

Thank's You