April 20, 2015 at 9:07 am #24460
I am currently using a File resource with a credential which has been obtained through Get-Credential. I have a number of machines which are not on a domain but all on the same subnet. One of these machines has a share created on it, the file resource has this Share as its source specified as \\10.10.10.1\MyShare. I have been messing around with the share/file permissions and local policy settings to try and get it accessible without credentials and I have found that SYSTEM users which are not on a domain cannot access a share which is also not on a domain. So I am now trying to use the credential option to access the share but I am getting this message:
A specified logon session does not exist. It may already have been terminated. An error occurs when accessing the network share with the specified credential. Please make sure the credential is correct and the network share is accessible. Note that Credential should not be specified with the local path.
What makes this stranger is that sometimes it works for some File resources but then stops working half way through. Note that I have
Network access: Do not allow storage of passwords and credentials for network authentication.
set to disabled. Any help would be great, thanks.
April 20, 2015 at 11:05 am #24467
I think for you scenario of not domain joined machines it would be better to look at the xRemoteFile DSC resources. Just host the files you need on a web server at use the DSC resource to download one or a bunch of ZIP files into a temporary folder. This will get you around the credentials challenge.
Please let me know what you think.
April 21, 2015 at 5:10 am #24507
Thanks for the idea, I've set up a web server and I've hosted the files there and changed the resources to be xRemoteFile. It appears to be working in terms of accessing it. There are a couple of issues I've found so far, it doesn't appear to support directories like the File resource does, I should be able to work around that. The other issue is that these DSC scripts are run by a lot of people across a lot of machines and because each machine needs the xPSDesiredStateConfiguration module added, there are lots of machines that manually need to have these files added, is there a workaround here? I have seen this: http://trevorsullivan.net/2014/08/21/use-powershell-dsc-to-install-dsc-resources/ but because I can't use the File resource from the not on a domain share this isn't an option.
Out of interest, do you know if it is a known issue that the File resource credentials don't work outside of a domain, is there a reason for it?
April 25, 2015 at 6:02 am #24704
The best way to get the xPSDesiredStateConfiguration resource module or any other module onto every machine is to set up a Pull server and to point your clients to it. With the Pull server set up correctly the clients will automatically download the resource modules (which need to be zipped).
Check out the DSC Hub section on our homepage https://powershell.org/dsc-hub/ and dig into the free DSC ebook.
April 27, 2015 at 4:23 pm #24763
Thanks for your reply. I have read the book and have setup the pull server and have managed to get the required resources copied across automatically and working. I assume that there is no way to get a push configuration working and have the resources pulled down from the pull sever? Also does the configuration only get applied if the MOF changes or does it get rerun every refresh time elapses?
April 28, 2015 at 3:56 am #24793
There is no way in DSC 1.x (PowerShell v4) to mix push and pull but this feature is coming in DSC 2.0 with PowerShell v5.
If you set the ConfiguratonMode to ApplyAndAutoCorrect in the Local Configuration Manager (LCM). The LCM will check your configuration every 30 minutes as a minimum in DSC 1.x and correct any deviation from your configuration. I believe the minimum limit in DSC 2.0 will be lowered to 15 minutes.
FYI – Microsoft will release a new preview of PowerShell v5 on April 30th, 2015.
April 28, 2015 at 5:15 am #24796
Awesome, sounds good, thanks for all your help, Daniel. I don't suppose you have any idea why my initial issue with the File resource actually occurs, I haven't found any documentation or articles stating that it doesn't work outside of domains?
You must be logged in to reply to this topic.