Tagged: powershell; DSC
August 2, 2017 at 12:48 pm #76423
Failed to get the action from server https://pullserver.westus2.cloudapp.azure.com:8080/PSDSCPullServer.svc/Action(ConfigurationId=\'305633f0-549b-4bb5-ae75-582d8317819e\')/GetAction.
1) I have configured the pull server with https protocol.
2) I was getting above error when client m/c was trying to pull the mof from pull server.
3) when I configured the pull server with http protocol , client machine could pull the configuration file .
so I have missed something when configured the pull server with https protocol , so kindly help me on this issue.
August 2, 2017 at 12:57 pm #76424
Maybe something in the SSL config of the website. Here are a couple of things to check:
1- Verify that the certificate used for the website is trusted on the client side. Easiest way to do that is to load the URL you entered above in a browser and verify the certificate validation from there. Are you using a self-signed certificate or a cert from a CA?
2- Unless you also have a certificate installed on the client, make sure the SSL settings of the website for "Client Certificates" is set to "Ignore" or "Accept" but not "Required"
August 3, 2017 at 1:50 pm #76570
its CA certificate , website ssl setting in ignore mode only . but am facing the issue
August 3, 2017 at 4:36 am #76526
You might also want to check if FIPS mode is enabled on client (info).
Also, you'll find helpful information on Event Viewer, under: Windows > Desired State Configuration > Operational.
August 3, 2017 at 2:24 pm #76576
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure
This is the message I am getting in event viewer
August 3, 2017 at 4:02 pm #76593
Apparently you're using a self sign certificate, no? Make sure to "trust" that certificate on the client computer.
Try to open the URL of the pull server via a regular browser and see if there is SSL issues. Fix that before going to PS.
You must be logged in to reply to this topic.