How do I do a basic file transfer using DSC using push or pull?

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of Nitin Gupta Nitin Gupta 7 months ago.

  • Author
    Posts
  • #36452
    Profile photo of Kiran
    Kiran
    Participant

    I have two Windows Server 2012 servers with PowerShell version 4 on them. I want one (I'll call the main) to execute PowerShell commands on the other one (I'll call target node). I configured the main Windows Server to have an SMB share. I could browse to the share from the target node.

    I ran these two lines of PowerShell code on both servers:
    set-item WSMAN:\localhost\client\trustedhosts -value *
    New-PSSessions -ComputerName FQDNofTargetNode -Credential admin

    I was prompted for a password. I entered the password (both times).

    I then ran some code that used a SecureString.txt file with the password. This meant I could log in from the first Windows Server into the target node with no prompts. But here is where my problem is. I cannot pull down a file using a configurations from the target node. Here is the .ps1 file that I ran on the target node:

    Configuration "rf" {
    Node 'guidOfTargetNode" {
    File go {
    Ensure = "Present"
    SourcePath = "\\fqdnOfMainServer\
    DestinationPath = "C:\Temp\cool.txt"
    }
    }
    }
    rf -output "."

    I noted the file path that I ran the above PS1 file in. There were no errors when I ran the script above. I then ran this line:

    Start-DscConfiguration -Wait -Verbose -Path C:\pathOfPS1fileAbove\rf\

    This is what I received: "WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos authentication: A specified logon session does not exist. It may already have been terminated..."

    I never used any CheckSum command. Why cannot I run my DSC ps1 script?

    I tried the push method. I used the same PS1 file. The Start-DSCConfiguration file was the same except I called out the target node with a -ComputerName flag and corresponding FQDN of the target node. I received this error: "WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos authentication: A specified logon session does not exist. It may already have terminated." Why would I get this error? Both servers have the same image, same default services, same ports open.

  • #36617
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Keep in mind that DSC's LCM runs under SYSTEM; it has no off-computer authority. Unless the file share is set up to allow unauthenticated access, you'll need to provide a credential in the configuration.

    However, I'm not sure that's the cause of this problem. You're getting this error attempting to push a configuration from Machine 1 to Machine 2, right? Are you able to Enter-PSSession from Machine 1 to Machine 2?

  • #38564
    Profile photo of Kiran
    Kiran
    Participant

    Yes to both questions. I don't think I completely understand the push model. Can you confirm two things: 1) I must manually transfer over the .mof file and its housing folder to the target server? 2) The target server must have DSC installed on it?

  • #38588
    Profile photo of Nitin Gupta
    Nitin Gupta
    Participant

    The Node where you compile the 'Configuration' ('Main' in your case) and the Node where you send the configuration ('Target' in your case) both need to have WMF installed on them.
    If you want to copy a file from a share on your 'Target' node using DSC, you would need to provide the credential in order to access the File. Like Don mentioned, DSC on the 'Target' node runs as 'Local System' and doesn't have access to the files on the share. The new configuration would look something like this:
    Configuration "rf" {
    Node 'guidOfTargetNode" {
    File go {
    Ensure = "Present"
    SourcePath = "\\fqdnOfMainServer\
    DestinationPath = "C:\Temp\cool.txt"
    Credential = $cred
    }
    }
    }
    rf -output "."

    Because you are using credential you would need to send them securely. Blog contains information on securing credential.
    Sending the DSC configuration in push mode can be done via:
    Start-DscConfiguration -Path -ComputerName -wait -verbose

You must be logged in to reply to this topic.