Https Pull Server Issues

This topic contains 7 replies, has 3 voices, and was last updated by Profile photo of Ben Williams Ben Williams 3 months, 1 week ago.

  • Author
    Posts
  • #52028
    Profile photo of Ben Williams
    Ben Williams
    Participant

    I've been attempting to set up a DSC Pull Server at my organization. I'm able to set up the pull server as http (AllowUnencryptedTraffic) with no issues. I can also see XML when I visit the page.

    When I attempt to configure it using the example at

    I get no DSC errors, but it doesn't appear the PullServer.svc is set up correctly. When I try to visit the page, I get a "Page can't be found message".

    I have WMF 5.0 installed on the pull server and the client machine. Both are 2012R2.

    I'm wondering, should I be able to see xml when I navigate to https://localhost:8080/PullServer.svc on the local pull server?

  • #52045
    Profile photo of Arie H
    Arie H
    Participant

    Hi,

    you're missing the link to show us what sample you followed
    but make sure the following is correct:

    1. you have the certificate already on the node where the pull server will be installed
    2. the thumbprint of the certificate appears in the thumbprint property inside the script or your passing it as
    parameter when you run the configuration script.

    https://msdn.microsoft.com/en-us/powershell/dsc/pullserver

  • #52063
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Pull server doesn't actually use XML, and unless it receives a proper request – including headers – it won't return a reply, or can return a 401 or 404. You can't really just browse to it.

    In terms of SSL, that's all configured at the IIS level.

  • #52128
    Profile photo of Don Jones
    Don Jones
    Keymaster

    I'm confused.

    You set the pull server up originally as HTTP; you're trying to switch to HTTPS. Why is there a certificate on the node?

    The nodes don't use certificates in a normal SSL scenario. The server needs an SSL certificate, just as with any web server. Is that already in place?

  • #52130
    Profile photo of Ben Williams
    Ben Williams
    Participant

    Sorry, I misspoke I meant server, not node. The certificate is installed on the server.

  • #52146
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You should use IIS Manager to ensure that the cert is properly bound to the website.

    Additionally, since you seem to be using ConfigurationNames, make sure the node is configured to use a valid RegistrationKey, and that the server has a matching one. You can also try removing the pull server's database and log files to sort of force it to "start over."

    I'm a little concerned about the "used to be able to see XML," because the service on the pull server shouldn't return XML under normal operation. It either returns nothing (the registration PUT operation), or it returns an octet-stream (configuration MOF or module POST operations). I've got all that documented in "The DSC Book" on LeanPub, now.

    • #52400
      Profile photo of Ben Williams
      Ben Williams
      Participant

      I ended up re-imaging the server to start over. It ended up being a problem with IIS. We change the IIS default path to another drive (D:\Inetpub). Once I changed the physical path to D:\Inetpub, it worked. Thanks for all of your help!

You must be logged in to reply to this topic.