HTTPS PullServer not working

Welcome Forums DSC (Desired State Configuration) HTTPS PullServer not working

This topic contains 4 replies, has 3 voices, and was last updated by

 
Participant
6 months, 3 weeks ago.

  • Author
    Posts
  • #16459

    Participant
    Points: 0
    Rank: Member

    Hi,

    i have set up a working http pull server (Windows 2008 R2 SP1). Now i want to change the server to https.

    What i have done so far:
    1)Created a self signed certificate (Server Authentication, Client authentication, Exportalbe)
    2)Imported the certificate (machine) to Personal, and Trusted Root Certification
    3)in IIS i have created a https binding to the site with the imported certificate
    4)configured the LCM with the cert thumbprint and https url (AllowUnsecureConnection=false)
    AllowModuleOverwrite : True
    CertificateID : 277E16A219CA3F003672DCC0703AA3310A0924FA
    ConfigurationID : cf4fd7e6-d958-4981-b757-22c99f911b71
    ConfigurationMode : ApplyAndAutoCorrect
    ConfigurationModeFrequencyMins : 60
    Credential :
    DownloadManagerCustomData : {MSFT_KeyValuePair (key = "ServerUrl"), MSFT_KeyValuePair (key = "AllowUnsecureConnection")}
    DownloadManagerName : WebDownloadManager
    RebootNodeIfNeeded : True
    RefreshFrequencyMins : 15
    RefreshMode : Pull
    PSComputerName :

    If i try to get configuration i get the followoing error:
    Invoke-CimMethod : Failed to get the action from server
    https://pspullserver/PSDSCPullServer/PSDSCPullServer.svc/Action(ConfigurationId='cf4fd7e6-d958-4981-b757-22c99f911b71')/GetAction.
    At C:\DSC\Invoke-DscPull.ps1:35 char:5
    + Invoke-CimMethod @parameters
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidResult: (root/microsoft/...gurationManager:String) [Invoke-CimMethod], CimException
    + FullyQualifiedErrorId : WebDownloadManagerGetActionFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand,Microsoft.Management.Infrast
    ructure.CimCmdlets.InvokeCimMethodCommand
    + PSComputerName : localhost

    I i launch the url in the browser i get this error:
    This error (HTTP 405 Method Not Allowed) means that Internet Explorer was able to connect to the website, but the site has a programming error.

    i can successfully open the svc url:
    https://pspullserver/PSDSCPullServer/PSDSCPullServer.svc

    Please let me know what i could have done wrong here.

    BTW: Are there any resources on how to setup a pull server with a certificate?

    Thanks in advance

  • #16462

    Participant
    Points: 0
    Rank: Member

    I am sorry i had a typo in the CN Name of the certificate. In eventviewer i then found this message:
    [Thumbprint]
    72C5D88EE62ADF3D4338DFA11D8B380ED68EF9D3
    RemoteCertificateNameMismatch.

    Thanks

  • #16469

    Keymaster
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    You have to configure the pull server, not the LCM, to have the certificate – I'm not clear if you've done that. And, your LCM configuration still says to use Http. Also, self-signed certificates won't really work for pull. You need to use a cert that is trusted by pulling nodes.

  • #105526

    Participant
    Points: 22
    Rank: Member

    Hello,

    I started with DSC watching Jason and Jefrrey Snover's videos at MVA.

    I'm trying to configure an HTTPS Pull Server on a Windows Server 2012 with WMF 5.1 an got stuck with an error. Before showing what the error is, let me give you an idea of the steps I performed.

    1. I prepared a PKI infrastructure for my domain and generated a valid (nonself-signed) certificate
    2. I setup the pull server (using the MVA scripts/configurations) with the thumbprint's certificate.
      The server is running correctly either in the browser (https://vmdt01.dggh.es:8080/PSDSCPullServer.svc) or using the verify-DSCPullserver function
    3. Then I set the following LCM configuration for a specific node and it ran correctly.
      [DSCLocalConfigurationManager()]
      Configuration LCM_HTTPSPULL 
      {
          param
              (
                  [Parameter(Mandatory=$true)]
                  [string[]]$ComputerName,
      
                  [Parameter(Mandatory=$true)]
                  [string]$guid
      
              )      	
      	Node $ComputerName {
      	
      		Settings {
      		
      			AllowModuleOverwrite = $True
                  ConfigurationMode = 'ApplyAndAutoCorrect'
      			RefreshMode = 'Pull'
      			ConfigurationID = $guid
                  }
      
                  ConfigurationRepositoryWeb DSCHTTPS {
                      ServerURL = 'https://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
                      CertificateID = '9F00EDBDFB791C7AAD9200E9E0BA8FD59684B419'
                      AllowUnsecureConnection = $False
                  }
      	}
      }
      
      # Computer list 
      $ComputerName='VCONTAB6-W10'
      
      # Create the Computer.Meta.Mof in folder
      LCM_HTTPSPULL -ComputerName $ComputerName -Guid '64cf90fc-6e55-4e62-9dff-c45e61dc429a' -OutputPath E:\DSC\HTTPS
      
    4. I generated the configuration for the node, naming the mof file with the configurationId guid, and afterwards generated a checksum file with `New-DSCChecksum` cmdlet.

    The problem arises when I want to invoke

    Update-DscConfiguration -Computer VCONTAB6-W10 -Verbose -Wait

    DETALLADO: Realice la operación 'Invocar método de CIM' con los parámetros siguientes, "methodName' = PerformRequiredConfigurationChecks,'className' = MSFT_DSCLocalConfi
    gurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
    DETALLADO: Se recibió una llamada de método de LCM desde el equipo VMDT01 con el SID de usuario S-1-5-21-1960408961-299502267-725345543-500.
    DETALLADO: [VCONTAB6-W10]: [] Ejecutando Get-Action con la suma de comprobación de la configuración 64cf90fc-6e55-4e62-9dff-c45e61dc429a: 6f063
    a91179d512336175d89c76d61844a3f789417b2519466c220838bca2fd2.
    DETALLADO: [VCONTAB6-W10]: [] Error al configurar Get-Action con la suma de comprobación de la configuración 64cf90fc-6e55-4e62-9dff-c45e61dc42
    9a. Comprueba que el servidor de extracción está disponible.
    No se pudo obtener la acción del servidor https://vmdt01.dggh.es:8080/PSDSCPullServer.svc/Action(ConfigurationId='64cf90fc-6e55-4e62-9dff-c45e61dc429a')/GetAction.
    + CategoryInfo : InvalidResult: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : WebDownloadManagerGetActionFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand
    + PSComputerName : vcontab6-w10

    The most relevant part states:

    Error while configuring Get-Action with the checksum of configuration 64cf90fc-6e55-4e62-9dff-c45e61dc429a

    But if delete checksum file, I get the same error. So I undesrtand the error has nothing to do with the checksum

    If I paste the url https://vmdt01.dggh.es:8080/PSDSCPullServer.svc/Action(ConfigurationId='64cf90fc-6e55-4e62-9dff-c45e61dc429a')/GetAction I get a 405 http error – Method not allowed

    If a lookup the event viewer I get:

    Trabajo {7D3448B5-924C-11E8-A151-000C296AF402}:
    Comando Do-DscAction de WebDownloadManager para configuración 64cf90fc-6e55-4e62-9dff-c45e61dc429a, resultado de llamada GET:
    + FullyQualifiedErrorId : WebDownloadManagerGetActionFailed
    + CategoryInfo : InvalidResult: (:) [], InvalidOperationException
    + ExceptionMessage : No se pudo obtener la acción del servidor https://vmdt01.dggh.es:8080/PSDSCPullServer.svc/Action(ConfigurationId='64cf90fc-6e55-4e62-9dff-c45e61dc429a')/GetAction.
    + InnerException : System.AggregateException: Se han producido uno o varios errores. —> System.Net.Http.HttpRequestException: Error al enviar la solicitud. —> System.Net.WebException: Se ha terminado la conexión: Error inesperado de envío. —> System.IO.IOException: No se puede escribir datos de en la conexión de transporte: Se ha forzado la interrupción de una conexión existente por el host remoto. —> System.Net.Sockets.SocketException: Se ha forzado la interrupción de una conexión existente por el host remoto
    en System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
    en System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
    — Fin del seguimiento de la pila de la excepción interna —
    en System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
    en System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
    — Fin del seguimiento de la pila de la excepción interna —
    en System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
    en System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
    — Fin del seguimiento de la pila de la excepción interna —
    — Fin del seguimiento de la pila de la excepción interna —
    en System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
    en Microsoft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand.IssueRequest(IHttpClient client, String subLink, String& responseStatus, ErrorRecord& errorRecord)
    —> (Nº de excepción interna 0) System.Net.Http.HttpRequestException: Error al enviar la solicitud. —> System.Net.WebException: Se ha terminado la conexión: Error inesperado de envío. —> System.IO.IOException: No se puede escribir datos de en la conexión de transporte: Se ha forzado la interrupción de una conexión existente por el host remoto. —> System.Net.Sockets.SocketException: Se ha forzado la interrupción de una conexión existente por el host remoto
    en System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
    en System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
    — Fin del seguimiento de la pila de la excepción interna —
    en System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
    en System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
    — Fin del seguimiento de la pila de la excepción interna —
    en System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
    en System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
    — Fin del seguimiento de la pila de la excepción interna —< — The most relevant part states:

    Error sending request

    Cannot write data on transport connection

    This resource, https://www.jofe.ch/be-aware-of-dsc-pull-server-compatibility-issues-with-wmf-5-0-and-5-1/, points out the problems that may arise when having different WMF versions in the client and the server.
    I'm trying to pull a configuration to a W10 Pro workstation, which has WMF 5.1 built-on, from a Windows Server 12 with WMF 5.1 installed. Therefore, I'm not in that incompatibility case, but I get the very same error described when WMF are different.

    Just to prove:

    • Server 2012 + WMF 5.1
      Name Value
      —- —–
      PSVersion 5.1.14409.1012
      PSEdition Desktop
      PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
      BuildVersion 10.0.14409.1012
      CLRVersion 4.0.30319.36440
      WSManStackVersion 3.0
      PSRemotingProtocolVersion 2.3
      SerializationVersion 1.1.0.1
    • Client Windows 10 Pro 1709

      Name Value
      —- —–
      PSVersion 5.1.16299.547
      PSEdition Desktop
      PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
      BuildVersion 10.0.16299.547
      CLRVersion 4.0.30319.42000
      WSManStackVersion 3.0
      PSRemotingProtocolVersion 2.3
      SerializationVersion 1.1.0.1

    Another thing I've checked is that the W10 client should have .Net Framework 4.5.2 installed, because WMF 5.1 requires it to function properly. Doing that didn't solve the problem neither.

    At that point I'm stuck and can get to find where is the problem. Could you pleae give me any hint of what may I be doing wrong?

  • #105529

    Participant
    Points: 22
    Rank: Member

    Since I could'nt delete a duplicated post, I deleted the content.
    Original post: #105526

The topic ‘HTTPS PullServer not working’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort