HTTPS PullServer not working

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 2 years, 5 months ago.

  • Author
    Posts
  • #16459
    Profile photo of Selimir Kesten
    Selimir Kesten
    Participant

    Hi,

    i have set up a working http pull server (Windows 2008 R2 SP1). Now i want to change the server to https.

    What i have done so far:
    1)Created a self signed certificate (Server Authentication, Client authentication, Exportalbe)
    2)Imported the certificate (machine) to Personal, and Trusted Root Certification
    3)in IIS i have created a https binding to the site with the imported certificate
    4)configured the LCM with the cert thumbprint and https url (AllowUnsecureConnection=false)
    AllowModuleOverwrite : True
    CertificateID : 277E16A219CA3F003672DCC0703AA3310A0924FA
    ConfigurationID : cf4fd7e6-d958-4981-b757-22c99f911b71
    ConfigurationMode : ApplyAndAutoCorrect
    ConfigurationModeFrequencyMins : 60
    Credential :
    DownloadManagerCustomData : {MSFT_KeyValuePair (key = "ServerUrl"), MSFT_KeyValuePair (key = "AllowUnsecureConnection")}
    DownloadManagerName : WebDownloadManager
    RebootNodeIfNeeded : True
    RefreshFrequencyMins : 15
    RefreshMode : Pull
    PSComputerName :

    If i try to get configuration i get the followoing error:
    Invoke-CimMethod : Failed to get the action from server
    https://pspullserver/PSDSCPullServer/PSDSCPullServer.svc/Action(ConfigurationId='cf4fd7e6-d958-4981-b757-22c99f911b71')/GetAction.
    At C:\DSC\Invoke-DscPull.ps1:35 char:5
    + Invoke-CimMethod @parameters
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidResult: (root/microsoft/...gurationManager:String) [Invoke-CimMethod], CimException
    + FullyQualifiedErrorId : WebDownloadManagerGetActionFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand,Microsoft.Management.Infrast
    ructure.CimCmdlets.InvokeCimMethodCommand
    + PSComputerName : localhost

    I i launch the url in the browser i get this error:
    This error (HTTP 405 Method Not Allowed) means that Internet Explorer was able to connect to the website, but the site has a programming error.

    i can successfully open the svc url:
    https://pspullserver/PSDSCPullServer/PSDSCPullServer.svc

    Please let me know what i could have done wrong here.

    BTW: Are there any resources on how to setup a pull server with a certificate?

    Thanks in advance

  • #16462
    Profile photo of Selimir Kesten
    Selimir Kesten
    Participant

    I am sorry i had a typo in the CN Name of the certificate. In eventviewer i then found this message:
    [Thumbprint]
    72C5D88EE62ADF3D4338DFA11D8B380ED68EF9D3
    [b]RemoteCertificateNameMismatch[/b].

    Thanks

  • #16469
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You have to configure the pull server, not the LCM, to have the certificate – I'm not clear if you've done that. And, your LCM configuration still says to use Http. Also, self-signed certificates won't really work for pull. You need to use a cert that is trusted by pulling nodes.

You must be logged in to reply to this topic.