HTTPS PullServer not working

This topic contains 2 replies, has 2 voices, and was last updated by  Don Jones 4 years ago.

  • Author
  • #16459

    Selimir Kesten


    i have set up a working http pull server (Windows 2008 R2 SP1). Now i want to change the server to https.

    What i have done so far:
    1)Created a self signed certificate (Server Authentication, Client authentication, Exportalbe)
    2)Imported the certificate (machine) to Personal, and Trusted Root Certification
    3)in IIS i have created a https binding to the site with the imported certificate
    4)configured the LCM with the cert thumbprint and https url (AllowUnsecureConnection=false)
    AllowModuleOverwrite : True
    CertificateID : 277E16A219CA3F003672DCC0703AA3310A0924FA
    ConfigurationID : cf4fd7e6-d958-4981-b757-22c99f911b71
    ConfigurationMode : ApplyAndAutoCorrect
    ConfigurationModeFrequencyMins : 60
    Credential :
    DownloadManagerCustomData : {MSFT_KeyValuePair (key = "ServerUrl"), MSFT_KeyValuePair (key = "AllowUnsecureConnection")}
    DownloadManagerName : WebDownloadManager
    RebootNodeIfNeeded : True
    RefreshFrequencyMins : 15
    RefreshMode : Pull
    PSComputerName :

    If i try to get configuration i get the followoing error:
    Invoke-CimMethod : Failed to get the action from server
    At C:\DSC\Invoke-DscPull.ps1:35 char:5
    + Invoke-CimMethod @parameters
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidResult: (root/microsoft/...gurationManager:String) [Invoke-CimMethod], CimException
    + FullyQualifiedErrorId : WebDownloadManagerGetActionFailed,Microsoft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand,Microsoft.Management.Infrast
    + PSComputerName : localhost

    I i launch the url in the browser i get this error:
    This error (HTTP 405 Method Not Allowed) means that Internet Explorer was able to connect to the website, but the site has a programming error.

    i can successfully open the svc url:

    Please let me know what i could have done wrong here.

    BTW: Are there any resources on how to setup a pull server with a certificate?

    Thanks in advance

  • #16462

    Selimir Kesten

    I am sorry i had a typo in the CN Name of the certificate. In eventviewer i then found this message:


  • #16469

    Don Jones

    You have to configure the pull server, not the LCM, to have the certificate – I'm not clear if you've done that. And, your LCM configuration still says to use Http. Also, self-signed certificates won't really work for pull. You need to use a cert that is trusted by pulling nodes.

You must be logged in to reply to this topic.