Author Posts

August 29, 2018 at 7:24 am

Hello Experts,

I have configured a Secure DSC Pull Server using the script available at this link.

I didn't receive any errors during the configuration. However, after finishing the configuration when I ran Get-DscConfiguration command I am getting below error:

Get-DscConfiguration -Verbose
VERBOSE: An LCM method call arrived from computer TestPullServer with user sid S-1-5-21-96684026-1888757961-1698245536-547389.
VERBOSE: [TestPullServer]: LCM:  [ Start  Get      ]      
VERBOSE: [TestPullServer]:                            [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started: DSC-Service
VERBOSE: [TestPullServer]:                            [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeeded: DSC-Service
VERBOSE: [TestPullServer]: LCM:  [ End    Get      ]  [[WindowsFeature]DSCServiceFeature]  in 0.5320 seconds.
Get-DscConfiguration : Method invocation failed because [System.Collections.ObjectModel.Collection`1[[System.Management.Automation.PSObject, System.Management.Automation, Version=3.0.0.0, Culture=neutral, 
PublicKeyToken=31bf3856ad364e35]]] does not contain a method named 'Format'.
At line:1 char:1
+ Get-DscConfiguration -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : MethodNotFound,Get-DscConfiguration
 
Get-DscConfiguration : The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo 'C:\Temp\Create-PullServerV2.ps1::89::9::xDscWebService' threw one or more non-terminating errors while running 
the Get-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
At line:1 char:1
+ Get-DscConfiguration -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider,Get-DscConfiguration

August 30, 2018 at 4:20 am

I have performed few steps found at random forums on the internet and found that the issue is related to the Certificate that I have used with the Pull Server. I added the certificate to the Root certificate store and also ran below code to resolve some other issue I started facing. Below is the code:

Add-Type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

# If still getting below error:
# Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
#
# Run below commands:
#
[System.Net.ServicePointManager]::SecurityProtocol += [System.Net.SecurityProtocolType]::Tls11
[System.Net.ServicePointManager]::SecurityProtocol += [System.Net.SecurityProtocolType]::Tls12

However, any configuration is working fine locally on the pull server but it is failing on any other node with below error:

WinRM cannot process the request. The following error occurred while using Kerberos authentication: 
Cannot find the computer testNode.contoso.com. Verify that the computer exists on the 
network and that the name provided is spelled correctly.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimExceptio 
   n
    + FullyQualifiedErrorId : HRESULT 0x80070035
    + PSComputerName        : testNode.contoso.com

I am able to ping the target node, I am able to test the WinRM connection using Test-WSMan. Not sure how to resolve this error.

August 30, 2018 at 7:19 am

The WINRM Kerberos Authentication issue is also resolved after I used below method:

Start-DscConfiguration -Path .\WebServerConfig -Verbose -Wait -CimSession (New-CimSession -ComputerName localhost -Credential "contoso\adminuser")

However, when I run

Get-DSCConfiguration

on PullServer, I am still getting below error:

Get-DscConfiguration : Method invocation failed because [System.Collections.ObjectModel.Collection`1[[System.Management.Automation.PSObject, System.Management.Automation, Version=3.0.0.0, Culture=neutral, 
PublicKeyToken=31bf3856ad364e35]]] does not contain a method named 'Format'.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : MethodNotFound,Get-DscConfiguration
 
Get-DscConfiguration : The PowerShell DSC resource '[xDSCWebService]PSDSCPullServer' with SourceInfo 'C:\Temp\Create-PullServerV2.ps1::89::9::xDscWebService' threw one or more non-terminating errors while running 
the Get-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider,Get-DscConfiguration