Author Posts

March 7, 2016 at 7:48 am

Hello All,

I have used the 'File' resource to push a package which contains a java based agent application installed by running a 'InstallService.cmd' file. I am successful in pushing the package.

Next, I am using the 'Package' resource to try to execute this .cmd file on the remote server. I do a Start-DscConfiguration and I get the following error ::

Importing module MSFT_PackageResource failed with error – File
C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DscResources\MSFT_PackageResource\MSFT_PackageResource.psm1 cannot be loaded. The file
C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DscResources\MSFT_PackageResource\MSFT_PackageResource.psm1 is not digitally signed. You cannot run this
script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
+ CategoryInfo : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : ImportModuleFailed
+ PSComputerName : my-remote-server

I assume I need to elevate on the remote server somehow? Anyone run into this before? Thanks for your help!

March 7, 2016 at 1:30 pm

UPDATE :: Apparently you have to do a quick work-around and set the execution policy to unrestricted on the target push nodes? Sucks!

Also, trying to now push a File and Package resource at the same time to target nodes and it just sits there after *only* getting to this point ::

PS C:\Windows\system32> Start-DscConfiguration -Path "C:\DSC\CopyADMachineAgentPackageAndInstall" -ComputerName "target-node-01","target-node-02" -Wait -Force -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, "methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsof
t/Windows/DesiredStateConfiguration'.
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, "methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsof
t/Windows/DesiredStateConfiguration'.

Been sitting there for 30+ minutes now without doing anything!

Is this DSC in its alpha stages or something? So buggy and unstable...

March 7, 2016 at 1:43 pm

You either need to lower your execution policy, and/or strip the downloaded bit from the module files. Unblock-File. This isn't "elevation" because it isn't permissions; it's execution policy. The error message is telling you the help file to read, for background.

March 7, 2016 at 1:48 pm

Right, I had to lower the execution policy manually on the target nodes. I was able to get the cmd file executed on one. Now I am doing a push which copies the files and installs the package all in one shot, to two target nodes, which I have already lowered the execution policy on, but it's hanging at that second verbose message I posted.

I am afraid to 'stop' the powershell execution because it hangs there without stopping.

March 7, 2016 at 1:54 pm

DSC in v5 has definitely been a problem. But, anything that isn't a Windows Installer package is almost always problematic from within DSC or a lot of other unattended processes. It's really more about how the installer is built. Most are built poorly, and if they're run non-interactively, in a space _with no user profile context_, failure is often an option.

March 7, 2016 at 9:48 pm

@michael Seto – the problem you are facing only existed in the WMF 5.0 Production Preview on Windows Server 2008 R2/Windows 7. Can you please let us know which version of WMF 5.0 you are using ($PSVersionTable) and which OS you are trying this on?

March 8, 2016 at 6:54 am

@Nana I am running this on Windows Server 2012 R2 Datacenter. These are Azure VM's and I made sure they have the WMF5 update installed on both the push server as well as the target nodes.

@Don – I came in this morning and it is still sitting there after those two verbose lines, hahaha wow.

March 8, 2016 at 7:27 am

Interesting, I rebooted the two target nodes and when it came back up, it appears to have the package I pushed to it and it installed it as well. This was after I closed the PowerShell ISE and tried to only push a File resource to get the package copied, which also resulted in the hanging after the two verbose messages as I mentioned above.

Is there a way to check for pending DSC tasks on target nodes, from the target nodes?

March 8, 2016 at 7:46 am

Um. Well, you can check to se if DSC is running – e.g., if it's busy doing something. But that's about it. DSC doesn't really build a "task list," so there's no "pending tasks." Every time it runs a consistency check, it runs through everything and fixes what needs fixing. But it does that one-at-a-time, not in a task list.

March 8, 2016 at 8:51 am

The closest you can do is use the reporting server option and the use REST API to query the data. Bit limiting as you need to wait for the node to update or query the nodes' LCM for two new parameters:

LCMState and LCMStateDetails

March 8, 2016 at 12:15 pm

Just a little side-bit: for production environments, rather than reducing the execution policy level, you can also "sign" your code with a certificate from your internal PKI. This may be overkill in some cases, but for high-security environments like administrative forests it may be the right way to go.

Scripting guy wrote a solid summary on the process here:
https://blogs.technet.microsoft.com/heyscriptingguy/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2/