Package Resource Failing to Install Package on Remote Server

This topic contains 10 replies, has 5 voices, and was last updated by Profile photo of Justin King Justin King 9 months ago.

  • Author
    Posts
  • #36164
    Profile photo of Michael Seto
    Michael Seto
    Participant

    Hello All,

    I have used the 'File' resource to push a package which contains a java based agent application installed by running a 'InstallService.cmd' file. I am successful in pushing the package.

    Next, I am using the 'Package' resource to try to execute this .cmd file on the remote server. I do a Start-DscConfiguration and I get the following error ::

    Importing module MSFT_PackageResource failed with error – File
    C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DscResources\MSFT_PackageResource\MSFT_PackageResource.psm1 cannot be loaded. The file
    C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DscResources\MSFT_PackageResource\MSFT_PackageResource.psm1 is not digitally signed. You cannot run this
    script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
    + CategoryInfo : InvalidOperation: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : ImportModuleFailed
    + PSComputerName : my-remote-server

    I assume I need to elevate on the remote server somehow? Anyone run into this before? Thanks for your help!

  • #36190
    Profile photo of Michael Seto
    Michael Seto
    Participant

    UPDATE :: Apparently you have to do a quick work-around and set the execution policy to unrestricted on the target push nodes? Sucks!

    Also, trying to now push a File and Package resource at the same time to target nodes and it just sits there after *only* getting to this point ::

    PS C:\Windows\system32> Start-DscConfiguration -Path "C:\DSC\CopyADMachineAgentPackageAndInstall" -ComputerName "target-node-01","target-node-02" -Wait -Force -Verbose
    VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, "methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsof
    t/Windows/DesiredStateConfiguration'.
    VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, "methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsof
    t/Windows/DesiredStateConfiguration'.

    Been sitting there for 30+ minutes now without doing anything!

    Is this DSC in its alpha stages or something? So buggy and unstable...

  • #36197
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You either need to lower your execution policy, and/or strip the downloaded bit from the module files. Unblock-File. This isn't "elevation" because it isn't permissions; it's execution policy. The error message is telling you the help file to read, for background.

  • #36199
    Profile photo of Michael Seto
    Michael Seto
    Participant

    Right, I had to lower the execution policy manually on the target nodes. I was able to get the cmd file executed on one. Now I am doing a push which copies the files and installs the package all in one shot, to two target nodes, which I have already lowered the execution policy on, but it's hanging at that second verbose message I posted.

    I am afraid to 'stop' the powershell execution because it hangs there without stopping.

  • #36204
    Profile photo of Don Jones
    Don Jones
    Keymaster

    DSC in v5 has definitely been a problem. But, anything that isn't a Windows Installer package is almost always problematic from within DSC or a lot of other unattended processes. It's really more about how the installer is built. Most are built poorly, and if they're run non-interactively, in a space _with no user profile context_, failure is often an option.

  • #36226
    Profile photo of Nana Lakshmanan
    Nana Lakshmanan
    Participant

    @Michael Seto – the problem you are facing only existed in the WMF 5.0 Production Preview on Windows Server 2008 R2/Windows 7. Can you please let us know which version of WMF 5.0 you are using ($PSVersionTable) and which OS you are trying this on?

  • #36261
    Profile photo of Michael Seto
    Michael Seto
    Participant

    @Nana I am running this on Windows Server 2012 R2 Datacenter. These are Azure VM's and I made sure they have the WMF5 update installed on both the push server as well as the target nodes.

    @Don – I came in this morning and it is still sitting there after those two verbose lines, hahaha wow.

  • #36269
    Profile photo of Michael Seto
    Michael Seto
    Participant

    Interesting, I rebooted the two target nodes and when it came back up, it appears to have the package I pushed to it and it installed it as well. This was after I closed the PowerShell ISE and tried to only push a File resource to get the package copied, which also resulted in the hanging after the two verbose messages as I mentioned above.

    Is there a way to check for pending DSC tasks on target nodes, from the target nodes?

  • #36271
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Um. Well, you can check to se if DSC is running – e.g., if it's busy doing something. But that's about it. DSC doesn't really build a "task list," so there's no "pending tasks." Every time it runs a consistency check, it runs through everything and fixes what needs fixing. But it does that one-at-a-time, not in a task list.

  • #36276
    Profile photo of Arie H
    Arie H
    Participant

    The closest you can do is use the reporting server option and the use REST API to query the data. Bit limiting as you need to wait for the node to update or query the nodes' LCM for two new parameters:

    LCMState and LCMStateDetails

  • #36283
    Profile photo of Justin King
    Justin King
    Participant

    Just a little side-bit: for production environments, rather than reducing the execution policy level, you can also "sign" your code with a certificate from your internal PKI. This may be overkill in some cases, but for high-security environments like administrative forests it may be the right way to go.

    Scripting guy wrote a solid summary on the process here:

You must be logged in to reply to this topic.