Port configuration with DSC?

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Val Melamed Val Melamed 1 month, 4 weeks ago.

  • Author
    Posts
  • #62095
    Profile photo of Val Melamed
    Val Melamed
    Participant

    Hello,

    Currently I am trying to configure two things on my VM-s:
    – Open specific ports in the firewall
    – Bind a certificate to a particular port

    For both of these at the moment I use script resources invoking netsh or xxx-NetFirewallRule but I was wondering if there are better ways or resources out there that you can point me to?

    Thank you.
    Val

  • #62502
    Profile photo of Val Melamed
    Val Melamed
    Participant

    Can anyone please comment?

  • #62650
    Profile photo of Jeremy Murrah
    Jeremy Murrah
    Participant

    for firewall rules check out the xFirewall resource in the xNetworking module. For certificates binding, if you mean IIS website port bindings check out the xWebsite resource in the xWebAdministration module. If you're talking about the ssl certificate bindings on the machine i.e. 'netsh http show sslcert', I'm not sure if there's a dsc module for that.

  • #62659
    Profile photo of Val Melamed
    Val Melamed
    Participant

    Thank you. Yes, I meant netsh... Meanwhile I implemented it in a script like this:

    ...
        param (
            [string] $ApplicationId,
            [string] $VmCertificateHash,
            [int] $NetTcpPort     = 808
        )
    ...
            Script NetTcpCertificatePortBinding
            {
                GetScript = 
                {
                    $t = netsh http show sslcert ipport=0.0.0.0:$NetTcpPort
                    @{ Result = $t }
                }
    
                TestScript = 
                {
                    $t = netsh http show sslcert ipport=0.0.0.0:$NetTcpPort
                    
                    $t -match "(?im)^\s+IP:port\s*:\s*.*:$NetTcpPort" -and
                    $t -match "(?im)^\s+Certificate Hash\s*:\s*$VmCertificateHash$" -and
                    $t -match "(?im)^\s+Application ID\s*:\s*{$ApplicationId}\s*$"
                }
                
                SetScript = 
                {
                    netsh http add sslcert ipport=0.0.0.0:$NetTcpPort certhash=$VmCertificateHash appid="{$ApplicationId}"
                }
            }
    ...
    

    But it is not working. Can you see any problem in the code above?
    Thank you!

    • #62691
      Profile photo of Val Melamed
      Val Melamed
      Participant

      Figured it out: I was missing the "$using:" part. The snippet above should be:

      ...
          param (
              [string] $ApplicationId,
              [string] $VmCertificateHash,
              [int] $NetTcpPort     = 808
          )
      ...
              Script NetTcpCertificatePortBinding
              {
                  GetScript = 
                  {
                      @{ Result = netsh http show sslcert ipport=0.0.0.0:$using:NetTcpPort }
                  }
      
                  TestScript = 
                  {
                      $t = netsh http show sslcert ipport=0.0.0.0:$using:NetTcpPort
                      
                      $t -match "(?im)^\s+IP:port\s*:\s*.*:$using:NetTcpPort" -and
                      $t -match "(?im)^\s+Certificate Hash\s*:\s*$using:VmCertificateHash$" -and
                      $t -match "(?im)^\s+Application ID\s*:\s*{$using:ApplicationId}\s*$"
                  }
                  
                  SetScript = 
                  {
                      netsh http add sslcert ipport=0.0.0.0:$using:NetTcpPort certhash=$using:VmCertificateHash appid="{$using:ApplicationId}"
                  }
              }
      ...
      
      

You must be logged in to reply to this topic.