Pull Server / LCM Config sanity check-Failed to register DSC Agent with Agentid

Welcome Forums DSC (Desired State Configuration) Pull Server / LCM Config sanity check-Failed to register DSC Agent with Agentid

This topic contains 1 reply, has 1 voice, and was last updated by

 
Participant
3 months, 2 weeks ago.

  • Author
    Posts
  • #147710

    Participant
    Topics: 2
    Replies: 4
    Points: 22
    Rank: Member

    I need a sanity check please... I cannot figure out what I'm doing wrong on my config. The Pull server config runs with no red. The LCM confgĀ dies with the dreaded "Failed to register DSC Agent with Agentid"

    I know, bad practice to put the regkey in the config file. I did that just so I could see it. My config is just turning off the spooler service.

    Pull Server Config

    Configuration New-DSCPullServer {
    param (
    [Parameter(Mandatory=$true)]
    [ValidateNotNullorEmpty()]
    [System.String] $NodeName,
    [Parameter(Mandatory=$true)]
    [ValidateNotNullorEmpty()]
    [System.String] $CertificateThumbprint
    )
    Import-DscResource-ModuleName PSDesiredStateConfiguration, xPSDesiredStateConfiguration
    Node $NodeName
    {
    LocalConfigurationManager
    {
    ActionAfterReboot = 'ContinueConfiguration'
    ConfigurationMode = 'ApplyandAutoCorrect'
    RebootNodeIfNeeded = $false
    }
    WindowsFeature DSCServiceFeature
    {
    Ensure = 'Present'
    Name = 'DSC-Service'
    }
    WindowsFeature IISConsole
    {
    Ensure = 'Present'
    Name = 'Web-Mgmt-Console'
    DependsOn = '[WindowsFeature]DSCServiceFeature'
    }
    xDSCWebService PSDSCPullServer
    {
    Ensure = 'Present'
    EndpointName = 'PSDSCPullServer'
    Port = 8080
    PhysicalPath = "$env:SYSTEMDRIVE\inetpub\wwwroot\PSDSCPullServer"
    CertificateThumbPrint = $CertificateThumbprint
    ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
    ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
    RegistrationKeyPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\"
    State = 'Started'
    UseSecurityBestPractices = $true
    DependsOn = '[WindowsFeature]DSCServiceFeature'
    }
    File RegistrationKey
    {
    Ensure = 'Present'
    DestinationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\registrationkey.txt"
    Contents = '7541765d-9d4c-4634-be97-76152528379e'
    Type = 'File'
    }
    }
    }

    Spooler Config

    configuration PrintSpooler {
    param ()
    Node localhost
    {
    Service PrintSpooler
    {
    Ensure = 'Present'
    Name = 'Spooler'
    StartupType = 'Disabled'
    State = 'Stopped'
    }
    Log RemoteRegistry
    {
    Message = 'Spooler configuration complete'
    DependsOn = '[Service]PrintSpooler'
    }
    }
    }

     

    LCM Config

    
    [DSCLocalConfigurationManager()]
    configuration LCM-HTTPS
    {
    param
    (
    [Parameter(Mandatory= $true)]
    [string[]]$ComputerName,
    
    [Parameter(Mandatory= $true)]
    [string]$regKey,
    
    [Parameter(Mandatory= $true)]
    [string]$pullThumbprint
    )
    Node localhost
    {
    Settings
    {
    AllowModuleOverwrite = $true
    ConfigurationMode = 'ApplyAndAutoCorrect'
    RefreshMode = 'Pull'
    RefreshFrequencyMins = 30
    }
    ConfigurationRepositoryWeb HTTPs
    {
    ServerURL = 'https://DSC-DC:8080/PSDSCPullServer.svc'
    CertificateID = $pullThumbprint
    RegistrationKey = $regKey
    AllowUnsecureConnection = $false
    ConfigurationNames = @('PrintSpooler')
    }
    }
    }
    
    

    Any thoughts? What am I missing?

  • #159267

    Participant
    Topics: 2
    Replies: 4
    Points: 22
    Rank: Member

    I figured it out. The error was not related to the PowerShell code at all.

    I created a custom CNAME DNS record for my pull server url, something like pull.dsc.local. Turns out when you create the domain certificate in IIS the common name has to match that URL exactly. Otherwise, you get this not so descriptive error when trying to register the LCMs.

The topic ‘Pull Server / LCM Config sanity check-Failed to register DSC Agent with Agentid’ is closed to new replies.