Pull Server reports Invalid Registration Key

Welcome Forums DSC (Desired State Configuration) Pull Server reports Invalid Registration Key

This topic contains 1 reply, has 2 voices, and was last updated by

9 months, 1 week ago.

  • Author
  • #100401

    Points: 0
    Rank: Member

    I've been struggling with this for days, I'll attach all my configuration scripts below but the basic gist seems to be the pull client gets an "unauthorized" response back from the server (401) and in the DSC PULL SERVER's log I get the error "An invalid registration key was provided during registration."

    I googled that error and came up with absolutely nothing, very disheartening.

    I can tell you one thing is that the contents of my registrationkeys.txt and my client's dsc config are IDENTICAL. So I'm hoping the error is not actually related to that.

    Pull Server config (used the widely available sample) – Server 2012 R2

    $guid = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    # =================================== Section Pull Server =================================== #
    configuration xDscWebServiceRegistration
            [string[]]$NodeName = 'localhost',
            [string] $certificateThumbPrint,
            [Parameter(HelpMessage='This should be a string with enough entropy (randomness) to protect the registration of clients to the pull server.  We will use new GUID by default.')]
            [string] $RegistrationKey   # A guid that clients use to initiate conversation with pull server
        Import-DSCResource -ModuleName xPSDesiredStateConfiguration
        Node $NodeName
            WindowsFeature DSCServiceFeature
                Ensure = "Present"
                Name   = "DSC-Service"            
            xDscWebService PSDSCPullServer
                Ensure                  = "Present"
                EndpointName            = "PSDSCPullServer"
                Port                    = 8080
                PhysicalPath            = "$env:SystemDrive\inetpub\PSDSCPullServer"
                CertificateThumbPrint   = $certificateThumbPrint
                ModulePath              = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
                ConfigurationPath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"            
                State                   = "Started"
                DependsOn               = "[WindowsFeature]DSCServiceFeature" 
                RegistrationKeyPath     = "$env:PROGRAMFILES\WindowsPowerShell\DscService"   
                AcceptSelfSignedCertificates = $true
                Enable32BitAppOnWin64   = $false
                UseSecurityBestPractices= $false
            File RegistrationKeyFile
                Ensure          = 'Present'
                Type            = 'File'
                DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
                Contents        = $RegistrationKey
    # Sample use (please change values of parameters according to your scenario):
    # $thumbprint = (New-SelfSignedCertificate -Subject "TestPullServer").Thumbprint
    # $registrationkey = [guid]::NewGuid()
    # Sample_xDscWebServiceRegistration -RegistrationKey $registrationkey -certificateThumbPrint $thumbprint
    # =================================== Section Pull Server =================================== #
    #uncomment line below to 
    xDscWebServiceRegistration -certificateThumbPrint ‎$cert -RegistrationKey $guid

    client config – Also from sample – Windows 10 1709
    There's a mof on the server (localhost

    $regkey = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
    Configuration LCM_Pull {
        Node localhost {
            Settings {
                ConfigurationMode = 'ApplyAndAutoCorrect'
                RefreshMode = 'Pull'
            ConfigurationRepositoryWeb PullServer {
                ServerURL = 'https://myserver.contoso.blah:8080/PsDscPullserver.svc'
                CertificateID = $thumbprint
                AllowUnsecureConnection = $false
                RegistrationKey = $regkey
                ConfigurationNames = @('Win10Client')
            ResourceRepositoryWeb PullServerModules {
                ServerURL = 'https://myserver.contoso.blah:8080/PsDscPullserver.svc'
                AllowUnsecureConnection = $false
                #RegistrationKey = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    Set-DscLocalConfigurationManager -path .\LCM_Pull -Verbose
  • #100510

    Points: 101
    Helping Hand
    Rank: Participant

    I know it's a no no but have you tried a http pull server set up 1st? I ran across this about a year ago and i think it had something to do with the certs. I had to add the domain root cert in the DCS nodes cert repository before is would work properly.

The topic ‘Pull Server reports Invalid Registration Key’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort