Pull Server reports Invalid Registration Key

Welcome Forums DSC (Desired State Configuration) Pull Server reports Invalid Registration Key

This topic contains 1 reply, has 2 voices, and was last updated by

 
Participant
6 months ago.

  • Author
    Posts
  • #100401

    Participant
    Points: 0
    Rank: Member

    I've been struggling with this for days, I'll attach all my configuration scripts below but the basic gist seems to be the pull client gets an "unauthorized" response back from the server (401) and in the DSC PULL SERVER's log I get the error "An invalid registration key was provided during registration."

    I googled that error and came up with absolutely nothing, very disheartening.

    I can tell you one thing is that the contents of my registrationkeys.txt and my client's dsc config are IDENTICAL. So I'm hoping the error is not actually related to that.

    Pull Server config (used the widely available sample) – Server 2012 R2

    $cert = "‎XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    $guid = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    # =================================== Section Pull Server =================================== #
    configuration xDscWebServiceRegistration
    {
        param 
        (
            [string[]]$NodeName = 'localhost',
    
            [ValidateNotNullOrEmpty()]
            [string] $certificateThumbPrint,
    
            [Parameter(HelpMessage='This should be a string with enough entropy (randomness) to protect the registration of clients to the pull server.  We will use new GUID by default.')]
            [ValidateNotNullOrEmpty()]
            [string] $RegistrationKey   # A guid that clients use to initiate conversation with pull server
        )
    
        Import-DSCResource -ModuleName xPSDesiredStateConfiguration
    
        Node $NodeName
        {
            WindowsFeature DSCServiceFeature
            {
                Ensure = "Present"
                Name   = "DSC-Service"            
            }
    
            xDscWebService PSDSCPullServer
            {
                Ensure                  = "Present"
                EndpointName            = "PSDSCPullServer"
                Port                    = 8080
                PhysicalPath            = "$env:SystemDrive\inetpub\PSDSCPullServer"
                CertificateThumbPrint   = $certificateThumbPrint
                ModulePath              = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
                ConfigurationPath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"            
                State                   = "Started"
                DependsOn               = "[WindowsFeature]DSCServiceFeature" 
                RegistrationKeyPath     = "$env:PROGRAMFILES\WindowsPowerShell\DscService"   
                AcceptSelfSignedCertificates = $true
                Enable32BitAppOnWin64   = $false
                UseSecurityBestPractices= $false
            }
    
            File RegistrationKeyFile
            {
                Ensure          = 'Present'
                Type            = 'File'
                DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
                Contents        = $RegistrationKey
            }
        }
    }
    
    # Sample use (please change values of parameters according to your scenario):
    # $thumbprint = (New-SelfSignedCertificate -Subject "TestPullServer").Thumbprint
    # $registrationkey = [guid]::NewGuid()
    # Sample_xDscWebServiceRegistration -RegistrationKey $registrationkey -certificateThumbPrint $thumbprint
    
    # =================================== Section Pull Server =================================== #
    
    #uncomment line below to 
    xDscWebServiceRegistration -certificateThumbPrint ‎$cert -RegistrationKey $guid
    

    client config – Also from sample – Windows 10 1709
    There's a mof on the server (localhost

    $regkey = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
            
    $thumbprint = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    [DSCLocalConfigurationManager()]
    
    Configuration LCM_Pull {
    
        Node localhost {
            Settings {
                ConfigurationMode = 'ApplyAndAutoCorrect'
                RefreshMode = 'Pull'
            }
    
            ConfigurationRepositoryWeb PullServer {
                ServerURL = 'https://myserver.contoso.blah:8080/PsDscPullserver.svc'
                CertificateID = $thumbprint
                AllowUnsecureConnection = $false
                RegistrationKey = $regkey
                ConfigurationNames = @('Win10Client')
            }
    
            ResourceRepositoryWeb PullServerModules {
                ServerURL = 'https://myserver.contoso.blah:8080/PsDscPullserver.svc'
                AllowUnsecureConnection = $false
                #RegistrationKey = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
            }
        }
    }
    LCM_Pull
    
    Set-DscLocalConfigurationManager -path .\LCM_Pull -Verbose
    
  • #100510

    Participant
    Points: 56
    Rank: Member

    I know it's a no no but have you tried a http pull server set up 1st? I ran across this about a year ago and i think it had something to do with the certs. I had to add the domain root cert in the DCS nodes cert repository before is would work properly.

The topic ‘Pull Server reports Invalid Registration Key’ is closed to new replies.