January 25, 2015 at 3:14 pm #22121
I am trying to run my DSC configuration against a remote machine and end up with the following error
The command I am running
Start-DscConfiguration -machineName [myservername] -wait -verbose
The error I am receiving
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, "methodName' =
SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client
computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the
TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts
list might not be authenticated. You can get more information about that by running the following command: winrm help
+ CategoryInfo : NotEnabled: (root/Microsoft/...gurationManager:String) , CimException
+ FullyQualifiedErrorId : HRESULT 0x803380e4
+ PSComputerName : vishtest.timmons.com
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 0.169 seconds
The server has the WinRM service running and configured for running over HTTPS. The client machine can connect to the remote machine successfully with the Enter-PSSession command.
Enter-PSSession -computerName vishtest.timmons.com -credential $credential -UseSSL
Any ideas on what I could be missing here?
January 28, 2015 at 5:27 am #22225
Start-DscConfiguration uses WinRM, but it doesn't use PowerShell Remoting. Your second command uses PowerShell Remoting. In other words, Enter-PSSession isn't necessarily a valid test of whether or not DSC can connect.
DSC uses CIM over WinRM. Using New-CimSession might be a better test. Also, DSC defaults to HTTP; if you need it to use HTTPS, then you would first create a CimSession, and pass that session to Start-DscConfiguration via the -CimSession parameter. New-CimSession gives you more connection options, including SSL (via a CimSessionOption object).
January 28, 2015 at 10:48 am #22234
yup. Thank you. You nailed it. That works. I created a CIM Session with the -UseSSL option and things work now. Just didn't expect DSC to use CIM sessions.
Also, I feel the API could be designed a little better. I would have expected the "Start-DscConfiguration" to have the -UseSSL option and not have to pass in a CIM session with that option.
The current takes a CIM session param but expects it to be a CIM session using WSMAN and not DCOM which is not very evident from the API and specified in the docs for the Start-DscConfiguration command.
You must be logged in to reply to this topic.