Start-DscConfiguration cannot connect to the server machine

Welcome Forums DSC (Desired State Configuration) Start-DscConfiguration cannot connect to the server machine

This topic contains 2 replies, has 2 voices, and was last updated by

4 years, 5 months ago.

  • Author
  • #22121

    Topics: 3
    Replies: 2
    Points: 0
    Rank: Member

    Hi all,

    I am trying to run my DSC configuration against a remote machine and end up with the following error

    The command I am running
    Start-DscConfiguration -machineName [myservername] -wait -verbose

    The error I am receiving

    VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, "methodName' =
    SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
    The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client
    computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the
    TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts
    list might not be authenticated. You can get more information about that by running the following command: winrm help
    + CategoryInfo : NotEnabled: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : HRESULT 0x803380e4
    + PSComputerName :

    VERBOSE: Operation 'Invoke CimMethod' complete.
    VERBOSE: Time taken for configuration job to complete is 0.169 seconds

    The server has the WinRM service running and configured for running over HTTPS. The client machine can connect to the remote machine successfully with the Enter-PSSession command.

    Enter-PSSession -computerName -credential $credential -UseSSL

    Any ideas on what I could be missing here?

    Thank You,

  • #22225

    Topics: 13
    Replies: 4872
    Points: 1,813
    Helping HandTeam Member
    Rank: Community Hero

    Start-DscConfiguration uses WinRM, but it doesn't use PowerShell Remoting. Your second command uses PowerShell Remoting. In other words, Enter-PSSession isn't necessarily a valid test of whether or not DSC can connect.

    DSC uses CIM over WinRM. Using New-CimSession might be a better test. Also, DSC defaults to HTTP; if you need it to use HTTPS, then you would first create a CimSession, and pass that session to Start-DscConfiguration via the -CimSession parameter. New-CimSession gives you more connection options, including SSL (via a CimSessionOption object).

  • #22234

    Topics: 3
    Replies: 2
    Points: 0
    Rank: Member

    yup. Thank you. You nailed it. That works. I created a CIM Session with the -UseSSL option and things work now. Just didn't expect DSC to use CIM sessions.

    Also, I feel the API could be designed a little better. I would have expected the "Start-DscConfiguration" to have the -UseSSL option and not have to pass in a CIM session with that option.

    The current takes a CIM session param but expects it to be a CIM session using WSMAN and not DCOM which is not very evident from the API and specified in the docs for the Start-DscConfiguration command.

    Thank You,

The topic ‘Start-DscConfiguration cannot connect to the server machine’ is closed to new replies.