Start-DscConfiguration cannot connect to the server machine

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Vish Uma Vish Uma 1 year, 10 months ago.

  • Author
    Posts
  • #22121
    Profile photo of Vish Uma
    Vish Uma
    Participant

    Hi all,

    I am trying to run my DSC configuration against a remote machine and end up with the following error

    The command I am running
    Start-DscConfiguration -machineName [myservername] -wait -verbose

    The error I am receiving

    VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, "methodName' =
    SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
    root/Microsoft/Windows/DesiredStateConfiguration'.
    The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client
    computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the
    TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts
    list might not be authenticated. You can get more information about that by running the following command: winrm help
    config.
    + CategoryInfo : NotEnabled: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : HRESULT 0x803380e4
    + PSComputerName : vishtest.timmons.com

    VERBOSE: Operation 'Invoke CimMethod' complete.
    VERBOSE: Time taken for configuration job to complete is 0.169 seconds

    The server has the WinRM service running and configured for running over HTTPS. The client machine can connect to the remote machine successfully with the Enter-PSSession command.

    Enter-PSSession -computerName vishtest.timmons.com -credential $credential -UseSSL

    Any ideas on what I could be missing here?

    Thank You,
    Vish

  • #22225
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Start-DscConfiguration uses WinRM, but it doesn't use PowerShell Remoting. Your second command uses PowerShell Remoting. In other words, Enter-PSSession isn't necessarily a valid test of whether or not DSC can connect.

    DSC uses CIM over WinRM. Using New-CimSession might be a better test. Also, DSC defaults to HTTP; if you need it to use HTTPS, then you would first create a CimSession, and pass that session to Start-DscConfiguration via the -CimSession parameter. New-CimSession gives you more connection options, including SSL (via a CimSessionOption object).

  • #22234
    Profile photo of Vish Uma
    Vish Uma
    Participant

    yup. Thank you. You nailed it. That works. I created a CIM Session with the -UseSSL option and things work now. Just didn't expect DSC to use CIM sessions.

    Also, I feel the API could be designed a little better. I would have expected the "Start-DscConfiguration" to have the -UseSSL option and not have to pass in a CIM session with that option.

    The current takes a CIM session param but expects it to be a CIM session using WSMAN and not DCOM which is not very evident from the API and specified in the docs for the Start-DscConfiguration command.

    Thank You,
    Vish

You must be logged in to reply to this topic.