Update-DscConfiguration doesn’t work for multiple server roles using pull Method

This topic contains 9 replies, has 3 voices, and was last updated by Profile photo of Amjad Nawaz Amjad Nawaz 1 month, 2 weeks ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #47878
    Profile photo of Amjad Nawaz
    Amjad Nawaz
    Participant

    “Start-DscConfiguration -Path "D:\DSC\Mof-files\" -wait -Verbose -Force”
    Above works as expected and its pushes the configuration to the servers as per.mof (2 .mof in this case vm1.mof and vm2.mof)

    How do I use Update-DscConfiguration for pull mode where I cannot specify the path of the .mof files
    Update-DscConfiguration in pull mode works fine in case of multiple server using same config using below method:

    $guid=Get-DscLocalConfigurationManager -CimSession DevOpsVM2 | Select-Object -ExpandProperty ConfigurationID
    # Specify source folder of configuration
    
    $source = "D:\DSC\Mof-files\VM1.mof"
    # Destination is the Share on the SMB pull server
    
    $dest = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration\$guid.mof"
    
    Copy-Item -Path $source -Destination $dest
    #Then on Pull server make checksum
    New-DSCChecksum $dest
    Update-DscConfiguration -ComputerName $AllNodes -wait -Verbose 
    

    Below is the sample script I am using to configure web Server and SQL server:

     
    $ConfigurationData = 
    @{
    
        AllNodes = 
        @(
            @{
                NodeName           = "*"
                LogPath            = "D:\Scripts"
                PSDscAllowPlainTextPassword=$true
                PSDscAllowDomainUser=$true
                $MyCredentials=IMPORT-CLIXML D:\DSC\SecureCredentials.xml
                
            },
    
    
            @{
                NodeName = “VM1"
                Role     = "QA-WebServer"
    
            },
    
            @{
                NodeName = “VM2"
                Role     = "SQLServer"
            }
    
    
        );
    
       NonNodeData = ""
      
      
    }
    
    
    configuration ConfigureWebServer
    {
    
    
       Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
       node $AllNodes.Where{$_.Role -eq "QA-WebServer"}.NodeName
       
        {
     
            File DirectoryCopy
            {
    Copy some files 
            }
    
            Group AddADUserToLocalAdminGroup
            {
                GroupName= 'Administrators'   
                Ensure= 'Present'             
                MembersToInclude= "domain\DevUser01"," domain\DevUser05"
                Credential = $MyCredentials    
            }
    
     # Install the IIS feature on the server.
          WindowsFeature AddWebServer
            {
               
                Name = "Web-Server"
                Ensure = "Present"
            }
    
    
         }
    
      node $AllNodes.Where{$_.Role -eq "SQLServer"}.NodeName
       
        {
        
     # Remove the IIS feature on the server.
    
            WindowsFeature RemoveWebSQL
            {
                Name = "Web-Server"
                Ensure = "Absent"
            }
    
            Group AddUserToLocalAdmin
            {
                GroupName='Administrators'   
                Ensure= 'Present'             
                MembersToInclude= " domain\DevUser02"," domain\DevUser03"," domain\DevUser04"
                Credential = $MyCredentials    
              #  PsDscRunAsCredential = $DCredential
            }
           
           }
    
    
    }
    
    ConfigureWebServer -ConfigurationData $ConfigurationData -OutputPath D:\DSC\Mof-files\
    
    
    • This topic was modified 2 months ago by Profile photo of Amjad Nawaz Amjad Nawaz.
    #47943

    For Update-DscConfiguration, you do not need to specify any paths. Two conditions need to satisfy for Update-DscConfiguration
    1) Managed nodes have ConfigurationID property set in LCM
    2) The Pull Server has the MOFs with the name – ConfigurationID.MOF

    What is the error you are seeing when you execute Update-DscConfiguration?

    #47956
    Profile photo of Amjad Nawaz
    Amjad Nawaz
    Participant

    Thanks Indhu for quick response..
    I am meeting both the condition you have indicated:
    1) Managed nodes have ConfigurationID property set in LCM, below is how its done
    $ComputerName = 'VM1','VM2'

    Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP\Test -Verbose -Force
        $guid=Get-DscLocalConfigurationManager -Computer VM1 | Select-Object -ExpandProperty ConfigurationID
        

    2) The Pull Server has the MOFs with the name – ConfigurationID.MOF
    Copying the mof with ConfigurationID as name to pull server using below:

     $source = "C:\DSC\HTTP\Test\VM1.mof"
        # Destination is the Share on the SMB pull server
        $dest = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration\$guid.mof"
        Copy-Item -Path $source -Destination $dest
      

    So now pull server has the mof file for VM1 and named after the LCM ConfigurationID, ConfigurationID is same in case of both server VM1 (web server) and VM2 (sql server)

    When i run Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
    its looks only the configuration defined for VM1 where role is web server, its not able to see the configuration defined for VM2.

    Problem seems to be due to fact that ConfigurationID.MOF is mapped with either VM1 or VM2 configurations not both
    So we should somehow have 2 MOFs with the name ConfigurationID.MOF present of the pull server, if this is the case how do we achieve this.

    • This reply was modified 2 months ago by Profile photo of Amjad Nawaz Amjad Nawaz.
    #48048
    Profile photo of Arie H
    Arie H
    Participant

    The idea of using the same ConfigurationID in more the one node is only of you want the same mof applied to the all the nodes. In your case that's two distinct configurations so you need two separate ConfigurationID.

    As a side note, you do not need a ConfigurationID if you work with WMF 5.0 and implement the new AgentID and RegistrationKey method for node registration to the pull server. This will allow you to set what ever name you want to the mof as you have to use that same name in the LCM script using the ConfigurationNames property.

    #48050
    Profile photo of Amjad Nawaz
    Amjad Nawaz
    Participant

    Thanks Arie for your input.
    You got is correct in my case i will be using more than 2 different configurations/mof for different server layers (web, App , sql,SSRS etc...)
    I m using WMF 5.0 , do you have sample script or point me to some resource using Agent Id and Registration key with pull server.

    below is what i am using to configure the pull client LCM:

    [DSCLocalConfigurationManager()]
    Configuration LCM_HTTPPullClient 
    {
        #RebootNodeIfNeeded = $true
       
        param
            (
                [Parameter(Mandatory=$true)]
                [string[]]$ComputerName,
     
                [Parameter(Mandatory=$true)]
                [string]$guid
            )           
    
        Node $ComputerName 
        {    
    
        Settings
            {
                AllowModuleOverwrite = $True
                ConfigurationMode ='ApplyAndAutoCorrect'
                RefreshMode = 'Pull'
                ConfigurationModeFrequencyMins = 15
                ConfigurationID = $guid
            }
    
        ConfigurationRepositoryWeb  DSCHTTP 
            {
                #ConfigurationNames = 'DSCHTTP'
                ServerURL = 'http://VM1:8080/PSDSCPullServer.svc/'
                AllowUnsecureConnection = $true
            }
        }
    }
    
    # List of server that will act as pull client server Computer list 
    $ComputerName= Get-Content -Path "C:\DSC\PullClientServers.txt"
    
    
    # Create Guid for the pull client server
    $guid=Get-DscLocalConfigurationManager -CimSession VM2 | Select-Object -ExpandProperty ConfigurationID
    
    
    # Create the pull client server.Meta.Mof in folder
    
    LCM_HTTPPullClient -ComputerName $ComputerName -Guid $guid  -OutputPath C:\DSC\HTTP\Test
    Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP\Test -Verbose -Force
    
    #48064
    Profile photo of Arie H
    Arie H
    Participant
    #49021
    Profile photo of Amjad Nawaz
    Amjad Nawaz
    Participant

    Thanks Arie,
    I refereed the MSDN https://msdn.microsoft.com/en-us/powershell/dsc/pullServer and changed my configuration accordingly.
    everything went fine except getting kept below error while using Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
    ————————————-
    VERBOSE: Operation 'Invoke CimMethod' complete.
    The attempt to get the action from server http://devopsvm1:8080///PSDSCPullServer.svc//Nodes(AgentId='B7C25E3A-55C6-11E6-80DD-000D3A914775')/GetDscAction failed because pullserver is not available or there is no registered node with AgentId B7C25E3A-55C6-11E6-80DD-000D3A914775 on the server.
    + CategoryInfo : ResourceUnavailable: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : WebDownloadManagerGetActionNodeConfigurationNotFound,Micros oft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand + PSComputerName : DevOpsVM2
    ———————————————
    Tried many things nothing helped , something is wrong somewhere but cant figure it out :-(...
    refereed https://powershell.org/forums/topic/failure-to-pull-configuration-v5/ where similar issue is being discussed...

    Configuration works like charm when using below which is like using push method :
    Start-DscConfiguration -Path "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" -wait -Verbose -Force

    My Goal is to have many server with different roles having different configurations , if there is better way to achieve please suggest,
    here is script i am using for your reference:

    #—————————
    # 1. Configure Pull server
    #—————————
    configuration SetupHTTPPullServer
    {
       param 
            (
               [string[]]$NodeName = 'DevOpsVM1',
                #[ValidateNotNullOrEmpty()]
                #[string] $certificateThumbPrint
                [Parameter(Mandatory)]
                [ValidateNotNullOrEmpty()]
                [string] $RegistrationKey
            )
         Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 3.12.0.0
         Import-DscResource –ModuleName  PSDesiredStateConfiguration
         Import-DscResource -ModuleName xWebAdministration -ModuleVersion 1.12.0.0    
         Node $NodeName
            {
                WindowsFeature  InstallIIS 
                {
                    Ensure = "Present"
                    Name   = "Web-Server"
                    IncludeAllSubFeature = $true
                }
    
                WindowsFeature  DSCServiceFeature
                {
                    Ensure = "Present"
                    Name   = "DSC-Service"
                    DependsOn = '[WindowsFeature]InstallIIS'
                }
           
            xDscWebService  DSCPullServer
                {
                    Ensure                  = 'Present'
                    EndpointName            = 'PSDSCPullServer'
                    Port                    =  8080
                    PhysicalPath            = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
                    CertificateThumbPrint   = "AllowUnencryptedTraffic"
                    ModulePath              = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
                    ConfigurationPath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
                    State                   = "Started"
                    DependsOn               = '[WindowsFeature]DSCServiceFeature','[WindowsFeature]InstallIIS'
                }
    
            xDscWebService  DSCComplianceServer
                {
                    Ensure                  = 'Present'
                    EndpointName            = 'PSDSCComplianceServer'
                    Port                    =  9080
                    PhysicalPath            = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
                    CertificateThumbPrint   = "AllowUnencryptedTraffic"
                    State                   = "Started"
                   # IsComplianceServer      = $true
                    DependsOn = '[WindowsFeature]InstallIIS','[WindowsFeature]DSCServiceFeature','[xDSCWebService]DSCPullServer'
                }
    
            File RegistrationKeyFile
                {
                    Ensure          = 'Present'
                    Type            = 'File'
                    DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
                    #Contents        = $RegistrationKey
                    Contents        = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
    
                }
             }
    }
    
    SetupHTTPPullServer -RegistrationKey '8a66fa6f-5756-41c9-86cc-fff7500a6696' -OutputPath C:\DSC\PullServer\HTTP
    
    #————–
    #2. Configure DSC LCM for Client Server
    #————–
    [DSCLocalConfigurationManager()]
    Configuration LCM_HTTPPullClient 
    {
          param
            (
                [Parameter(Mandatory=$true)]
                [string[]]$ComputerName
             )           
    
        Node $ComputerName 
        {    
        Settings
            {
                AllowModuleOverwrite = $True
                ConfigurationMode ='ApplyAndAutoCorrect'
                RefreshMode = 'Pull'
                ConfigurationModeFrequencyMins = 15
                RefreshFrequencyMins = 30
                #RebootNodeIfNeeded = $true        
            }
    
        ConfigurationRepositoryWeb  DSCHTTP 
            {
                ServerURL = 'http://DevOpsVM1:8080/PSDSCPullServer.svc/'
                RegistrationKey    = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
                ConfigurationNames = @('ConfigureWebServer')
                AllowUnsecureConnection = $true     
            }
    
        ReportServerWeb DSCHTTP
            {
                ServerURL       = 'http://DevOpsVM1:8080/PSDSCPullServer.svc/'
                RegistrationKey = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
                AllowUnsecureConnection = $True
            }
        }
    }
    
    # List of server that will act as pull client server Computer list 
    $ComputerName= Get-Content -Path "C:\DSC\PullClientServers.txt"
    
    # Create the pull client server.Meta.Mof in folder
    LCM_HTTPPullClient -ComputerName $ComputerName -OutputPath C:\DSC\HTTP
    Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP -Verbose #-Force
    
    # ————————
    # 3. Configuration setting
    #————————-
    
    $ConfigurationData = 
    @{
        AllNodes = 
        @(
            @{
                NodeName           = "*"
                LogPath            = "D:\Scripts"
                PSDscAllowPlainTextPassword=$true
                PSDscAllowDomainUser=$true
                $MyCredentials=IMPORT-CLIXML C:\DSC\SecureCredentials.xml          
            },
    
            @{
                NodeName = Get-Content -Path "C:\DSC\DSCClient-QA-WebServer.txt"
                Role     = "QA-WebServer"
            },
    
            @{
                NodeName = Get-Content -Path "C:\DSC\DSCClient-SQLServer.txt"
                Role     = "SQLServer"
            },
    
            @{
                NodeName = Get-Content -Path "C:\DSC\DSCClient-Prod-WebServer.txt"
                Role     = "Prod-WebServer"
                PSDscAllowDomainUser=$true
                PSDscAllowPlainTextPassword=$true
            }
        );
       NonNodeData = ""
    }
    
    configuration ConfigureWebServer
    {  
       Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
       Import-DscResource –ModuleName 'xPSDesiredStateConfiguration'
    
       node $AllNodes.Where{$_.Role -eq "QA-WebServer"}.NodeName
        {
             File DirectoryCopy
            {
                Ensure = "Present" 
                Type = "Directory" 
                Force = $true
                Recurse = $true
                SourcePath = "\\DEVOPSVM1\Script"
                DestinationPath = "C:\Test"    
            }
    
            Group AddADUserToLocalAdminGroup
            {
                GroupName= "Administrators"   
                Ensure= "Present"             
                MembersToInclude= "domain\DevUser01","domain\DevOpsAdmin"
                Credential = $MyCredentials    
              #  PsDscRunAsCredential = $DCredential
            }
    
          WindowsFeature AddWebServer
            {       
                Name = "Web-Server"
                Ensure = "Present"
                IncludeAllSubFeature = $true
            }
        } 
      node $AllNodes.Where{$_.Role -eq "SQLServer"}.NodeName  
        {
        
            WindowsFeature RemoveWebSQL
            {
                Name = "Web-Server"
                Ensure = "Absent"
                IncludeAllSubFeature = $true
            }
    
            Group AddUserToLocalAdmin
            {
                GroupName="Administrators"   
                Ensure= "Present"             
                MembersToInclude= "domain\DevUser02"
                Credential = $MyCredentials    
              #  PsDscRunAsCredential = $DCredential
            }       
         }    
    }
    
    ConfigureWebServer -ConfigurationData $ConfigurationData -OutputPath $env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration
    
    #———————————————–
    # 4. Create checksum file and apply configuration:
    #———————————————–
    New-DSCChecksum -Path "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
    Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
    
    

    It generates .mof and checksum files for all the servers.
    Also get sucess message while setting Clint LCM : Registration of the Dsc Agent with the server http://DevOpsVM1:8080/PSDSCPullServer.svc/ was successful

    • This reply was modified 1 month, 3 weeks ago by Profile photo of Amjad Nawaz Amjad Nawaz.
    #49047
    Profile photo of Arie H
    Arie H
    Participant

    You're using WMF 5.0 but your script is a WMF 4.0 version for the pull server script.
    There is no more PSDSCComplianceServer in WMF 5.0.

    I'm writing a more full answer that ill post bit later 🙂

    • This reply was modified 1 month, 3 weeks ago by Profile photo of Arie H Arie H.
    #49080
    Profile photo of Amjad Nawaz
    Amjad Nawaz
    Participant

    Thanks Arie 🙂 , Yes DSCComplianceServer was the left over from old script.
    Tried without it as well but running into same issues, will wait for your further help on this.
    Thanks for your help

    #49646
    Profile photo of Amjad Nawaz
    Amjad Nawaz
    Participant

    Hello Arie , just checking if you were able to get further with your script .
    Thanks

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.