Author Posts

July 22, 2016 at 12:03 am

“Start-DscConfiguration -Path "D:\DSC\Mof-files\" -wait -Verbose -Force”
Above works as expected and its pushes the configuration to the servers as per.mof (2 .mof in this case vm1.mof and vm2.mof)

How do I use Update-DscConfiguration for pull mode where I cannot specify the path of the .mof files
Update-DscConfiguration in pull mode works fine in case of multiple server using same config using below method:

$guid=Get-DscLocalConfigurationManager -CimSession DevOpsVM2 | Select-Object -ExpandProperty ConfigurationID
# Specify source folder of configuration

$source = "D:\DSC\Mof-files\VM1.mof"
# Destination is the Share on the SMB pull server

$dest = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration\$guid.mof"

Copy-Item -Path $source -Destination $dest
#Then on Pull server make checksum
New-DSCChecksum $dest
Update-DscConfiguration -ComputerName $AllNodes -wait -Verbose 

Below is the sample script I am using to configure web Server and SQL server:

 
$ConfigurationData = 
@{

    AllNodes = 
    @(
        @{
            NodeName           = "*"
            LogPath            = "D:\Scripts"
            PSDscAllowPlainTextPassword=$true
            PSDscAllowDomainUser=$true
            $MyCredentials=IMPORT-CLIXML D:\DSC\SecureCredentials.xml
            
        },


        @{
            NodeName = “VM1"
            Role     = "QA-WebServer"

        },

        @{
            NodeName = “VM2"
            Role     = "SQLServer"
        }


    );

   NonNodeData = ""
  
  
}


configuration ConfigureWebServer
{


   Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
   node $AllNodes.Where{$_.Role -eq "QA-WebServer"}.NodeName
   
    {
 
        File DirectoryCopy
        {
Copy some files 
        }

        Group AddADUserToLocalAdminGroup
        {
            GroupName= 'Administrators'   
            Ensure= 'Present'             
            MembersToInclude= "domain\DevUser01"," domain\DevUser05"
            Credential = $MyCredentials    
        }

 # Install the IIS feature on the server.
      WindowsFeature AddWebServer
        {
           
            Name = "Web-Server"
            Ensure = "Present"
        }


     }

  node $AllNodes.Where{$_.Role -eq "SQLServer"}.NodeName
   
    {
    
 # Remove the IIS feature on the server.

        WindowsFeature RemoveWebSQL
        {
            Name = "Web-Server"
            Ensure = "Absent"
        }

        Group AddUserToLocalAdmin
        {
            GroupName='Administrators'   
            Ensure= 'Present'             
            MembersToInclude= " domain\DevUser02"," domain\DevUser03"," domain\DevUser04"
            Credential = $MyCredentials    
          #  PsDscRunAsCredential = $DCredential
        }
       
       }


}

ConfigureWebServer -ConfigurationData $ConfigurationData -OutputPath D:\DSC\Mof-files\

  • This topic was modified 2 years ago by  Amjad Nawaz.

July 22, 2016 at 4:47 pm

For Update-DscConfiguration, you do not need to specify any paths. Two conditions need to satisfy for Update-DscConfiguration
1) Managed nodes have ConfigurationID property set in LCM
2) The Pull Server has the MOFs with the name – ConfigurationID.MOF

What is the error you are seeing when you execute Update-DscConfiguration?

July 22, 2016 at 5:33 pm

Thanks Indhu for quick response..
I am meeting both the condition you have indicated:
1) Managed nodes have ConfigurationID property set in LCM, below is how its done
$ComputerName = 'VM1','VM2'

Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP\Test -Verbose -Force
    $guid=Get-DscLocalConfigurationManager -Computer VM1 | Select-Object -ExpandProperty ConfigurationID
    

2) The Pull Server has the MOFs with the name – ConfigurationID.MOF
Copying the mof with ConfigurationID as name to pull server using below:

 $source = "C:\DSC\HTTP\Test\VM1.mof"
    # Destination is the Share on the SMB pull server
    $dest = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration\$guid.mof"
    Copy-Item -Path $source -Destination $dest
  

So now pull server has the mof file for VM1 and named after the LCM ConfigurationID, ConfigurationID is same in case of both server VM1 (web server) and VM2 (sql server)

When i run Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
its looks only the configuration defined for VM1 where role is web server, its not able to see the configuration defined for VM2.

Problem seems to be due to fact that ConfigurationID.MOF is mapped with either VM1 or VM2 configurations not both
So we should somehow have 2 MOFs with the name ConfigurationID.MOF present of the pull server, if this is the case how do we achieve this.

  • This reply was modified 2 years ago by  Amjad Nawaz.

July 24, 2016 at 6:30 am

The idea of using the same ConfigurationID in more the one node is only of you want the same mof applied to the all the nodes. In your case that's two distinct configurations so you need two separate ConfigurationID.

As a side note, you do not need a ConfigurationID if you work with WMF 5.0 and implement the new AgentID and RegistrationKey method for node registration to the pull server. This will allow you to set what ever name you want to the mof as you have to use that same name in the LCM script using the ConfigurationNames property.

July 24, 2016 at 6:52 am

Thanks Arie for your input.
You got is correct in my case i will be using more than 2 different configurations/mof for different server layers (web, App , sql,SSRS etc...)
I m using WMF 5.0 , do you have sample script or point me to some resource using Agent Id and Registration key with pull server.

below is what i am using to configure the pull client LCM:

[DSCLocalConfigurationManager()]
Configuration LCM_HTTPPullClient 
{
    #RebootNodeIfNeeded = $true
   
    param
        (
            [Parameter(Mandatory=$true)]
            [string[]]$ComputerName,
 
            [Parameter(Mandatory=$true)]
            [string]$guid
        )           

    Node $ComputerName 
    {    

    Settings
        {
            AllowModuleOverwrite = $True
            ConfigurationMode ='ApplyAndAutoCorrect'
            RefreshMode = 'Pull'
            ConfigurationModeFrequencyMins = 15
            ConfigurationID = $guid
        }

    ConfigurationRepositoryWeb  DSCHTTP 
        {
            #ConfigurationNames = 'DSCHTTP'
            ServerURL = 'http://VM1:8080/PSDSCPullServer.svc/'
            AllowUnsecureConnection = $true
        }
    }
}

# List of server that will act as pull client server Computer list 
$ComputerName= Get-Content -Path "C:\DSC\PullClientServers.txt"


# Create Guid for the pull client server
$guid=Get-DscLocalConfigurationManager -CimSession VM2 | Select-Object -ExpandProperty ConfigurationID


# Create the pull client server.Meta.Mof in folder

LCM_HTTPPullClient -ComputerName $ComputerName -Guid $guid  -OutputPath C:\DSC\HTTP\Test
Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP\Test -Verbose -Force

August 1, 2016 at 10:40 pm

Thanks Arie,
I refereed the MSDN https://msdn.microsoft.com/en-us/powershell/dsc/pullServer and changed my configuration accordingly.
everything went fine except getting kept below error while using Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose
————————————-
VERBOSE: Operation 'Invoke CimMethod' complete.
The attempt to get the action from server http://devopsvm1:8080///PSDSCPullServer.svc//Nodes(AgentId='B7C25E3A-55C6-11E6-80DD-000D3A914775')/GetDscAction failed because pullserver is not available or there is no registered node with AgentId B7C25E3A-55C6-11E6-80DD-000D3A914775 on the server.
+ CategoryInfo : ResourceUnavailable: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : WebDownloadManagerGetActionNodeConfigurationNotFound,Micros oft.PowerShell.DesiredStateConfiguration.Commands.GetDscActionCommand + PSComputerName : DevOpsVM2
———————————————
Tried many things nothing helped , something is wrong somewhere but cant figure it out :-(...
refereed https://powershell.org/forums/topic/failure-to-pull-configuration-v5/ where similar issue is being discussed...

Configuration works like charm when using below which is like using push method :
Start-DscConfiguration -Path "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" -wait -Verbose -Force

My Goal is to have many server with different roles having different configurations , if there is better way to achieve please suggest,
here is script i am using for your reference:

#—————————
# 1. Configure Pull server
#—————————
configuration SetupHTTPPullServer
{
   param 
        (
           [string[]]$NodeName = 'DevOpsVM1',
            #[ValidateNotNullOrEmpty()]
            #[string] $certificateThumbPrint
            [Parameter(Mandatory)]
            [ValidateNotNullOrEmpty()]
            [string] $RegistrationKey
        )
     Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 3.12.0.0
     Import-DscResource –ModuleName  PSDesiredStateConfiguration
     Import-DscResource -ModuleName xWebAdministration -ModuleVersion 1.12.0.0    
     Node $NodeName
        {
            WindowsFeature  InstallIIS 
            {
                Ensure = "Present"
                Name   = "Web-Server"
                IncludeAllSubFeature = $true
            }

            WindowsFeature  DSCServiceFeature
            {
                Ensure = "Present"
                Name   = "DSC-Service"
                DependsOn = '[WindowsFeature]InstallIIS'
            }
       
        xDscWebService  DSCPullServer
            {
                Ensure                  = 'Present'
                EndpointName            = 'PSDSCPullServer'
                Port                    =  8080
                PhysicalPath            = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
                CertificateThumbPrint   = "AllowUnencryptedTraffic"
                ModulePath              = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
                ConfigurationPath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
                State                   = "Started"
                DependsOn               = '[WindowsFeature]DSCServiceFeature','[WindowsFeature]InstallIIS'
            }

        xDscWebService  DSCComplianceServer
            {
                Ensure                  = 'Present'
                EndpointName            = 'PSDSCComplianceServer'
                Port                    =  9080
                PhysicalPath            = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
                CertificateThumbPrint   = "AllowUnencryptedTraffic"
                State                   = "Started"
               # IsComplianceServer      = $true
                DependsOn = '[WindowsFeature]InstallIIS','[WindowsFeature]DSCServiceFeature','[xDSCWebService]DSCPullServer'
            }

        File RegistrationKeyFile
            {
                Ensure          = 'Present'
                Type            = 'File'
                DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
                #Contents        = $RegistrationKey
                Contents        = '8a66fa6f-5756-41c9-86cc-fff7500a6696'

            }
         }
}

SetupHTTPPullServer -RegistrationKey '8a66fa6f-5756-41c9-86cc-fff7500a6696' -OutputPath C:\DSC\PullServer\HTTP

#————–
#2. Configure DSC LCM for Client Server
#————–
[DSCLocalConfigurationManager()]
Configuration LCM_HTTPPullClient 
{
      param
        (
            [Parameter(Mandatory=$true)]
            [string[]]$ComputerName
         )           

    Node $ComputerName 
    {    
    Settings
        {
            AllowModuleOverwrite = $True
            ConfigurationMode ='ApplyAndAutoCorrect'
            RefreshMode = 'Pull'
            ConfigurationModeFrequencyMins = 15
            RefreshFrequencyMins = 30
            #RebootNodeIfNeeded = $true        
        }

    ConfigurationRepositoryWeb  DSCHTTP 
        {
            ServerURL = 'http://DevOpsVM1:8080/PSDSCPullServer.svc/'
            RegistrationKey    = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
            ConfigurationNames = @('ConfigureWebServer')
            AllowUnsecureConnection = $true     
        }

    ReportServerWeb DSCHTTP
        {
            ServerURL       = 'http://DevOpsVM1:8080/PSDSCPullServer.svc/'
            RegistrationKey = '8a66fa6f-5756-41c9-86cc-fff7500a6696'
            AllowUnsecureConnection = $True
        }
    }
}

# List of server that will act as pull client server Computer list 
$ComputerName= Get-Content -Path "C:\DSC\PullClientServers.txt"

# Create the pull client server.Meta.Mof in folder
LCM_HTTPPullClient -ComputerName $ComputerName -OutputPath C:\DSC\HTTP
Set-DSCLocalConfigurationManager –Computer $ComputerName -Path C:\DSC\HTTP -Verbose #-Force

# ————————
# 3. Configuration setting
#————————-

$ConfigurationData = 
@{
    AllNodes = 
    @(
        @{
            NodeName           = "*"
            LogPath            = "D:\Scripts"
            PSDscAllowPlainTextPassword=$true
            PSDscAllowDomainUser=$true
            $MyCredentials=IMPORT-CLIXML C:\DSC\SecureCredentials.xml          
        },

        @{
            NodeName = Get-Content -Path "C:\DSC\DSCClient-QA-WebServer.txt"
            Role     = "QA-WebServer"
        },

        @{
            NodeName = Get-Content -Path "C:\DSC\DSCClient-SQLServer.txt"
            Role     = "SQLServer"
        },

        @{
            NodeName = Get-Content -Path "C:\DSC\DSCClient-Prod-WebServer.txt"
            Role     = "Prod-WebServer"
            PSDscAllowDomainUser=$true
            PSDscAllowPlainTextPassword=$true
        }
    );
   NonNodeData = ""
}

configuration ConfigureWebServer
{  
   Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
   Import-DscResource –ModuleName 'xPSDesiredStateConfiguration'

   node $AllNodes.Where{$_.Role -eq "QA-WebServer"}.NodeName
    {
         File DirectoryCopy
        {
            Ensure = "Present" 
            Type = "Directory" 
            Force = $true
            Recurse = $true
            SourcePath = "\\DEVOPSVM1\Script"
            DestinationPath = "C:\Test"    
        }

        Group AddADUserToLocalAdminGroup
        {
            GroupName= "Administrators"   
            Ensure= "Present"             
            MembersToInclude= "domain\DevUser01","domain\DevOpsAdmin"
            Credential = $MyCredentials    
          #  PsDscRunAsCredential = $DCredential
        }

      WindowsFeature AddWebServer
        {       
            Name = "Web-Server"
            Ensure = "Present"
            IncludeAllSubFeature = $true
        }
    } 
  node $AllNodes.Where{$_.Role -eq "SQLServer"}.NodeName  
    {
    
        WindowsFeature RemoveWebSQL
        {
            Name = "Web-Server"
            Ensure = "Absent"
            IncludeAllSubFeature = $true
        }

        Group AddUserToLocalAdmin
        {
            GroupName="Administrators"   
            Ensure= "Present"             
            MembersToInclude= "domain\DevUser02"
            Credential = $MyCredentials    
          #  PsDscRunAsCredential = $DCredential
        }       
     }    
}

ConfigureWebServer -ConfigurationData $ConfigurationData -OutputPath $env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration

#———————————————–
# 4. Create checksum file and apply configuration:
#———————————————–
New-DSCChecksum -Path "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
Update-DscConfiguration -ComputerName $ComputerName -wait -Verbose

It generates .mof and checksum files for all the servers.
Also get sucess message while setting Clint LCM : Registration of the Dsc Agent with the server http://DevOpsVM1:8080/PSDSCPullServer.svc/ was successful

  • This reply was modified 2 years ago by  Amjad Nawaz.

August 2, 2016 at 7:00 am

You're using WMF 5.0 but your script is a WMF 4.0 version for the pull server script.
There is no more PSDSCComplianceServer in WMF 5.0.

I'm writing a more full answer that ill post bit later 🙂

  • This reply was modified 2 years ago by  Arie H.

August 2, 2016 at 5:10 pm

Thanks Arie 🙂 , Yes DSCComplianceServer was the left over from old script.
Tried without it as well but running into same issues, will wait for your further help on this.
Thanks for your help

August 8, 2016 at 9:03 pm

Hello Arie , just checking if you were able to get further with your script .
Thanks