Using Start-DscConfiguration with CredSSP

Welcome Forums DSC (Desired State Configuration) Using Start-DscConfiguration with CredSSP

This topic contains 3 replies, has 3 voices, and was last updated by

4 years, 4 months ago.

  • Author
  • #20640

    Points: 1
    Rank: Member


    (I apologize if this has already been addressed. I did search the forum for this info, but couldn't find the answer.)

    I have a DSC configuration that contains a script resource which pulls data from a database. I have configured Cred-SSP on the initiating server and the recipient server, and tested that I can create a remote session from the initiator to the recipient and then execute the script that accesses the database.

    However, calling Start-DscConfiguration for the config with the script resource fails. My thought is that I may need to create a new CIM session for the server/node that's receiving the dsc config and have that CIM session use CredSSP. However, I haven't been able to create a new CIM session with CredSSP. I get:

    New-CimSession : Failed to set destination option for transport.
    Transport: WMIDCOM

    #1) Am I going about this the right way – trying to use a CredSSP CIM session to apply and test the DSC config?
    #2) If so, what might I be missing when trying to create the CredSSP CIM session?


  • #20651

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    #1, no, I'm not sure this is the right thing to do. I'm maybe not understanding what you're trying to do, actually. You're just trying to kick off the LCM and force a configuration run? I'd probably just send the necessary commands to the computer via Invoke-Command, and let those commands run locally.

    But, the LCM is what's running the config, and it runs under System, which isn't a delegate-able account, so CredSSP doesn't enter into that.

  • #20668

    Points: 0
    Rank: Member

    There's a similar discussion happening in this thread: .

  • #20689

    Points: 1
    Rank: Member

    Thanks, Don and Dave. That makes sense – to have Start-DSCConfig and Test-DSCConfig be invoked on the remote computer, since the LCM runs as System.
    Since I'm doing my development on a PS mgmt box, and the Start-DSCConfiguration and Test-DSCConfiguraiton functions has the option to test a local MOF against a remote server, I was trying that, and failing when the config needed to do a hop to another server.


The topic ‘Using Start-DscConfiguration with CredSSP’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort