This topic contains 3 replies, has 3 voices, and was last updated by
November 17, 2014 at 12:55 pm #20640ParticipantPoints: 1Rank: Member
(I apologize if this has already been addressed. I did search the forum for this info, but couldn't find the answer.)
I have a DSC configuration that contains a script resource which pulls data from a database. I have configured Cred-SSP on the initiating server and the recipient server, and tested that I can create a remote session from the initiator to the recipient and then execute the script that accesses the database.
However, calling Start-DscConfiguration for the config with the script resource fails. My thought is that I may need to create a new CIM session for the server/node that's receiving the dsc config and have that CIM session use CredSSP. However, I haven't been able to create a new CIM session with CredSSP. I get:
New-CimSession : Failed to set destination option for transport.
Destination option: __MI_DESTINATIONOPTIONS_DESTINATION_CREDENTIALS
#1) Am I going about this the right way – trying to use a CredSSP CIM session to apply and test the DSC config?
#2) If so, what might I be missing when trying to create the CredSSP CIM session?
November 18, 2014 at 10:02 am #20651KeymasterPoints: 1,811Rank: Community Hero
#1, no, I'm not sure this is the right thing to do. I'm maybe not understanding what you're trying to do, actually. You're just trying to kick off the LCM and force a configuration run? I'd probably just send the necessary commands to the computer via Invoke-Command, and let those commands run locally.
But, the LCM is what's running the config, and it runs under System, which isn't a delegate-able account, so CredSSP doesn't enter into that.
November 19, 2014 at 4:33 am #20668MemberPoints: 0Rank: Member
There's a similar discussion happening in this thread: https://powershell.org/forums/topic/dsc-script-resource-and-alternate-credentials/ .
November 19, 2014 at 12:51 pm #20689ParticipantPoints: 1Rank: Member
Thanks, Don and Dave. That makes sense – to have Start-DSCConfig and Test-DSCConfig be invoked on the remote computer, since the LCM runs as System.
Since I'm doing my development on a PS mgmt box, and the Start-DSCConfiguration and Test-DSCConfiguraiton functions has the option to test a local MOF against a remote server, I was trying that, and failing when the config needed to do a hop to another server.
The topic ‘Using Start-DscConfiguration with CredSSP’ is closed to new replies.