Author Posts

March 9, 2016 at 12:29 pm

To a world of better compliance, probably 🙂

Hi all,

Based on questions in the forum and the lack of descriptive examples, i wrote down
some examples scripts to ease up the configuration and usage.

Quick Background – To enable nodes to report status to a central location, v4 DSC
had an option to create a compliance server via a resource inside
xPSDesiredStateConfiguration with a matching IsComplianceServer toggle bit in the
Pull Server creation script.

In V5 theres no more ComplianceServer, thoght the Compliance server resource and
toggle are still inside, most likely for backward compatibility.

You will see a couple examples for v5 DSC that still use the resource and the toggle,
including, unfortunatly again, Sample_xDscWebService.ps1 that comes with the latest
version 3.7.0.0 of xPSDesiredStateConfiguration resource.

Do note, from tests done by Justin King, if you want to use the new method of node
registration via RegistrationKey, you really do NOT want to use IsComplianceServer=$True 🙂

More Info:

ConfigNames being awfully quiet ...

That said the PowerShell documentation on Microsoft site as its being updated from the
GITHub repo does contain fixed examples if somewhat limited in explaining. Its being
update quite often and published to the public. Hop to the PowerShell DSC Docs GitHub link if youre into contributing.

More Info:
https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
https://github.com/PowerShell/PowerShell-Docs

Scenario
Srv1 was our Pull Server
Srv3 is our Pull client getting resources from Srv1

We dont want the reporting to be registered at SRV1, so we build a new Pull Server
on Srv2 and update the LCM on Srv3 accordingly.

Note that you can also separate the resource a.k.a. modules to be pulled from another
server. Secondly, im not going into how to get a certificate or install it, as its out of scope.

CreatePullServer_SRV1.ps1


# Configuration for creating a PullServer V2 (PS 5.0)
Configuration CreatePullServer

{

     param

    (

         [ValidateNotNullOrEmpty()][string] $ComputerName,

         [ValidateNotNullOrEmpty()][String] $CertificateThumbprint

    )


    Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 3.7.0.0


    Node $ComputerName

    {

         WindowsFeature DSCServiceFeature

        {

            Ensure     = 'Present'

            Name       = 'DSC-Service'

        }


        xDscWebService PSDSCPullServer

        {

             Ensure                       =  'Present'

             EndpointName                 =  'PSDSCPullServer'

             Port                         =  8080

             PhysicalPath                 =  'D:\WebSites\PSDSCPullServer'

             CertificateThumbPrint        =  $CertificateThumbprint

             State                        =  'Started'

             ModulePath                   =  'C:\Program Files\WindowsPowerShell\DscService\Modules'

             ConfigurationPath            =  'C:\Program Files\WindowsPowerShell\DscService\Configuration'

             RegistrationKeyPath          =  'C:\Program Files\WindowsPowerShell\DscService'

             AcceptSelfSignedCertificates =  $false

             IsComplianceServer           =  $false

             DependsOn                    =  '[File]RegistrationKeyFile'

         }

 
          File RegistrationKeyFile

         {

            Ensure          = 'Present'

            Type            = 'File'

            DestinationPath = 'C:\Program Files\WindowsPowerShell\DscService\RegistrationKeys.txt'

            Contents        = '5e2e5153-62b8-44a3-958e-198eafc7218a'

            DependsOn       = '[WindowsFeature]DSCServiceFeature'

         }

    }

}

# Certificate should also be installed at the target server beforehand

$myCertPath = '.\DSCPullServer.pfx'
$myCertThumbprint = (Get-PfxCertificate -FilePath $myCertPath).Thumbprint


CreatePullServer -ComputerName SRV1 -CertificateThumbprint  $myCertThumbprint -OutputPath  '.\'

Start-DscConfiguration -ComputerName SRV1 -path '.\'  -Force -Wait -Verbose
  

I've bound the creation of the pull server to the creation of the RegistraionKeys.txt but you
can obviously remove that.

The code for SRV2, follows:

Note i didnt change the RegistrationKey as its not needed, but of course you can, as long
as you remember to change it in the LCM script as well.

And most importantly, we are NOT using IsComplianceServer at all. I used it in the script
just to not have any doubts and not take it for granted that $false is the default value 🙂

CreatePullServer_SRV2.ps1


# Configuration for creating a PullServer for ReportServer V2 (PS 5.0)
Configuration CreatePullServer

{

     param

    (

         [ValidateNotNullOrEmpty()][string] $ComputerName,

         [ValidateNotNullOrEmpty()][String] $CertificateThumbprint

    )


    Import-DSCResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 3.7.0.0


    Node $ComputerName

    {

         WindowsFeature DSCServiceFeature

        {

            Ensure     = 'Present'

            Name       = 'DSC-Service'

        }


        xDscWebService PSDSCPullServer

        {

             Ensure                       =  'Present'

             EndpointName                 =  'PSDSCReportServer'

             Port                         =  8080

             PhysicalPath                 =  'D:\WebSites\PSDSCReportServer'

             CertificateThumbPrint        =  $CertificateThumbprint

             State                        =  'Started'

             ModulePath                   =  'C:\Program Files\WindowsPowerShell\DscService\Modules'

             ConfigurationPath            =  'C:\Program Files\WindowsPowerShell\DscService\Configuration'

             RegistrationKeyPath          =  'C:\Program Files\WindowsPowerShell\DscService'

             AcceptSelfSignedCertificates =  $false

             IsComplianceServer           =  $false

             DependsOn                    =  '[File]RegistrationKeyFile'

         }

 
          File RegistrationKeyFile

         {

            Ensure          = 'Present'

            Type            = 'File'

            DestinationPath = 'C:\Program Files\WindowsPowerShell\DscService\RegistrationKeys.txt'

            Contents        = '5e2e5153-62b8-44a3-958e-198eafc7218a'

            DependsOn       = '[WindowsFeature]DSCServiceFeature'

         }

    }

}

# Certificate should also be installed at the target server beforehand

$myCertPath = '.\DSCPullServer.pfx'
$myCertThumbprint = (Get-PfxCertificate -FilePath $myCertPath).Thumbprint
 

CreatePullServer -ComputerName SRV2 -CertificateThumbprint  $myCertThumbprint -OutputPath  '.\'

Start-DscConfiguration -ComputerName SRV2 -path '.\'  -Force -Wait -Verbose 

And last but not least SRV3 LCM script

MetaConfig_SplitReport.ps1


# Configuration for creating a LCM V2 (PS 5.0)
[DSCLocalConfigurationManager()]

Configuration LCMMetaConfig

{

     param

    (

         [ValidateNotNullOrEmpty()][string] $ComputerName

    )
    

    node $ComputerName

    {

         Settings

        {

            RefreshMode='Pull'

            ConfigurationMode              = 'ApplyAndMonitor'

            ActionAfterReboot              = 'ContinueConfiguration'

            RebootNodeIfNeeded             = $false

            ConfigurationModeFrequencyMins = '15'

            RefreshFrequencyMins           = '30'

            AllowModuleOverwrite           = $true

        }

 
         ConfigurationRepositoryWeb PullServerConfig

        {

            ServerURL                     = 'https://SRV1:8080/PSDSCPullServer.svc'

            RegistrationKey               = '5e2e5153-62b8-44a3-958e-198eafc7218a'

            ConfigurationNames            = @("SRV_Base")

        }
 

         ReportServerWeb ReportServerConfig

        {

            ServerURL                    = 'https://SRV2:8080/PSDSCReportServer.svc'

            RegistrationKey              = '5e2e5153-62b8-44a3-958e-198eafc7218a'

        }

    }

}

 

LCMMetaConfig -ComputerName SRV3 -OutputPath '.\' 

Set-DscLocalConfigurationManager -ComputerName SRV3 -Path '.\'  -Verbose


Initialy, you do not want to split the locations.

Unless you manage 1000 servers, then you might say the traffic back and forth
especialy every 30 min (if thats the LCM settings you set) plus pulling the resources
when there are changes, might be an excess on the network bandwith.
Even more if the server you installed the Pull Server on, isnt a dedicated one and has
more web sites.

The main reason the separation was made is basically for Push mode, to allow those
using that method to still get a central repository for node status.

Remember that in LCM v5, you can now query two new parameters

LCMState
LCMStateDetail

To get the current state information, but its limited and obviously holds no history.

More Info:
https://msdn.microsoft.com/en-us/powershell/wmf/dsc_statestatus

OK, Pull Server and Report Server sorted.
What do i do with it exactly ??

Well the Report Server is an OData endpoint which exposes the information via REST
API. This means you can use Invoke-WebRequest to get JSON back and then parse it.

This is a bit out of scope for this time, but do follow the link and im sure
you can find other links generaly explaining what Invoke-WebRequest is and how to
handle JSON objects.

https://msdn.microsoft.com/en-us/powershell/dsc/reportserver

Hope this clears some questions previously posted and maybe future ones.

Changes will be done to this post to reflect changes in the future 🙂

Have fun DSCing or maybe Complying ? 🙂

Arie H.

March 16, 2016 at 11:44 am

Pleasure.

Do go over https://powershell.org/forums/topic/reportserver-or-complianceserver/

If you haven't yet for Erics post. Still hope he can re-confirm my question as it potentially changes my post and script.

March 20, 2016 at 11:20 pm

@Arie, going by your example above. If I wanted to setup a pull server and a reporting server on 1 server then all I need to do is just setup a Pull server, and then point nodes to the Pull server address and tell them to use that as a reporting server?

So in your example, SRV1 and SRV2 are both pull servers and reporting servers, you're just telling the nodes to use SRV2 for reporting?

March 21, 2016 at 12:55 am

Yes exactly to the second question. Any creation of a Pull server creates a local database, for holding node information.

That's why you need to register a node by RegistrationKeys. So yes, the lcm of the node will register to one server for configuration and will register to the other pull server for reporting, it will just not pull configurations from the second server.

I doubt people will use this in a pull server method unless, as I pointed in my post, they have allot of nodes to manage or are seeing heavy traffic to the iis web server as its not a dedicated pull server. The ability to point the lcm to a Reporting sever was mainly done for Push mode.

The only other usage in a Pull Server scenario is if they use PartialConfiguriation, then potentialy you can get one partial config from SRV1 and a second partial config from SRV2 while reporting to SRV2. I wonder if they thought about "partial reporting" when we use partial configs. Food for thought and tests I guess.

As for your first question, my understanding and logic as its based on the online documentation, is that if you create a pull server it will act as all three components, config, resource, reporting by default, with out you needing to set anything in the LCM apart for ConfigurationRepositoryWeb.

However...if you follow the link in last post and read Eric's reply it kinda changes things which is why I asked for a reconfirmation. Judging by Nana's reply, and the latest online documentation, then my initial thought was right and you don't need to use any ReportServerWeb block in the LCM if you want that one pull server to be all the mini roles.

March 22, 2016 at 1:21 am

Hi Arie, I had a go at this today. I could not get this new PS5 ReportServer working. As far as I can tell it doesn't seem to exist at all. I tried a WIDE range of configurations and multiple server deployments / snapshot reverting.

I get this in event log "Http Client 4eaf16f4-5787-4918-a5bf-8eade295b015 failed for WebReportManager for configuration The attempt to send status report to the server https://labserver01.lab.local:8080/PSDSCPullServer.svc/Node(ConfigurationId='4eaf16f4-5787-4918-a5bf-8eade295b015')/SendStatusReport returned unexpected response code BadRequest."

I can say that the "Compliance" system appears to work perfectly in PS5. See below...

Pull Server Config

WindowsFeature DSCServiceFeature
{
    Ensure = 'Present'
    Name   = 'DSC-Service'
}

xDscWebService PSDSCPullServer
{
    Ensure                  = 'Present'
    EndpointName            = 'PSDSCPullServer'
    Port                    = 8080
    PhysicalPath            = 'C:\inetpub\wwwroot\PSDSCPullServer'
    CertificateThumbPrint   = $Node.DSCHTTPSThumprint
    ModulePath              = 'C:\Program Files\WindowsPowerShell\DscService\Modules'
    ConfigurationPath       = 'C:\Program Files\WindowsPowerShell\DscService\Configuration'
    State                   = 'Started'
    DependsOn               = '[WindowsFeature]DSCServiceFeature'
}

WindowsFeature WinAuth 
{ 
    Ensure = 'Present'
    Name   = 'Web-Windows-Auth'
}

xDscWebService PSDSCComplianceServer
{
    Ensure                  = 'Present'
    EndpointName            = 'PSDSCComplianceServer'
    Port                    = 9080
    PhysicalPath            = 'C:\inetpub\wwwroot\PSDSCComplianceServer'
    CertificateThumbPrint   = $Node.DSCHTTPSThumprint
    State                   = 'Started'
    IsComplianceServer      = $True
    DependsOn               = '[WindowsFeature]DSCServiceFeature','[xDSCWebService]PSDSCPullServer','[WindowsFeature]WinAuth'
}

Node LCM Config

Node $ServerName {
	Settings
    {
		AllowModuleOverwrite = $True
        ConfigurationMode =  $ConfigurationMode
		RefreshMode = 'Pull'
        RefreshFrequencyMins = $RefreshFrequencyMins
        RebootNodeIfNeeded = $RebootIfNeeded
        ActionAfterReboot = 'ContinueConfiguration'
        ConfigurationModeFrequencyMins = $ConfigurationModeFrequencyMins
		ConfigurationID = $GUID
        CertificateID = $CertThumbprint
        DebugMode = $DebugMode
    }

    ConfigurationRepositoryWeb DSCHTTP 
    {
        ServerURL = "https://labserver01.lab.local:8080/PSDSCPullServer.svc"
        AllowUnsecureConnection = -not($Secure)
    }

}

Test 1:

Start-Process -FilePath iexplore.exe -ArgumentList 'https://labserver01.lab.local:9080/PSDSCComplianceServer.svc/$metadata'

Test 2:

(Invoke-RestMethod -Uri 'https://labserver01.lab.local:9080/PSDSCComplianceServer.svc/Status' -UseDefaultCredentials -Method Get -Headers @{Accept="application/json"}).Value

TargetName : 192.168.32.24
ConfigurationId : 9355df0b-2fcf-46f2-a3fb-8877940bc9a4
ServerCheckSum : AF4135C145A1A373AA53C635E34C3087102BEBFBBFEAB32773154758B8C88C01
TargetCheckSum : AF4135C145A1A373AA53C635E34C3087102BEBFBBFEAB32773154758B8C88C01
NodeCompliant : True
LastComplianceTime : 2016-03-22T05:51:45.1207538Z
LastHeartbeatTime : 2016-03-22T05:51:45.1207538Z
Dirty : True
StatusCode : 0

March 22, 2016 at 2:52 am

The sample you used is a v4 and not a v5, so "I can say that the "Compliance" system appears to work perfectly in PS5." Needs to be changed to P4.

I'll run the script again this week to follow the trail, based on the original reply by Eric and update.

March 22, 2016 at 2:58 am

Hi Arie, now you are confusion me 😉 Maybe it's better to say....

"The PS4 method of reporting works perfectly within PS5".

So PS5 supports a "Reporting Server" (new method) and a "Compliance Server" (old method).

The sample I gave was the PS4 reporting method within PS5.

March 22, 2016 at 3:48 am

Hehe true. That's because PS5 is backward compatible. But you're back to handling GUIDs which is meh 😉

March 22, 2016 at 3:58 am

The Configuration ID method rocks if you're using your own custom built CMDB 😉 in our environment everything is 100% automated when deploying servers. I never have to look at GUIDs.

Registration keys are nice for testing/lab environment (edit the registration key .txt file;-P) but if you have the backend workflow system setup, Configuration IDs are the way to go. Well that's my personal opinion anyway.

March 22, 2016 at 4:18 am

Arie, they have removed IsComplianceServer in xPSDesiredStateConfiguration v3.8.0.0. Noooo! Now I have no way to get a server report from a pull server.

See https://github.com/PowerShell/xPSDesiredStateConfiguration/pull/86/files

Do you have a working example of using the new method (Report Server)? I can't find any articles or official DSC docs that show you how to setup the new reporting way (what the pull server config and node lcm look like etc). I'm guessing your sample has not been tested because you don't show any report queries. I tried your sample but without the registration keys and it doesn't work (as per my previous post). I really hope they haven't made registrations keys a requirement for the new reporting method. It's not documented anywhere.

March 22, 2016 at 4:36 am

.....and there goes the backward compatibility I was referring to.
At least they removed the bug forcing us to use mdb as a data source which led to inability to install pull server on core without GUI...

Use 3.7.0.0 or don't swap to wmf 5.0.
I'll push my testing.

March 22, 2016 at 4:50 am

I heavily use partial configurations so I'm stuck with PS5. I'll be forced to stay on 3.7.0.0 unless your test shows that this new mystical reporting system actually works 😉 Looking forward to your tests (hopefully with and without registration keys).

March 22, 2016 at 4:53 am

I left an issue on their github repo just to be sure.

March 22, 2016 at 5:21 am

I just added my 2 cents to your github repo post. Hopefully someone can clear up the confusions.

https://github.com/PowerShell/xPSDesiredStateConfiguration/issues/93

March 22, 2016 at 7:37 am

Are you sure you used my scripts ?
Going over the error message you posted before your scripts is a bit mind boggling as you're getting an error about a ConfigurationID, which I dont use as its a v4 method. If anything the error should have been mentioning the AgentID...

March 22, 2016 at 4:28 pm

It seems the latest updates to the online doc and 3.8.0.0 do require you to add a ReportServerWeb block to the LCM in cases where the pull server is also your report server. Though theres some inconsistency in the samples so i opened a new issue and closed the first one.

March 22, 2016 at 10:11 pm

Hi Arie, I now have proof (at least I think so) that the new report server system in PS v5 does not work in a Configuration ID setup.

I created Sample_RegistrationKeys.ps1 which sets up a DSC Pull Server, configures a nodes LCM and then retrieves some report data.

I then cloned Sample_RegistrationKeys.ps1 to Sample_ConfigurationIDs.ps1 and simply commented out the registration key related stuff and added a configuration ID.

Sample_RegistrationKeys.ps1 (h-ttps://gist.github.com/Zuldan/c679bae20de0c2dcf1aa)
Sample_ConfigurationIDs.ps1 (h-ttps://gist.github.com/Zuldan/c0fd292838b8d35c6383)

(remove the '-' from https)

Sample_RegistrationKeys.ps1 is able to retrieve report data
Sample_ConfigurationIDs.ps1 cannot retrieve report data

I think the clue may sit here https://msdn.microsoft.com/en-us/powershell/dsc/pullserver

"The lack of the ConfigurationID property in the metaconfiguration file implicitly means that pull server is supporting the V2 version of the pull server protocol so an initial registration is required. Conversely, the presents of a ConfigurationID means that the V1 version of the pull server protocol is used and there is no registration processing."

I'm taking that as when a ConfigurationID is used, the reporting mode is v1 and the new Report Server only works with reporting mode v2?

This error appears in the the DSC WinEvent log on the node when Sample_ConfigurationIDs.ps1 is used.

Log Name: Microsoft-Windows-DSC/Operational
Source: Microsoft-Windows-DSC
Date: 3/23/2016 4:32:51 PM
Event ID: 4260
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: LABSERVER02
Description:
Job {AAFECED4-F0B8-11E5-80C7-005056B644A2} :
Http Client 1d545e3b-60c3-47a0-bf65-5afc05182fd1 failed for WebReportManager for configuration The attempt to send status report to the server https://LABSERVER01:8080/PSDSCPullServer.svc/Node(ConfigurationId='1d545e3b-60c3-47a0-bf65-5afc05182fd1')/SendStatusReport returned unexpected response code BadRequest..

If you could kindly have a peak at the samples when you get a chance to see if maybe I'm doing something wrong. If you can't see any issues then I'm going to raise it on UserVoice or Github and request the owners of the xPSDesiredStateConfiguration repo not to remove IsComplianceServer yet, because if they do, people who use ConfigurationID's will have no way to report if they want to use v3.8.0.0

March 23, 2016 at 1:35 am

The scripts seem ok, except the GetReport function at the end of the ConfigurationID sample needs to point to "$serviceURL/Nodes(ConfigurationID='$ConfigID')/Reports"

And the GetReport function usage needs to change to get the ConfigurationID

March 23, 2016 at 1:50 am

Perfect! thanks for the heads up. I'll make the adjustment and raise an issue on Github with the samples.

Some other questions you may know the answer to...

1. When retrieving report data for an agentid (registration key mode), how do you tell if the node is Compliant or not? There is a field that says "Success" but that could mean anything.

2. How do you retrieve the status of all nodes in the report database? This was pretty easy to do with a compliance server.

March 23, 2016 at 3:46 am

Good question.

I dont know yet the full structure to the json in StatusData, but from the code at the bottom part of the how to use the report server page

https://msdn.microsoft.com/en-us/powershell/dsc/reportserver

Youll see that resources that are in their desired state will be in $resources. Question is if there's a section called ResourcesNotInDesiredState or similar. It's one of my tests to initially cause the state to change and see what the log states.

I do think, that if you want real time status, I'd actually query the LCM directly via

https://msdn.microsoft.com/en-us/powershell/wmf/dsc_statestatus

or use Test-DscConfiguration

as for getting all the agent status, dont think it will be hard to iterate through all the agentid available. But that leads to a different question, how long does history stays in the db, and what happens to data of nodes that have been decommissioned

March 23, 2016 at 11:53 am

Thanks for all of this great information. Does anyone know a way that I can query the Report Server to find all the agent IDs that have reported their status?

March 23, 2016 at 12:29 pm

@Arie, I don't really need realtime stats, even 30 min off would be fine. The problem is the boss wants to see the status of all the servers on a single webpage and making a connection to 200+ servers to get LCM status is going to be really inefficient if all that data already sits at the report server, I mean that was what the report server was designed for. I already have a nice webpage for servers using the Compliance server. Surely the report server has a way to provide the status for all servers like the Compliance server can.

@matt once I've sorted out my ConfigurationID issue I'm going to go hunting for a Odata explorer tool which will hopefully help me discover data is available. I'll report back here with what I find.

Edit: found one, haven't tried it yet. OData Powershell Explorer https://psodata.codeplex.com

I good starting point is a list of what functions are available. You can see them here...
https://pullserver:8080/PSDSCPullServer.svc/$metadata

March 23, 2016 at 12:32 pm

Raised an issue for the ConfigurationID issue and reporting.

https://github.com/PowerShell/xPSDesiredStateConfiguration/issues/97

March 24, 2016 at 7:09 am

Dont forget Zuldan, that you can run PS scripts on the remote node so its not going to take much time for all nodes to run it. all you have to worry about is gathering the returned data and display it nicely.

If you want to run them on your pc instead, you can always use the Wokflow commands to build your small execution engine.

April 4, 2016 at 5:40 am

I pitched in my pov on it zuldan. I tried using several tools but can't find a decent model as they didn't implement any Get method to return info. The only way was using the URI method as in the documentation but that forces me to either run it from the node (so I get the local AgentID) or start managing them just fir the sake of the reports, which is then bit silly seeing we moved from being dependant on GUID management for pull servers to the RegistrationKeys method, but now depends on managing the AgentID GUID...

Really hope they push in more info on this and implement a more richer report server

April 4, 2016 at 5:54 am

@Arie H, I've had a similar result when querying the API. The only other thing I've gotten to work is the following:

Invoke-RestMethod -Uri "https://dscpullserver.domain.local/PSDSCPullServer.svc/Nodes(AgentId= '9B616A2C-DB70-11F5-80C2-121DD8C7201D')" -ContentType "application/json;odata=minimalmetadata;streaming=true;charset=utf-8" -Headers @{Accept = "application/json";ProtocolVersion = "2.0"}

Invoke-RestMethod -Uri "https://dscpullserver.domain.local/PSDSCPullServer.svc/Nodes(AgentId= '9B616A2C-DB70-11F5-80C2-121DD8C7201D')/Reports" -ContentType "application/json;odata=minimalmetadata;streaming=true;charset=utf-8" -Headers @{Accept = "application/json";ProtocolVersion = "2.0"}

April 6, 2016 at 10:42 am

@Zuldan

Did you get any further with this? Like yourself I am after a status page to see if each node is in it's desired state, much like what we get with the compliance server.

April 6, 2016 at 10:01 pm

I've found the function works as expected, you simply HAVE to use a registration key in the reportingserver block, even if you plan to otherwise use the LCM in ConfigurationID mode.

Basically the new reportingserver does NOT have any backwards compatibility, thus must rely on AgentID (and thus requires you to setup using registration key).

Hope that helps.

EDIT: for better clarity:

[DSCLocalConfigurationManager()]
configuration PullClientConfigID
{
    Node localhost
    {
        Settings
        {
            RefreshMode = 'Pull'
            RefreshFrequencyMins = 30 
            RebootNodeIfNeeded = $true
            ConfigurationID = 'e151f804-9b5f-4dc9-9620-bd087ccfab4d'
        }

        ConfigurationRepositoryWeb CONTOSO-PullSrv
        {
            ServerURL = 'https://CONTOSO-PullSrv:8080/PSDSCPullServer.svc'
            # do not put a registration key in this block; it will conflict with the configurationID
        }

        ReportServerWeb CONTOSO-ReportSrv
        {
            ServerURL = 'https://CONTOSO-ReportSrv:8080/PSDSCPullServer.svc'
            RegistrationKey = '30ef9bd8-9acf-4e01-8374-4dc35710fc90'
            #DO put a registrationkey in this block
        }
    }
}

I should also state I've not tried it against the latest pull server (just found out they switched from a windb to ESEDB ... no idea if that shakes things up).

April 7, 2016 at 12:59 am

@Andrew Palmer, Microsoft has confirmed that there is no way to retrieve all the nodes at once like we could with the Compliance Server. So you would need to keep a record of AgentID's or ConfiurationID's (depending what you use) and then query each node 1 by 1. Maybe PS5.1 will have this feature later this year? We can only hope. Actually we should probably start up a UserVoice for that.

@justin King, apparently using a Report Server with just ConfigurationID's is possible. I'm currently working with NarineM (MSFT) to get the exact code to make it work. See https://github.com/PowerShell/xPSDesiredStateConfiguration/issues/97

NarineM (MSFT) – "If the node is setup to use ConfigurationID , ConfigurationID.mof has to present on the pull/reporting server (in the DSCService\Configuration folder). This ID is used by reporting server to authorize the client for send report operation. If a file with the name .mof does not present on the reporting server, the server would reject the client request to send a report.

It is similar to registrationKey scenario where the node has to be setup with a registration key and that key is required to present on the reporting server (in DSCService\RegitrationKey.txt file) . This key is used by the reporting server to authorize the client for sending status report operations."

April 8, 2016 at 1:29 pm

@justin King, I'm really interested in your idea. Any chance you could show us code on what ConfigID + a Reg Key looks like (beginning to end + a report)? I didn't know you could configure a node to use a ConfigID and have it use a reg key.

Here is a sample of how to create a full DSC setup which produces a report at the end using Reg keys
https:// gist.github.com/Zuldan/c679bae20de0c2dcf1aa

and here is one for ConfigID's https:// gist.github.com/Zuldan/c0fd292838b8d35c6383

This is totally optional and I don't expect you do it all but if you could modify either sample so that they are using both a ConfigID and Reg key that would be awesome.