Tags


This Saturday I’m doing a Presentation on PowerShell Desired State Configuration for beginners.  As I’ve been playing heavily with it recently I wanted to know something and I could not find the answer online ANYWHERE!

With DSC you have two scenarios

PUSH

You knock on the door, the computer answers and you say “Here’s your Configuration, make sure it’s right!” and it gets right

PULL

The Computer knocks on your door and says “What’s my configuration supposed to be?”, it receives it and every so often goes and checks again to make sure everything is working right

The PULL is your ideal scenario but requires a bit more overhead to setup.    

PUSH is very easy to do and use but there’s a catch.  PUSH is designed on the presumption that there is an established TRUST (IE: it’s on a Domain) between both machines.

So if you try to apply a DSC Configuration to a computer that is not on your domain (Think Web Server?  Not Domain Joined ideally) you will get a nasty evil error from WinRM freaking about “8000xxxx” this and that.

It translates to a simple phrase.  By default you’re not ALLOWED to talk to this person.  You need to establish some things first.

UserID/Password

Resolution for Name to IP address

Added entry to TRUSTS in WinRM on your machine trying to PUSH

Fortunately they are very easy to do.

If you don’t have a Static entry in DNS for the Non Trusted server or you wish to localize the resolution for whatever reason, just go edit your good old HOSTS file and add the Entry

So if we wanted to talk to the Server in the DMZ called EOT-WEB with an IP address of 172.20.5.50, add this as the last line in C:\Windows\System32\Drivers\Etc\HOSTS

172.20.5.50          EOT-WEB

Next go to an elevated CMD prompt to add your remote server to the Trusted list for WinRM

WINRM set winrm/config/client ‘@{TrustedHosts=”EOT-WEB”}’

Now you’ll need credentials.   To apply a DSC configuration called “MyWebServer” onto this machine you would run the Cmdlet in the following manner

START-DSCConfiguration –path .\MyWebServer –verbose –credential (GET-CREDENTIAL) –computername EOT-WEB

Enter the local admin Credentials for the Web Server In popup box (IE EOT-WEB\Administrator) give it a few minutes and watch that machine receive it’s Desired State Configuration.

You know, I’m certain it *IS* somewhere on the internet, but for all my luck, I couldn’t spot it anywhere Smile

Sean
Release the Power of Shell daily, and smile a little more each day

Advertisements