This blog was written by Shruthin Reddy

 

Desired State Configuration (DSC) is a PowerShell extension which enables you to install or remove server roles, manage environment variables and fix a configuration if it drifts from what was planned and deployed. This minimizes manual administration work, we can create a configuration blue print and automate the configuration process by either pushing the configuration to a client or make the client pull the configuration. This ensures the configuration cannot change from the deployed configuration and maintains consistency in the deployed configuration.

 

I’ll explain and describe the process of getting DSC configured and installed on Dell PowerEdge R730 MLK platform. There are many resources out there on web but I somehow find that the information is outdated and spread all over. I’ll put all the required content to configure the DSC in this blog over a few posts.

 

I’ll walk you through setting up an SMB Pull Server on Dell PowerEdge Server and walk you through configuring the Local Configuration Manager (LCM) of the clients to pull the configuration from the SMB Share. Note that this configuration should only be used for POC purposes and not for production as Microsoft DSC resources I am using are under experimental phase and are denoted by symbol ‘X’ in front of the resource name, Microsoft does not provide support for those resources.    

 

Pre-requisites

 

Install two Windows VM's, Join them to your domain. I used Windows Server 2016 RTM for my example. DSC needs WMF 5.0 and this link has System Requirements for WMF 5.0 supported operating system versions.

  • VM1 – Pull-Server ( This is the server we will set up for the clients to pull the configuration)

  • VM2 – Pull-Client1 ( I called it pull client as this will be my client which I will set its LCM (Local Configuration Manager) to Pull the configuration from SMB Share)

 

Download the DSC PowerShell Modules below from Microsoft PowerShell repository using Windows PowerShell console. You can directly find and install Modules from a PowerShell console on your Pull server using Install-Module CMDLET. If you don’t have internet connectivity you can download and copy the Modules to the pull server C:\Program Files\WindowsPowerShell\Modules directory.

 

To download and save the PowerShell Modules open the PowerShell console from your management workstation with internet access and type the commands beside each DSC Module below to download it.

 

  1. xPSDesiredStateConfiguration (Save-Module -Name xPSDesiredStateConfiguration -Path C:\Program Files\WindowsPowerShell\Modules)

  2. NuGet ( Save-Module -Name NuGet -Path C:\Program Files\WindowsPowerShell\Modules)

  3. You will need to install WMF 5.0 if you are using Server 2012 or older OS. Here is the download link. Windows Server 2016 has the latest Windows Management Framework (WMF) native in the OS.

 

Step1: Configure SMB Pull Server

 

We need to setup an SMB Share to store the DSC configuration files. I have configured this SMB Share on a VM “Pull-Server”. You can do it on any of your existing infrastructure. The directory I am creating on the VM will be the repository for all the configuration files.

 

# 1. Create a Directory

  • New-Item -path C:\DSCSMB -ItemType Directory

 

# 2. Make it SMB Share and share the folder to store .MOF file and Resource Modules

  • New-SMBShare -Name DSCSMB -Path C:\DSCSMB -ReadAccess Everyone -FullAccess administrator -Description "SMB Share for DSC"

 

Step2: Create LCM Meta.MOF file with appropriate settings

 

Using script below we are changing the settings of the LCM (Local Configuration Manager) of the client machine for it to pull the configuration from SMB Pull-Server. The Script will be using the xPSDesiredStateConfiguration module.

 

Open the PowerShell ISE as administrator and run the entire script. It will create a Meta.MOF file which has the configuration details to be sent to the Local Configuration Manager (LCM) of that machine.

 

# 1.Configure LCM for SMB pull configuration

[DSCLocalConfigurationManager()]

Configuration LCM_SMBPULL

{

   param

       (

           [parameter(Mandatory=$true)]

           [String[]]$COMPUTERNAME,

 

           [parameter(Mandatory=$true)]

           [String]$guid

       )

 

   Node $COMPUTERNAME

   {

       Settings

           {

           AllowModuleOverwrite = $true

           ConfigurationMode = 'ApplyandAutoCorrect'

           RefreshMode = 'Pull'

           ConfigurationID = $guid

                   }

                   ConfigurationRepositoryShare DSCSMB

                    {

                   SourcePath = '\\pull-Server\DSCSMB'            

             }

   }

}

# Computer list (This is my variable)

$COMPUTERNAME= 'pull-client1'

 

# Create Guid for the computers

$guid=[guid]::NewGuid()

 

# Create the computer Meta.Mof in folder

LCM_SMBPULL -ComputerName $COMPUTERNAME -Guid $guid -OutputPath C:\DSCSMB

 

Step3: Set the LCM for the clients

 

In the previous step we created a Meta.MOF file which has the configuration details. Now we need to send the configuration information to the client’s machine’s LCM. 

  • Use this Command to set the LCM of the client. In the command below “$COMPUTERNAME” is the variable I have in the script which is ‘Pull-Client1’ 

  • Set-DscLocalConfigurationManager -ComputerName $COMPUTERNAME -Path C:\DSCSMB –Verbose

 

 

  • Use the Command below to see if the LCM of Pull-Client1 is set to PULL the configuration

  • Get-DscLocalConfigurationManager -CimSession $COMPUTERNAME

  

 

Use the command’s below to verify the LCM is seeing the right SMB Share Path.

  • The first command will get the configuration from our “$COMPUTERNAME” which is again our variable ‘Pull-Client1’

  • The second command will get the download manager information and displays the SMB Share information from where the Pull-client1 is pulling the configuration 

  • $x=Get-DscLocalConfigurationManager -CimSession $computername

  • $x.ConfigurationDownloadManagers

  

 

Step4: Write a simple configuration which need to be pulled

 

We will now create the configuration.MOF file and save it to C:\DSCSMB folder. The name of the file will be SMBComputers.MOF. You can rename SMBComputers from the script below.

 

# configure Backup feature and create a .MOF file

 

Configuration Backup

{

 

   Node SMBComputers

{

            WindowsFeature Backup

{

       Name = 'Windows-Server-backup'

       Ensure = 'present'

            }

      }

}

 

Backup -Outputpath C:\DSCSMB

 

 

Step5: Rename Configuration file name with GUID

 

Rename the configuration.MOF file with GUID so that the clients can pull the configuration from the pull server using the GUID.

 

The command below will grab the Configuration ID from “$COMPUTERNAME” which is our variable Pull-Client1. If we have more than 1 system we only need the GUID from one computer. We will set the GUID to be same for all the machines which will pull this configuration.

  • $guid=Get-DscLocalConfigurationManager -CimSession $COMPUTERNAME | Select-Object -ExpandProperty ConfigurationID

 

Next insert the Configuration ID of the LCM and assign that Configuration ID to the configuration.MOF file which is “SMBComputers.MOF” and store that configuration file on SMB Share. (We need to do this because all the LCM's with that GUID will be forced to have the *Backup* feature as their desired state).

 

# 1. Specify the Source path of the configuration

  • $Source = "C:\DSCSMB\SMBComputers.mof"

 

# 2. Specify the Destination path of the configuration. In this step we will be replacing the name of SMBComputer.MOF to $GUID.MOF

 

  • $dest = "\\Pull-server\DSCSMB\$Guid.mof"

 

# 3. Copy the changed configuration.MOF file to destination which is SMB Share

  • Copy-Item -Path $Source -Destination $Dest

 

Note: If you see this error while copying the source file to destination check the access permissions to the SMB Share and make sure the user has write access to the share.

 

Below are the steps to give write access

  • To check and give the write access to the share go to the SMB Directory we have created à right clickà click on Properties of the folderàSharing à Advanced Sharingà Permissionsà Select user and click allow Full control

  • You will see a .MOF file with the GUID created in the folder

 

Step6: Generate the Checksum of the configuration

 

Generating the checksum file lightens the network traffic when DSC is checking the configuration of the clients. Use this command to make the checksum file.

  • New-DscChecksum $Dest

 

Note: If you make any changes to the configuration you need to checksum the configuration each time. If not, you will encounter an error where the client configuration will not be updated to desired state.

 

 

Step7: Test the Configuration

 

  • Get-WindowsFeature -ComputerName $COMPUTERNAME -Name *Backup* # shouldn’t be installed yet

  • Update-DscConfiguration -ComputerName $COMPUTERNAME -wait #Check to see if it installs

  • Get-WindowsFeature -ComputerName $COMPUTERNAME -Name *Backup* # should have installed by now

  • Test-DscConfiguration -cimsession pull-client1 # Test to see if the computer is in desired state

 

Here is the link to my blog where I have explained how to configure the HTTP Pull server.