This blog was written by Shruthin Reddy
Desired State Configuration (DSC) is a PowerShell extension which enables you to install or remove server roles, manage environment variables and fix a configuration if it drifts from what was planned and deployed. This minimizes manual administration work, we can create a configuration blue print and automate the configuration process by either pushing the configuration to a client or make the client pull the configuration. This ensures the configuration cannot change from the deployed configuration and maintains consistency in the deployed configuration.
I’ll explain and describe the process of getting DSC configured and installed on Dell PowerEdge R730 MLK platform. There are many resources out there on web but I somehow find that the information is outdated and spread all over. I’ll put all the required content to configure the DSC in this blog over a few posts.
I’ll walk you through setting up an SMB Pull Server on Dell PowerEdge Server and walk you through configuring the Local Configuration Manager (LCM) of the clients to pull the configuration from the SMB Share. Note that this configuration should only be used for POC purposes and not for production as Microsoft DSC resources I am using are under experimental phase and are denoted by symbol ‘X’ in front of the resource name, Microsoft does not provide support for those resources.
Install two Windows VM's, Join them to your domain. I used Windows Server 2016 RTM for my example. DSC needs WMF 5.0 and this link has System Requirements for WMF 5.0 supported operating system versions.
VM1 – Pull-Server ( This is the server we will set up for the clients to pull the configuration)
VM2 – Pull-Client1 ( I called it pull client as this will be my client which I will set its LCM (Local Configuration Manager) to Pull the configuration from SMB Share)
Download the DSC PowerShell Modules below from Microsoft PowerShell repository using Windows PowerShell console. You can directly find and install Modules from a PowerShell console on your Pull server using Install-Module CMDLET. If you don’t have internet connectivity you can download and copy the Modules to the pull server C:\Program Files\WindowsPowerShell\Modules directory.
To download and save the PowerShell Modules open the PowerShell console from your management workstation with internet access and type the commands beside each DSC Module below to download it.
xPSDesiredStateConfiguration (Save-Module -Name xPSDesiredStateConfiguration -Path C:\Program Files\WindowsPowerShell\Modules)
NuGet ( Save-Module -Name NuGet -Path C:\Program Files\WindowsPowerShell\Modules)
You will need to install WMF 5.0 if you are using Server 2012 or older OS. Here is the download link. Windows Server 2016 has the latest Windows Management Framework (WMF) native in the OS.
Step1: Configure SMB Pull Server
We need to setup an SMB Share to store the DSC configuration files. I have configured this SMB Share on a VM “Pull-Server”. You can do it on any of your existing infrastructure. The directory I am creating on the VM will be the repository for all the configuration files.
# 1. Create a Directory
New-Item -path C:\DSCSMB -ItemType Directory
# 2. Make it SMB Share and share the folder to store .MOF file and Resource Modules
New-SMBShare -Name DSCSMB -Path C:\DSCSMB -ReadAccess Everyone -FullAccess administrator -Description "SMB Share for DSC"
Step2: Create LCM Meta.MOF file with appropriate settings
Using script below we are changing the settings of the LCM (Local Configuration Manager) of the client machine for it to pull the configuration from SMB Pull-Server. The Script will be using the xPSDesiredStateConfiguration module.
Open the PowerShell ISE as administrator and run the entire script. It will create a Meta.MOF file which has the configuration details to be sent to the Local Configuration Manager (LCM) of that machine.
# 1.Configure LCM for SMB pull configuration
AllowModuleOverwrite = $true
ConfigurationMode = 'ApplyandAutoCorrect'
RefreshMode = 'Pull'
ConfigurationID = $guid
SourcePath = '\\pull-Server\DSCSMB'
# Computer list (This is my variable)
# Create Guid for the computers
# Create the computer Meta.Mof in folder
LCM_SMBPULL -ComputerName $COMPUTERNAME -Guid $guid -OutputPath C:\DSCSMB
Step3: Set the LCM for the clients
In the previous step we created a Meta.MOF file which has the configuration details. Now we need to send the configuration information to the client’s machine’s LCM.
Use this Command to set the LCM of the client. In the command below “$COMPUTERNAME” is the variable I have in the script which is ‘Pull-Client1’
Set-DscLocalConfigurationManager -ComputerName $COMPUTERNAME -Path C:\DSCSMB –Verbose
Use the Command below to see if the LCM of Pull-Client1 is set to PULL the configuration
Get-DscLocalConfigurationManager -CimSession $COMPUTERNAME
Use the command’s below to verify the LCM is seeing the right SMB Share Path.
The first command will get the configuration from our “$COMPUTERNAME” which is again our variable ‘Pull-Client1’
The second command will get the download manager information and displays the SMB Share information from where the Pull-client1 is pulling the configuration
$x=Get-DscLocalConfigurationManager -CimSession $computername
Step4: Write a simple configuration which need to be pulled
We will now create the configuration.MOF file and save it to C:\DSCSMB folder. The name of the file will be SMBComputers.MOF. You can rename SMBComputers from the script below.
# configure Backup feature and create a .MOF file
Name = 'Windows-Server-backup'
Ensure = 'present'
Backup -Outputpath C:\DSCSMB
Step5: Rename Configuration file name with GUID
Rename the configuration.MOF file with GUID so that the clients can pull the configuration from the pull server using the GUID.
The command below will grab the Configuration ID from “$COMPUTERNAME” which is our variable Pull-Client1. If we have more than 1 system we only need the GUID from one computer. We will set the GUID to be same for all the machines which will pull this configuration.
$guid=Get-DscLocalConfigurationManager -CimSession $COMPUTERNAME | Select-Object -ExpandProperty ConfigurationID
Next insert the Configuration ID of the LCM and assign that Configuration ID to the configuration.MOF file which is “SMBComputers.MOF” and store that configuration file on SMB Share. (We need to do this because all the LCM's with that GUID will be forced to have the *Backup* feature as their desired state).
# 1. Specify the Source path of the configuration
$Source = "C:\DSCSMB\SMBComputers.mof"
# 2. Specify the Destination path of the configuration. In this step we will be replacing the name of SMBComputer.MOF to $GUID.MOF
$dest = "\\Pull-server\DSCSMB\$Guid.mof"
# 3. Copy the changed configuration.MOF file to destination which is SMB Share
Copy-Item -Path $Source -Destination $Dest
Note: If you see this error while copying the source file to destination check the access permissions to the SMB Share and make sure the user has write access to the share.
Below are the steps to give write access
To check and give the write access to the share go to the SMB Directory we have created à right clickà click on Properties of the folderàSharing à Advanced Sharingà Permissionsà Select user and click allow Full control
You will see a .MOF file with the GUID created in the folder
Step6: Generate the Checksum of the configuration
Generating the checksum file lightens the network traffic when DSC is checking the configuration of the clients. Use this command to make the checksum file.
Note: If you make any changes to the configuration you need to checksum the configuration each time. If not, you will encounter an error where the client configuration will not be updated to desired state.
Step7: Test the Configuration
Get-WindowsFeature -ComputerName $COMPUTERNAME -Name *Backup* # shouldn’t be installed yet
Update-DscConfiguration -ComputerName $COMPUTERNAME -wait #Check to see if it installs
Get-WindowsFeature -ComputerName $COMPUTERNAME -Name *Backup* # should have installed by now
Test-DscConfiguration -cimsession pull-client1 # Test to see if the computer is in desired state
Here is the link to my blog where I have explained how to configure the HTTP Pull server.