Powershell DSC what is the execution context for current configuration?

Question

I'm trying to deploy a powershell profile through DSC. The configuration should copy a .ps1 file from a network share to a local path.

Running the script fails with the following error SourcePath must be accessible for current configuration. yet this path is accessible from the console, so what user/context is used during dsc configuration ?

Here is the script

Edit after @ravikanth's reply

$ConfigurationData = @{
AllNodes = @(
    @{
        NodeName="*"
        PSDscAllowPlainTextPassword=$true
     }
    )
}
Configuration MyProfile
{ 
  param ([string[]]$MachineName,
        [PSCredential]$Credential)

  Node $MachineName
  {
    Log startconfig
    {
        # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
        Message = "starting the file resource with ID MyProfile with $($myinvocation.mycommand) user : $env:username"
    }
    File profile
    {
      Credential=$credential
      Ensure = 'Present'   
      SourcePath = "\\web-mridf\powershell\profil_1.ps1"
      DestinationPath = "c:\temp\test.txt"  
      Type = "File" # Default is "File".
      DependsOn = "[Log]startconfig"      
    }

     Log AfterDirectoryCopy
     {
        # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
        Message = "Finished running the file resource with ID MyProfile"
        DependsOn = "[File]profile" # This means run "MyProfile" first.
     }
  }
}

MyProfile -MachineName web-mridf -OutputPath c:\temp\dsc
Start-DscConfiguration -Path c:\temp\dsc -credential (get-credential("DOMAIN\user")) -force -verbose -Wait

And the error received ( invalid argument)

PS C:\temp> .\dsc.ps1


    Répertoire : C:\temp\dsc


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        04/06/2014     10:54       2834 web-mridf.mof
COMMENTAIRES : Effectuez l'opération « Invoquer une méthode CIM » avec les
paramètres suivants : « 'methodName' = SendConfigurationApply,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration ».

COMMENTAIRES : [WEB-MRIDF] :                            [[File]profile]
SourcePath must be accessible for current configuration.
COMMENTAIRES : [WEB-MRIDF] :                            [[File]profile] The
related file/directory is: \\web-mridf\powershell\profil_1.ps1.
SourcePath must be accessible for current configuration. The related
file/directory is: \\web-mridf\powershell\profil_smac.ps1. . L'ID de ressource
associé est [File]profile.
    + CategoryInfo          : InvalidArgument : (:) [], CimException
    + FullyQualifiedErrorId : MI RESULT 4
    + PSComputerName        : web-mridf

COMMENTAIRES : [WEB-MRIDF] : Gestionnaire de configuration local :  [ Fin
Définir  ]
La fonction SendConfigurationApply n'a pas réussi.
    + CategoryInfo          : InvalidArgument : (root/Microsoft/...gurationMan
   ager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 4
    + PSComputerName        : web-mridf

COMMENTAIRES : L'opération « Invoquer une méthode CIM » est terminée.
COMMENTAIRES : Le temps nécessaire à l'exécution du travail de configuration
est de 0.881 secondes

ravikanth · Accepted Answer · 2014-06-04T11:57:07.700

1

DSC Local configuration manager runs as SYSTEM. So, it will not have access to the share. You need to pass the credentials to access the share. For the credentials, you need to either use certificates to encrypt the password or use plain-text password.

For the plain text password, check the article I posted at PowerShell Magazine. http://www.powershellmagazine.com/2013/09/26/using-the-credential-attribute-of-dsc-file-resource/

If you want to use certificates for the password encryption, check the PS Team blog post at http://blogs.msdn.com/b/powershell/archive/2014/01/31/want-to-secure-credentials-in-windows-powershell-desired-state-configuration.aspx

Update based on the comments below:

The $AllNodes.Nodename is the key when using Configuration Data. Do not replace that with a static nodename.

$ConfigurationData = @{
    AllNodes = @(
        @{
            NodeName="*"
            PSDscAllowPlainTextPassword=$true
         }
        @{
            NodeName="ServerName"
         }
    )
}

Configuration MyProfile 
{ 
    param (
        [PSCredential]$Credential
    ) 

    Node $AllNodes.NodeName
    { 
        Log startconfig 
        { 
            # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log 
            Message = "starting the file resource with ID MyProfile with $($myinvocation.mycommand) user : $env:username" 
        } 
        File profile 
        { 
            Credential=$credential 
            Ensure = 'Present' 
            SourcePath = "e:\powershell\profil_smac.ps1" 
            DestinationPath = "c:\temp\test2.txt2" 
            Type = "File" # Default is "File". 
            DependsOn = "[Log]startconfig" 
        } 

        Log AfterDirectoryCopy 
        { 
            # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log 
            Message = "Finished running the file resource with ID MyProfile" 
            DependsOn = "[File]profile" # This means run "MyProfile" first. 
        } 
    } 
} 

MyProfile -configurationdata $configurationdata -machinename "web-mridf.groupe.sa.colas.com" -credential (get-credential("groupe\sys-mac-smacsr")) -OutputPath c:\temp\dsc 
Start-DscConfiguration -Path c:\temp\dsc -force -verbose -Wait

edited Jun 04 '14 at 11:57

answered Jun 04 '14 at 08:21

ravikanth

24,922
4
60
60

Thank you Ravikanth, credentials seems to be processed by dsc, but still got an error. I'm updating my question – Loïc MICHEL Jun 04 '14 at 08:57
Sending the credentials alone does not work. Where is the configuration data? You need to specify the -ConfigurationData parameter with Start-DscConfiguration. Look at the PowerShell Magazine link I shared for an example on how to use configuration data. – ravikanth Jun 04 '14 at 09:41
sorry copy/paste error the configuration data is present in my script – Loïc MICHEL Jun 04 '14 at 09:42
Oh, well. you have added Configuration data but not using it! :) Refer to the example I have in the article. You need to pass the node name via configuration data. Also, you are using the credential parameter of the Start-DscConfiguration. That is wrong. You have to pass the credentials to your configuration command which is MyProfile. I updated my answer. – ravikanth Jun 04 '14 at 09:54
Thanks again, i can see my stupid error ^^. So there is no option to apply configurationdata to all host (nodename="*") as you suggested on your blog in case i want to pass multiple machine names ? – Loïc MICHEL Jun 04 '14 at 10:08
I guess DSC is not for me ... still got the "SourcePath must be accessible" error – Loïc MICHEL Jun 04 '14 at 10:09
You can apply it to multiple systems. Whatever mentioned with a NodeName set to * will apply to all the nodes. You need to add one hash for each node name that you want to specify. – ravikanth Jun 04 '14 at 10:13
ok i'm must be tired this is OK now for nodename="*" . I mark this as an answer even if i'm still facing the issue, i guess the problem is elsewhere now. Thank you. – Loïc MICHEL Jun 04 '14 at 10:16
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/55056/discussion-between-kayasax-and-ravikanth). – Loïc MICHEL Jun 04 '14 at 10:30

Powershell DSC what is the execution context for current configuration?

1 Answers1