Category Archives: DSC

Desired State Configuration – part 2

Now the Pull server is up and running, the next step is to configure “A” server to use the newly created Pull server. For this the windows feature Windows PowerShell Desired State Configuration Service (DSC-Service) must be installed and the DSC localconfiguration must be configured to use the Pull server.

The service can be installed using “Add-WindowsFeature -Name DSC-Service”. Although we can manual install the windows feature, it also possible to use DSC to push the configuration from the Pull server to the target server. The following push configuration will install the Windows feature “DSC-Service” on server “A”:

Running the config “Install-DscConfiguration will result in a A.mof file

Now we can push the configuration (as a .mof file) to server “A”.

Doing this will install DSC on the remote server. The next step is to configure server “A” to use the Pull server as a configuration source. How to make the configuration is explained in this Technet article.

As you can see in the above example, there is no servername present in the configuration. Server “A” is configured to request a configuration with the name “cc53d975-c5d3-43ab-9f5c-124aedb976f0”. There is no database for the servername <-> GUID translation in DSC. When making configurations you need to document/keep track which GUID and servername are paired. I’ve seen examples of storing servername/GUID in an csv file, or stored in an AD attribute. Needles to say that each server needs an unique GUID.

Use Set-DscLocalConfigurationManager -ComputerName “A” -Path

To create an GUID you can use this example to create one.

And add the GUID to your Local configuration
To store the GUID in a field in the AD object, for example ExtensionAttribute1. This way it’s easy to keep a relation between the GUID and the servername. You could also create computer objects to represent non-domain joined computers. Replace the

The DSC configuration on server “A” is now configured to check every 15 minutes for a (new) configuration on the Pull server.

Create a new configuration with the GUID of the server and place it in the configuration folder on the Pullserver. The location is specified when creating the Pullserver. In the previous example when creating the Pullserver it was  specified as “$env:PROGRAMFILESWindowsPowerShellDscServiceConfiguration


DSC resources


Desired State Configuration

Building infrastructures means building and connecting machines which are hosting services that support the business by making its jobs easier. From the early days on, infrastructure creates the baseline by hosting specific machines to do specific tasks. The infrastructure team installs and configures the OS and hands the machine over to the application developers who in their turn install and configure the application for the business.

So how to build and maintain the OS in a structured manner? There are enough methods to deploy an OS in a structured way, maintaining the configuration of the OS is somewhat more difficult. And checking if the installation and configuration isn’t drifting away from its intended state is difficult. Desired State Configuration (DSC) can maintain a configuration and detect a drift from the intented configuration.

DSC is Microsoft’s answer to maintain and keep configurations of OSes and applications. Microsoft states that DSC is gradually going to be the only means to manage windows servers and applications. DSC works with Microsoft Framework and Powershell.

Simplified  DSC says: “Hey server you are going to be a web server, take configuration “WEB_Main_v4″ and apply that configuration. Have fun!”

Configuration files have a basic markup: it starts with defining the configuration name, the node name and actual configuration. The configuration acts as a template, from which a specific configuration for a specific server will be build, which we can deploy to that specific server.

In this template the configuration is named “ServerConfig”. The configuration is for a server named Servername (which will be stored in the variable $NodeName). File is the configuration item which is being defined with parameters. Save the config as “aserver.ps1”

The configuration looks similar as a PowerShell function and in a way it is!
Knowledge of PowerShell is necessary when working with DSC

Run aserver.ps1 in Powershell. Once the configuration is loaded, the configuration is available as a command with the name of the config (like a function). Run “ServerConfig -OutputPath “.” -NodeName “A”” to create the .mof file. Use the command Start-DscConfiguration -Wait -Force -Path .ServerConfig -ServerName “A” to actually deploy the configuration to server “A”.

The Managed Object Format (MOF) was defined by the Distributed Management Task Force (DMTF). The purpose of the DMTF is to supervise standards that help enable cross-platform management. In other words, MOF is a cross-platform standard with public available specifications. You don’t need PowerShell to create a .mof file, PowerShell is just a tool to create such file. You could even create a .mof file on a Unix server to manage Windows Server of vice versa!

What DSC does is creating a .mof file based on the configuration. The content of the .mof file

Deploy the configuration to the server:

The above steps are simple. First create a configuration file, converted it to a .mof file and push it to a server.

In a development environment the manual way of working is fine, but in production it certainly is not. There are two methods of deploying configuration to servers, push (as above) and pull.

For the pull method, a pull server is needed. In this configuration a server asks a pull server for its configuration and reports back the result. The Pull server can be manual installed, but why not use DSC to deploy the Pull server. To do this, download the xPSDesiredStateConfiguration Module from Technet and install it. The Pull server can be published using SMB or http(s). Https is the most versatile option, change it when needed. I used the following configuration to deploy the pull server. For simplicity this configuration does not use SSL, so I do not have to create the certificate and trust chain.

Activate the configuration with Start-DscConfiguration .Pull_DscWebService use -verbose to view progress of each individual action.

Test the server by browsing to to configured website http://servername:8080/PSDSCPullServer.svc. If you get a response, the pull server is working.

Now lets add some configuration to deploy in part 2.