0
votes

Scenario : Trying to create a https website with DSC using Azure Automation Account. I get the below error. Did you face the same scenario? Any help will be great. HTTP bindings are working fine.

Windows 2012 R2

XWebAdministration Module version: 1.17.0.0

Error : PowerShell DSC resource MSFT_xWebsite failed to execute Test-TargetResource functionality with error message: Desired website bindings are not valid for website

DSC Node Config:

foreach ($Site in $Node.Sites)
        {
            xWebSite "$($Site.Name)WebSite"
            {
                Ensure = "Present"
                Name = $Site.Name
                ApplicationPool = "$($Site.Name)"
                PhysicalPath = $Site.Path
                State = 'Started'
                DependsOn = "[xWebAppPool]$($Site.Name)AppPool"
                BindingInfo = MSFT_xWebBindingInformation
                    {
                        Protocol = 'https'
                        Port = $Site.Port
                        CertificateStoreName = 'MY'
                        CertificateThumbprint = $(Get-ChildItem cert:\LocalMachine\My | where { $_.Subject -match "WMSvc" } | select -First 1).Thumbprint
                    } 
            }

DSC Configuration:

    $data = @{
        AllNodes = @(
            @{
                Sites = @(
                            @{Name="website1";Port="8643";Path="C:\inetpub\www\website1";Apps="App1","App2"},                            @{Name="website2";Port="9643";Path="C:\inetpub\www\website2";Apps="App3","App4"})
    })
    }
1
What happens if you only add one https site? - CtrlDot
Still the same issue. Looks like xwebsite doesn't support get command at certificate thumbprint.if I enter the certificate thumbprint as a string it works fine..Basically we can't dynamically pass values.. - CKS
You could set that as a variable higher up then pass it in as a string - CtrlDot

1 Answers

1
votes

Expressions that are used outside of a script-resource in DSC-configurations are executed on compilation. The following line would be executed on the management computer, where there certificate probably doesn't exist and will set the thumbprint in the .mof-file to NULL. You can verify this by looking in the generated mof-file.

CertificateThumbprint = $(Get-ChildItem cert:\LocalMachine\My | where { $_.Subject -match "WMSvc" } | select -First 1).Thumbprint

You need to specify the thumbprint as a string-value, or use a Script-resource to set the binding where you could run your Get-ChildItem-command as part of the SetScript-scriptblock.