How to retrieve node information from DSC pull server

How to retrieve node information from DSC pull server

Rate This
  • Comments 7

As described in “Push vs. Pull Mode” blog, DSC configuration can be applied on target nodes using pull or push mechanism.  In this blog I will talk about how to retrieve node information from DSC pull server. When the node pulls a configuration from the pull server and applies it locally, it can either succeed or fail. DSC compliance endpoint stores the configuration run status and node information in a database. Compliance endpoint can be used by admins to periodically check the status of the nodes to see if there are in sync with pull server or not (using tools like Excel or write their own client application).

In this post I will cover the following:

  • Sending node’s status to pull server
  • Query node information in json from pull server

Before configuring a node to pull a configuration from pull server, you will need to setup DSC pull server in your environment that is covered in “DSC Resource for configuring pull server environment” blog.

You will also need to setup a compliance endpoint that will record the node information that is covered in the same blog.

DSC Compliance endpoint stores the following information about the nodes in database:

  • TargetName – Node name
  • ConfigurationId – Configuration ID associated with the node

  • StatusCode – Node status code.

Here is the list of status codes. Note that there might be additions or changes to the list in the future.


Status Code



Configuration was applied successfully


Download Manager initialization failure


Get configuration command failure


Unexpected get configuration response from pull server


Configuration checksum file read failure


Configuration checksum validation failure


Invalid configuration file


Available modules check failure


Invalid configuration Id In meta-configuration


Invalid DownloadManager CustomData in meta-configuration


Get module command failure


Get Module Invalid Output


Module checksum file not found


Invalid module file


Module checksum validation failure


Module extraction failed


Module validation failed


Downloaded module is invalid


Configuration file not found


Multiple configuration files found


Configuration checksum file not found


Module not found


Invalid module version format


Invalid configuration Id format


Get Action command failed


Invalid checksum algorithm


Get Lcm Update command failed


Unexpected Get Lcm Update response from pull server


Invalid Refresh Mode in meta-configuration


Invalid Debug Mode in meta-configuration

  • NodeCompliant  - Configuration run succeeded or not (is the node in sync with pull server or not).
  • ServerCheckSum – Checksum of the configuration mof file stored on the pull server
  • TargetCheckSum –Checksum of the configuration mof file that was applied on the node
  • LastComplianceTime – Last time the node run the configuration successfully
  • LastHeartbeatTime  -Last time the node connected to pull server.
  • Dirty – True if node status was recorded in the database, and false if not.

Compliance endpoint database connection is defined through its web.config settings. If you did not define it for your environment, compliance endpoint would not be recording node information into the database. Below snippet shows how to define database connection:


Set-Webconfig-AppSettings `

                 -path $env:HOMEDRIVE\inetpub\wwwroot\$complianceSiteName `

                 -key "dbprovider" `

                 -value "ESENT"


Set-Webconfig-AppSettings `

             -path $env:HOMEDRIVE\inetpub\wwwroot\$complianceSiteName `

             -key "dbconnectionstr" `

 -value "$env:PROGRAMFILES\WindowsPowerShell\DscService\Devices.edb"



Getting ready

First, we need to write a simple configuration that the node will be pulling from pull server, compile the configuration into mof, create it’s checksum file, deploy the mof and checksum files to the pull server. Then, configure the node to be in pull mode as by default LCM on the node is configured to be in push. For details please refer to “push vs. pull mode” blog.


Sending node’s status to pull server

When the node pulls a configuration from the pull server, the node includes the previous configuration run status with the new pull request which then gets recorded by compliance endpoint into the database.

Query node information in json from pull server

We will use the following function to query the node’s information from pull server.


# DSC function to query node information from pull server.


function QueryNodeInformation


  Param (     

       [string] $Uri = "http://localhost:7070/PSDSCComplianceServer.svc/Status",                         

       [string] $ContentType = "application/json"          


  Write-Host "Querying node information from pull server URI  = $Uri" -ForegroundColor Green

  Write-Host "Querying node status in content type  = $ContentType " -ForegroundColor Green


 $response = Invoke-WebRequest -Uri $Uri -Method Get -ContentType $ContentType -UseDefaultCredentials -Headers
    @{Accept = $ContentType}


 if($response.StatusCode -ne 200)


     Write-Host "node information was not retrieved." -ForegroundColor Red



 $jsonResponse = ConvertFrom-Json $response.Content


 return $jsonResponse


You need to replace Uri parameter with your_pull_ server_ URI.  To retrieve the node information in xml format, you should set the ContentType to ”application/xml”.

Now, let us retrieve the node information in the parameter $json and format the output to be in a table:

$json = QueryNodeInformation –Uri http://localhost:7070/PSDSCComplianceServer.svc/Status


$json.value | Format-Table TargetName, ConfigurationId, ServerChecksum, NodeCompliant, LastComplianceTime, StatusCode


In result you will see an output similar to:


TargetName       ConfigurationId      ServerCheckSum      NodeCompliant  LastComplianceTime   StatusCode

----------                ---------------            --------------               -------------                      -----------------               ----------

Machine-975..  1C707B86-EF8E……  AE467E88D512...    True                    1899-12-30T00:00:00                  0



Hope this helps.



Narine Mossikyan

Software Engineer in Test


Leave a Comment
  • Please add 3 and 8 and type the answer here:
  • Post
  • I have Set-AppSettingsInWebconfig in xPSDesiredStateConfiguration from the May 2014 v5.0 preview. Is this the function used to the compliance endpoint web config?

  • ok

  • Hello,

    I had some problems while accessing PSDSCComplianceServer.svc service. I was getting error:

    The server encountered an error processing the request. The exception message is 'Access is denied.'. See server logs for more details. The exception stack trace is:

    at System.ServiceModel.Dispatcher.AuthorizationBehavior.Authorize(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

    After some digging I finally discovered that this section is missing in Complience service web.config:


         <remove name="WebDAVModule" />

         <remove name="AuthenticationModule" />

         <add type="Microsoft.Powershell.DesiredStateConfiguration.PullServer.AuthenticationPlugin, Microsoft.Powershell.DesiredStateConfiguration.Service" name="AuthenticationModule" />


    It should be added under <system.webServer> configuration section. You can check Pull service web.config for example.

  • Hello,

    i have tested this successfully, my problem is that i have the IP address in the TargetName column?

    Do you know how i can get the hostname displayed?


  • @Doug Finke

    Yes, that is the same function.


    Can you provide details about your environment and user context? Is it a Win7 or Blue build? The issue might be related to using less privileged account/context.

  • To get this working on my system I had to add the Windows Authentication feature.

    Add-WindowsFeature web-Windows-Auth

    Or just add it to the DSC configuration you used to build the server.

    I learned this from MVP Ravikanth Chaganti, thanks Ravi!

  • I found it useful to add a few lines to get the hostname from DNS and convert the times to date-time objects like this:

    $nodes = $json.value

    $nodes | Add-Member -MemberType ScriptProperty -Name HostName -Value {([System.Net.Dns]::GetHostEntry($this.targetname)).HostName}

    $nodes | Add-Member -MemberType ScriptProperty -Name LastCompliance -Value {[datetime]$this.LastComplianceTime}

    $nodes | Add-Member -MemberType ScriptProperty -Name LastHeartbeat -Value {[datetime]$this.LastHeartbeatTime}

    $nodes | Format-Table Hostname, TargetName, ConfigurationId, NodeCompliant, LastCompliance, StatusCode, LastHeartbeat -AutoSize

Page 1 of 1 (7 items)