PowerShell DSC Extension

Note

Before you enable the DSC extension, we would like you to know that a newer version of DSC is now available in preview, managed by a feature of Azure Policy named guest configuration. The guest configuration feature combines features of the Desired State Configuration (DSC) extension handler, Azure Automation State Configuration, and the most commonly requested features from customer feedback. Machine configuration also includes hybrid machine support through Arc-enabled servers.

Overview

The PowerShell DSC Extension for Windows is published and supported by Azure. The extension uploads and applies a PowerShell DSC Configuration on an Azure VM. The DSC Extension calls into PowerShell DSC to enact the received DSC configuration on the VM. This document details the supported platforms, configurations, and deployment options for the DSC virtual machine extension for Windows.

Prerequisites

Operating system

The DSC Extension supports the following OS's

Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012R2, Windows Server 2012, Windows Server 2008 R2 SP1, Windows Client 7/8.1/10

Internet connectivity

The DSC extension for Windows requires that the target virtual machine is able to communicate with Azure and the location of the configuration package (.zip file) if it is stored in a location outside of Azure.

Extension schema

The following JSON shows the schema for the settings portion of the DSC Extension in an Azure Resource Manager template.

{
  "type": "Microsoft.Compute/virtualMachines/extensions",
  "name": "Microsoft.Powershell.DSC",
  "apiVersion": "2018-10-01",
  "location": "<location>",
  "properties": {
    "publisher": "Microsoft.Powershell",
    "type": "DSC",
    "typeHandlerVersion": "2.77",
    "autoUpgradeMinorVersion": true,
    "settings": {
        "wmfVersion": "latest",
        "configuration": {
            "url": "http://validURLToConfigLocation",
            "script": "ConfigurationScript.ps1",
            "function": "ConfigurationFunction"
        },
        "configurationArguments": {
            "argument1": "Value1",
            "argument2": "Value2"
        },
        "configurationData": {
            "url": "https://foo.psd1"
        },
        "privacy": {
            "dataCollection": "enable"
        },
        "advancedOptions": {
            "forcePullAndApply": false,
            "downloadMappings": {
             "specificDependencyKey": "https://myCustomDependencyLocation"
            }
        }
    },
    "protectedSettings": {
        "configurationArguments": {
            "parameterOfTypePSCredential1": {
                "userName": "UsernameValue1",
                "password": "PasswordValue1"
            },
            "parameterOfTypePSCredential2": {
                "userName": "UsernameValue2",
                "password": "PasswordValue2"
            }
        },
        "configurationUrlSasToken": "?g!bber1sht0k3n",
        "configurationDataUrlSasToken": "?dataAcC355T0k3N"
    }
  }
}

Property values

Name Value / Example Data Type
apiVersion 2018-10-01 date
publisher Microsoft.Powershell.DSC string
type DSC string
typeHandlerVersion 2.77 int

Settings Property values

Name Data Type Description
settings.wmfVersion string Specifies the version of the Windows Management Framework that should be installed on your VM. Setting this property to 'latest' will install the most updated version of WMF. The only current possible values for this property are '4.0', '5.0', and 'latest'. These possible values are subject to updates. The default value is 'latest'.
settings.configuration.url string Specifies the URL location from which to download your DSC configuration zip file. If the URL provided requires a SAS token for access, you will need to set the protectedSettings.configurationUrlSasToken property to the value of your SAS token. This property is required if settings.configuration.script and/or settings.configuration.function are defined.
settings.configuration.script string Specifies the file name of the script that contains the definition of your DSC configuration. This script must be in the root folder of the zip file downloaded from the URL specified by the configuration.url property. This property is required if settings.configuration.url and/or settings.configuration.script are defined.
settings.configuration.function string Specifies the name of your DSC configuration. The configuration named must be contained in the script defined by configuration.script. This property is required if settings.configuration.url and/or settings.configuration.function are defined.
settings.configurationArguments Collection Defines any parameters you would like to pass to your DSC configuration. This property will not be encrypted.
settings.configurationData.url string Specifies the URL from which to download your configuration data (.pds1) file to use as input for your DSC configuration. If the URL provided requires a SAS token for access, you will need to set the protectedSettings.configurationDataUrlSasToken property to the value of your SAS token.
settings.privacy.dataEnabled string Enables or disables telemetry collection. The only possible values for this property are 'Enable', 'Disable', ", or $null. Leaving this property blank or null will enable telemetry
settings.advancedOptions.forcePullAndApply Bool This setting is designed to enhance the experience of working with the extension to register nodes with Azure Automation DSC. If the value is $true, the extension will wait for the first run of the configuration pulled from the service before returning success/failure. If the value is set to $false, the status returned by the extension will only refer to whether the node was registered with Azure Automation State Configuration successfully and the node configuration will not be run during the registration.
settings.advancedOptions.downloadMappings Collection Defines alternate locations to download dependencies such as WMF and .NET

Protected Settings Property values

Name Data Type Description
protectedSettings.configurationArguments string Defines any parameters you would like to pass to your DSC configuration. This property will be encrypted.
protectedSettings.configurationUrlSasToken string Specifies the SAS token to access the URL defined by configuration.url. This property will be encrypted.
protectedSettings.configurationDataUrlSasToken string Specifies the SAS token to access the URL defined by configurationData.url. This property will be encrypted.

Template deployment

Azure VM extensions can be deployed with Azure Resource Manager templates. Templates are ideal when deploying one or more virtual machines that require post deployment configuration. A sample Resource Manager template that includes the DSC extension for Windows can be found on the Azure Quick Start Gallery.

Troubleshoot and support

Troubleshoot

Data about the state of extension deployments can be retrieved from the Azure portal, and by using the Azure CLI. To see the deployment state of extensions for a given VM, run the following command using the Azure CLI.

az vm extension list --resource-group myResourceGroup --vm-name myVM -o table

Extension package is downloaded and deployed to this location on the Azure VM

C:\Packages\Plugins\{Extension_Name}\{Extension_Version}

Extension status file contains the sub status and status success/error codes along with the detailed error and description for each extension run.

C:\Packages\Plugins\{Extension_Name}\{Extension_Version}\Status\{0}.Status  -> {0} being the sequence number

Extension output logs are logged to the following directory:

C:\WindowsAzure\Logs\Plugins\{Extension_Name}\{Extension_Version}

Error codes and their meanings

Error Code Meaning Possible Action
1000 Generic error The message for this error is provided by the specific exception in extension logs
52 Extension Install Error The message for this error is provided by the specific exception
1002 Wmf Install Error Error while installing WMF.
1004 Invalid Zip Package Invalid zip ; Error unpacking the zip
1100 Argument Error Indicates a problem in the input provided by the user. The message for the error is provided by the specific exception

Support

If you need more help at any point in this article, you can contact the Azure experts on the Azure support. Alternatively, you can file an Azure support incident. Go to the Azure support site and submit your request. For information about using Azure Support, read the Azure support FAQ.