MSFT_xDSCWebService: Unable to disable selfsigned certificates using AcceptSelfSignedCertificates=$false

[tmeckel]

Details of the scenario you tried and the problem that is occurring

After a DSC Pull Server is provisioned with AcceptSelfSignedCertificates=$true it is impossible to disable the acceptance of selfsigned certificates using AcceptSelfSignedCertificates=$false and a redeployment of the configuration via Start-DscConfiguration.

Suggested solution to the issue

Seems that the Test-TargetResource does not detect the configuration change correctly.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

[CmdletBinding()]
param (
    [Parameter(Mandatory=$false)]
    [ValidateNotNullOrEmpty()]
    [string[]]$NodeName = 'localhost',

    [ValidateNotNullOrEmpty()]
    [string] $certificateThumbPrint = 'C85D2739E17EE8A05FC8DB68C8AE067029C097AB', 

    [Parameter(Mandatory, HelpMessage='This should be a string with enough entropy (randomness) to protect the registration of clients to the pull server.  We will use new GUID by default.')]
    [ValidateNotNullOrEmpty()]
    [string] $RegistrationKey,   # A guid that clients use to initiate conversation with pull server,

    [Parameter(Mandatory=$false)]
    [ValidateSet('Present', 'Absent')]
    [string]$State = 'Present',

    [ValidateNotNullOrEmpty()]
    [string]$EndpointName = "PSDSCPullServer",

    [ValidateScript({ $_ -eq 80 -or $_ -eq 443 -or ($_ -ge 1024 -and $_ -le [uint16]::MaxValue) })]
    [int]$Port = 8080,

    [ValidateNotNullOrEmpty()]
    [string]$OutputPath,

    [Parameter(Mandatory=$false)]
    [ValidateNotNullOrEmpty()]
    [string]$ApplicationPool = "DSC Pull Server"
)

Configuration HTTPPullServer {

    Import-DSCResource -ModuleName xPSDesiredStateConfiguration
    Import-DscResource -ModuleName xWebAdministration

    Node $NodeName
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure = $State
            Name   = "DSC-Service"
        }

        xDscWebService PSDSCPullServer
        {
            Ensure                       = $State
            EndpointName                 = $EndpointName
            Port                         = $Port
            PhysicalPath                 = "$env:SystemDrive\inetpub\PSDSCPullServer"
            CertificateThumbPrint        = $certificateThumbPrint
            ModulePath                   = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
            ConfigurationPath            = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
            State                        = "Started"
            RegistrationKeyPath          = "$env:PROGRAMFILES\WindowsPowerShell\DscService"
            AcceptSelfSignedCertificates = $false
            Enable32BitAppOnWin64        = $false
            UseSecurityBestPractices     = $false
            #ApplicationPool              = $ApplicationPool
            SqlProvider                  = $true
            SqlConnectionString          = "Server=UIDEFFMIMD54SPS;Database=DSCPullServer;Trusted_Connection=True;Integrated Security=SSPI;"
        }

        File RegistrationKeyFile
        {
            Ensure          = $State
            Type            = 'File'
            DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
            Contents        = $RegistrationKey
        }
    }
}

$cd = @{
    AllNodes = @(
        @{
            NodeName                    = $($NodeName)
            PSDscAllowPlainTextPassword = $true
            PSDscAllowDomainUser        = $true
        }
    )
}

$args = @{
    "ConfigurationData" = $cd
}

if ($OutputPath) {
    $args["OutputPath"] = $OutputPath
}
HTTPPullServer @args

The operating system the target node is running

OsName               : Microsoft Windows Server 2012 R2 Standard             
OsOperatingSystemSKU : StandardServerEdition                                 
OsArchitecture       : 64-bit                                                
WindowsBuildLabEx    : 9600.17415.amd64fre.winblue_r4.141028-1500            
OsLanguage           : en-US                                                 
OsMuiLanguages       : {en-US}                                               

Version and build of PowerShell the target node is running

Name                           Value
----                           -----
PSVersion                      5.1.14409.1005
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14409.1005
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

8.4.0.0

[tmeckel]

@PlagueHO , @mhendric can one of you guys close this issue because it has been fixed with PR #507

[PlagueHO]

Done!

[tmeckel]

Thanks! :-D