DSC - how to open firewall port for a site in IIS

i've used configuration trying open port i've configured web site

    xfirewall firewall
    {
        name                  = "tailpintoys dev"
        displayname           = "firewall rule tailpintoys dev"
        displaygroup          = "tailspin"
        ensure                = "present"
        access                = "allow"
        state                 = "enabled"
        profile               = ("domain")
        direction             = "outbound"
        remoteport            = ("11000")
        localport             = ("11000")        
        protocol              = "tcp"
        applicationpath       = "c:\windows\system32\inetsrv\w3wp.exe"
        description           = "firewall rule tailpintoys dev" 
    }

i have 2 problem here, first port not seems opened if start-dscconfiguration returns no errors. site not visible (if disable firewall i'm able see site i'm sure problem missing firewall rule). i've tried removing applicationpath, no success.

the second problem i'm not able specify more 1 profile in profile parameter, because got error

xnetworking\xfirewall : 'domain private' not valid value property 'profile' on class 'xfirewall'

 the same error happens running samples included in module.

gian maria.

---

ricci gian maria. (http://www.codewrecks.com)

good news: bug fixed in windows management framework 5.0 preview, once hits ga, you're set. if like, install preview on 1 server , use generate mof file particular configuration (or others encounter similar bug).

if want stick powershell 4.0 now, have couple of options.  define configuration 1 valid profile, run compile mof file, , modify mof file manually afterward.  bug affects generation of mof file; once it's created, can still pass in 2 profile names resource. profile entry in mof document should this:

 profile = {     "domain",     "public"  };

alternatively, modify configuration create 2 separate firewall rules instead of one.  has benefit of not requiring manually change every mof file generate.  node definition in config file contain this:

       foreach ($fwprofile in 'domain', 'public')          {              xfirewall "firewall-$fwprofile"              {                  name                  = "tailpintoys dev-$fwprofile"                  displayname           = "firewall rule tailpintoys dev (profile: $fwprofile)"                  displaygroup          = "tailspin"                  ensure                = "present"                  access                = "allow"                  state                 = "enabled"                  profile               = $fwprofile                  direction             = "outbound"                  remoteport            = ("11000")                  localport             = ("11000")                           protocol              = "tcp"                  applicationpath       = "c:\windows\system32\inetsrv\w3wp.exe"                  description           = "firewall rule ntailpintoys dev (profile: $fwprofile)"                    service               =  "winrm"              }          }

personally, wouldn't either of these things.  i'd keep vm handy wmf 5.0 preview compiling configuration mof in short term, , upgrade @ least 1 production computer wmf 5.0 same purpose officially released.

that addresses second problem.  first, i've run configuration on test vm, , create firewall rule you've defined in configuration file (outbound, port 11000, tcp, etc.), suspect problem isn't dsc, it's configuration doesn't match site requires.  outbound rule w3wp looks little bit fishy me.  sure that's not supposed inbound rule?

Windows Server  >  Windows PowerShell