Created a script that installs an empty server to a server that uses an SQL Db, IIS, WebDeploy and FTP. Everything installs but when i try to run my createsqldatabaseb.ps1 it gives an error. Been searching a solution for about two weeks by now.
I've included a screenshot, ConfigurationFile.ini that setup.exe uses(SQL Server installer) and my script.
I'm looking for a small configuration error that prevents me from creating the Database.
Thanks.
Error that command gives
A couple of dism action to enable powershell etc...
dism /online /enable-feature /featurename:NetFx2-ServerCore
dism /online /enable-feature /featurename:NetFx3-ServerCore
dism /online /enable-feature /featurename:NetFx2-ServerCore-WOW64
dism /online /enable-feature /featurename:NetFx3-ServerCore-WOW64
dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell
dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell-WOW64
dism /online /enable-feature /featurename:ServerManager-PSH-Cmdlets
powershell Set-ExecutionPolicy Unrestricted
powershell ./InstallIIS.ps1
CnfigurationFile.ini
;SQL Server 2012 Configuration File
[OPTIONS]
; Specifies a Setup work flow, like INSTALL, UNINSTALL, or UPGRADE. This is a required parameter.
ACTION="Install"
; Detailed help for command line argument ENU has not been defined yet.
ENU="True"
; Setup will not display any user interface.
QUIET="False"
IACCEPTSQLSERVERLICENSETERMS="True"
; Setup will display progress only, without any user interaction.
QUIETSIMPLE="True"
; Specify whether SQL Server Setup should discover and include product updates. The valid values are True and False or 1 and 0. By default SQL Server Setup will include updates that are found.
UpdateEnabled="True"
; Specifies features to install, uninstall, or upgrade. The list of top-level features include SQL, AS, RS, IS, MDS, and Tools. The SQL feature will install the Database Engine, Replication, Full-Text, and Data Quality Services (DQS) server. The Tools feature will install Management Tools, Books online components, SQL Server Data Tools, and other shared components.
FEATURES=SQLENGINE,CONN,FULLTEXT
; Specify the location where SQL Server Setup will obtain product updates. The valid values are "MU" to search Microsoft Update, a valid folder path, a relative path such as .\MyUpdates or a UNC share. By default SQL Server Setup will search Microsoft Update or a Windows Update service through the Window Server Update Services.
UpdateSource="MU"
; Displays the command line parameters usage
HELP="False"
; Specifies that the detailed Setup log should be piped to the console.
INDICATEPROGRESS="False"
; Specifies that Setup should install into WOW64. This command line argument is not supported on an IA64 or a 32-bit system.
X86="False"
; Specify the root installation directory for shared components. This directory remains unchanged after shared components are already installed.
INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server"
; Specify the root installation directory for the WOW64 shared components. This directory remains unchanged after WOW64 shared components are already installed.
INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server"
; Specify a default or named instance. MSSQLSERVER is the default instance for non-Express editions and SQLExpress for Express editions. This parameter is required when installing the SQL Server Database Engine (SQL), Analysis Services (AS), or Reporting Services (RS).
INSTANCENAME="MSSQLSERVER"
; Specify that SQL Server feature usage data can be collected and sent to Microsoft. Specify 1 or True to enable and 0 or False to disable this feature.
SQMREPORTING="False"
; Specify the Instance ID for the SQL Server features you have specified. SQL Server directory structure, registry structure, and service names will incorporate the instance ID of the SQL Server instance.
INSTANCEID="MSSQLSERVER"
; Specify if errors can be reported to Microsoft to improve future SQL Server releases. Specify 1 or True to enable and 0 or False to disable this feature.
ERRORREPORTING="False"
; Specify the installation directory.
INSTANCEDIR="C:\Program Files\Microsoft SQL Server"
; Agent account name
AGTSVCACCOUNT="NT Service\SQLSERVERAGENT"
; Auto-start service after installation.
AGTSVCSTARTUPTYPE="Automatic"
; CM brick TCP communication port
COMMFABRICPORT="0"
; How matrix will use private networks
COMMFABRICNETWORKLEVEL="0"
; How inter brick communication will be protected
COMMFABRICENCRYPTION="0"
; TCP port used by the CM brick
MATRIXCMBRICKCOMMPORT="0"
; Startup type for the SQL Server service.
SQLSVCSTARTUPTYPE="Automatic"
; Level to enable FILESTREAM feature at (0, 1, 2 or 3).
FILESTREAMLEVEL="0"
; Set to "1" to enable RANU for SQL Server Express.
ENABLERANU="False"
; Specifies a Windows collation or an SQL collation to use for the Database Engine.
SQLCOLLATION="Latin1_General_CI_AS"
; Account for SQL Server service: Domain\User or system account.
SQLSVCACCOUNT="NT Service\MSSQLSERVER"
; Windows account(s) to provision as SQL Server system administrators.
SQLSYSADMINACCOUNTS=".\Administrator"
; The default is Windows Authentication. Use "SQL" for Mixed Mode Authentication.
SECURITYMODE="SQL"
SAPWD="Opleelan8"
; Provision current user as a Database Engine system administrator for SQL Server 2012 Express.
ADDCURRENTUSERASSQLADMIN="False"
; Specify 0 to disable or 1 to enable the TCP/IP protocol.
TCPENABLED="1"
; Specify 0 to disable or 1 to enable the Named Pipes protocol.
NPENABLED="1"
; Startup type for Browser Service.
BROWSERSVCSTARTUPTYPE="Automatic"
My Install script
#Importeer ServerManager
Import-Module ServerManager
#Install IIS
Add-WindowsFeature Web-Server -IncludeAllSubFeature
#Installeer .Net-Framework
Add-WindowsFeature net-Framework
#Importeer WebAdministration & Web-Mgmt-Service
Import-Module WebAdministration
#Installeer Web-Mgmt-Service
Add-WindowsFeature Web-Mgmt-Service
#Installeer .NET 4
./dotNetFx40_Full_x86_x64_SC.exe
write-host ".NET installed"
# Install Web Deploy
Write-Host "Installing Web Deploy"
.\WebDeploy_amd64_en-US.msi ADDLOCAL=ALL /qn
Write-Host "INSTALLED Web Deploy"
# Install Microsoft® Core XML Services, needed for SMO
Write-Host "Installing Microsoft Core XML SERVICES"
.\msxml6_x64.msi ADDLOCAL=ALL /qn
Write-Host "Installed Microsoft Core XML SERVICES"
#Install CLR Types
Write-Host "Installing CLR TYPES"
.\SQLSysClrTypes.msi ADDLOCAL=ALL /qn
Write-Host "Installed CLR TYPES"
# Install MS SQL Server Management Objects.
Write-Host "Installing MS SQL Server Management Objects"
./SharedManagementObjects.msi ADDLOCAL=ALL /qn
Write-Host "Installed MS SQL Server Management Objects"
#Install SQL SERVER
Write-Host "Installing SQL SERVER"
.\setup.exe /ConfigurationFile=ConfigurationFile.ini
Write-Host "INSTALLED SQL SERVER"
Clear-Host
$teamnaam = "ErosRammazani"
$teampass = "Opleelan8"
$sitePort="8007"
$sqlServerInstanceName="MSSQLSERVER"
$sqlServerName=$sqlServerInstanceName
$databaseAdminUser="sa"
$databaseAdminPassword="Opleelan8"
$Sitedir="C:\inetpub"
$Settingsdir="C:\inetprofiles"
$Scriptdir="C:\Program Files\IIS\Microsoft Web Deploy V3\Scripts"
$AppCmd="C:\Windows\System32\inetsrv\appcmd.exe"
# .NET toegang geven tot databank
$aspnet="C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"
# Path tests
Set-Location -Path "$Scriptdir"
if (!(Test-Path -path $Sitedir)) {New-Item $Sitedir -Type Directory}
if (!(Test-Path -path $Settingsdir)) {New-Item $Settingsdir -Type Directory}
if (!(Test-Path ".\SetupSiteForPublish.ps1"))
{ Write-Host -NoNewline "Installeer Wdeploy.exe"; Exit 1 }
##################### User per team aanmaken
net user $teamnaam $teampass /add /passwordchg:no /expires:never /active:yes /fullname:$teamnaam /comment:$teamnaam
# Set the FTP user account’s password not to expire
$WMI = gwmi win32_useraccount | where {$_.name -eq $teamnaam}
$WMI.PasswordExpires = $False
$WMI.put()
###################### Site publiceren in IIS . Elk team een eigen App Pool
Write-Host -NoNewline "publiceren site $teamnaam"
$siteName=$teamnaam
$sitePhysicalPath=$Sitedir+"\"+$siteName
$siteAppPoolName=$teamnaam+"AppPool"
$deploymentUserName=$teamnaam
$deploymentUserPassword=$teampass
$managedRunTimeVersion="v4.0"
.\SetupSiteForPublish.ps1 -siteName $siteName -sitePhysicalPath $sitePhysicalPath -siteAppPoolName $siteAppPoolName -sitePort $sitePort -deploymentUserName $deploymentUserName -deploymentUserPassword $deploymentUserPassword -publishSettingSavePath $Settingsdir -publishSettingFileName $siteName".PublishSettings" -managedRunTimeVersion $managedRunTimeVersion
################### SQL db aanmaken
Write-Host -NoNewline "SQL db aanmaken voor $teamnaam"
$databaseName="db$teamnaam"
$databaseUserName="dbuser$teamnaam"
$databaseUserPassword=$teampass
Set-Location -Path "$Scriptdir"
.\CreateSqlDatabase.ps1 -databaseName $databaseName -databaseUserName $databaseUserName -databaseUserPassword $databaseUserPassword -databaseAdminUser $databaseAdminUser -databaseAdminPassword $databaseAdminPassword -sqlServerInstanceName $sqlServerInstanceName -publishSettingSavePath $Settingsdir -publishSettingFileName $databaseName".PublishSettings"
#################### Default pagina klaarzetten op de site
echo "<html><body><h2>Default pagina $teamnaam</h2><p><%Response.Write(now())
%></p></body></html>" | Out-File $sitePhysicalPath\default.aspx
# Virtuele dir op default website
& $appcmd ADD vdir /app.name:"Default Web Site/" /path:/$teamnaam /physicalPath:C:\$Sitedir\$teamnaam
# .NET toegang geven tot databank
# -A toegang tot alle features -E login/pass van huidige user gebruiken
Write-Host -NoNewline ".NET toegang tot db"
& $aspnet -S $sqlServerName -d $databaseName -A all -E
# FTP toegang tot site , FTP site was manueel aangemaakt in IIS
if (!(Test-Path -path $sitePhysicalPath)) {New-Item $sitePhysicalPath -Type Directory}
& $AppCmd set config "FTP" -section:system.ftpServer/security/authorization /+"[accessType='Allow',users='$teamnaam',permissions='Read, Write']" /commit:apphost
######### open extra ports in firewall
Write-Host -NoNewline "Setting Windows Firewall rules for $teamnaam "
netsh advfirewall firewall add rule name="Projecten-$teamnaam-IN" dir=in action=allow protocol=TCP localport=$sitePort
netsh advfirewall firewall add rule name="Projecten-$teamnaam-OUT" dir=out action=allow protocol=TCP remoteport=$sitePort
Related
In Azure Devops Server, I have created a group in Deployment Groups. A registration script was created for run in the target server. This is the generated script.
$ErrorActionPreference="Stop";If(-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent() ).IsInRole( [Security.Principal.WindowsBuiltInRole] “Administrator”)){ throw "Run command in an administrator PowerShell prompt"};If($PSVersionTable.PSVersion -lt (New-Object System.Version("3.0"))){ throw "The minimum version of Windows PowerShell that is required by the script (3.0) does not match the currently running version of Windows PowerShell." };If(-NOT (Test-Path $env:SystemDrive'azagent')){mkdir $env:SystemDrive'azagent'}; cd $env:SystemDrive'azagent'; for($i=1; $i -lt 100; $i++){$destFolder="A"+$i.ToString();if(-NOT (Test-Path ($destFolder))){mkdir $destFolder;cd $destFolder;break;}}; $agentZip="$PWD\agent.zip";$DefaultProxy=[System.Net.WebRequest]::DefaultWebProxy;$securityProtocol=#();$securityProtocol+=[Net.ServicePointManager]::SecurityProtocol;$securityProtocol+=[Net.SecurityProtocolType]::Tls12;[Net.ServicePointManager]::SecurityProtocol=$securityProtocol;$WebClient=New-Object Net.WebClient; $Uri='https://go.microsoft.com/fwlink/?linkid=2066756';if($DefaultProxy -and (-not $DefaultProxy.IsBypassed($Uri))){$WebClient.Proxy= New-Object Net.WebProxy($DefaultProxy.GetProxy($Uri).OriginalString, $True);}; $WebClient.DownloadFile($Uri, $agentZip);Add-Type -AssemblyName System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory( $agentZip, "$PWD");.\config.cmd --deploymentgroup --deploymentgroupname "DG-Test" --agent $env:COMPUTERNAME --runasservice --work '_work' --url 'https://devops.MyCompany.com/tfs/' --collectionname 'Col-FRN-Main' --projectname 'T-MyCompany'; Remove-Item $agentZip;
I run the script then PowerShell asks me to Enter authentication type (press enter for PAT), so I enter an accessToken that is generated in Personal Access Token but PowerShell returns Enter authentication type (press enter for PAT).
I could use the accessToken for connecting Team explorer in Visual studio to my DevOps server and connecting agent pool to my DevOps server, but I have trouble connecting deployment agnet.
What's wrong?
When PowerShell asks you to Enter authentication type (press enter for PAT), you are supposed to press enter on your keyboard. Then it will prompt you to enter your Personal Access Token. Follow the prompts and you should be able to connect successfully.
i have an problem with my script, plz help :3
This script is supposed to get all Server Hostnames from our Server OU. And than get the Used and Free Space of the Servers But when i try to get the server list with the "Get-AdComputer" cmdlet i get errors.
$servers = Get-ADComputer -Filter * -SearchBase "OU=SomeOU, DC=SomeDomain, DC=SomeDomain, DC=SomeDomain" | Select-Object Name
$allDisks = foreach ($server in $servers)
{
Get-WmiObject Win32_LogicalDisk -ComputerName $server -Filter DriveType=3 |
Select-Object #{'Name'='ComputerName'; 'Expression'={$server}},
DeviceID,
#{'Name'='Size'; 'Expression'={[math]::truncate($_.size / 1GB)}},
#{'Name'='Freespace'; 'Expression'={[math]::truncate($_.freespace / 1GB)}}
}
$allDisks |Export-Csv C:\Servers.csv -NoTypeInformation
when i run this i get:
Get-WmiObject : Der RPC-Server ist nicht verfügbar.
In Zeile:5 Zeichen:5
+ Get-WmiObject Win32_LogicalDisk -ComputerName $server -Filter Dri ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
+ FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
i also should add, that if i only run the thing from the first line i get an clean list of all of our servers.
As the error states that RPC server is not available for the one of the servers that you are trying to query. There can be multiple reasons as per the PS Blog:
The remote computer is blocked by the firewall.
Solution: Open the Group Policy Object Editor snap-in (gpedit.msc) to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization. OpenComputer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure. Enable the following exception: “Allow Remote Administration Exception” and “Allow File and Printer Sharing Exception“.
Hostname or IP address is wrong or the remote computer is shut down.
Solution: Verify correct hostname or IP address.
The “TCP/IP NetBIOS Helper” service isn’t running.
Solution: Verify that “TCP/IP NetBIOS Helper” is running and set to auto start after restart.
The “Remote Procedure Call (RPC)” service is not running on the remote computer.
Solution: Verify that “Remote Procedure Call (RPC)” is running and set to auto start after restart.
The “Windows Management Instrumentation” service is not running on the remote computer.
Solution: Verify that “Windows Management Instrumentation” is running and set to auto start after restart
So, I dont think there is any code issue there. Kindly check the network firwwall and server side. Also apply a try/catch block and capture the exact server name in the loop to see which server is that causing the issue.
Signing Windows binaries on Server Core Windows Server 2019 Datacenter Edition with Visual Studio 2019 Community.
signtool.exe was not behaving correctly (issues opening PFX file), and so we were advised to switch to PowerShell + Set-AuthenticodeSignature.
Using the following commands:
$securepassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$pfx = Get-PfxData -FilePath $certificate -Password $securepassword
$cert = $pfx.EndEntityCertificates[0]
Set-AuthenticodeSignature -FilePath $target -Certificate $cert -HashAlgorithm "SHA256" -TimestampServer http://timestamp.digicert.com
results in a binary with the expected SHA256 signature, however, the Timestamp Signature is SHA1. Have also tried using http://timestamp.digicert.com?alg=sha256 as the server, however Set-AuthenticodeSignature does not add the timestamp signature at all.
Since this command doesn't allow you to specify the hash of the Timestamp algorithm, how can we achieve this?
Use another RFC3161 timestamp server. For example:
-TimestampServer "http://timestamp.comodoca.com/rfc3161"
I also see this issue in Windows 10 Enterprise when trying to use -TimestampServer "http://timestamp.digicert.com?alg=sha256" in PowerShell, despite this timestamp server working fine with signtool in the same environment.
If one flushes the local DNS cache and then observes the network interface with Wireshark, both signtool and Set-AuthenticodeSignature normally trigger a DNS lookup for the timestamp server during the signing process. This does not occur when using the DigiCert URL with Set-AuthenticodeSignature. The cmdlet seems like it may be having an issue with the ?alg=sha256 parameter and then skips the timestamp step completely.
I have disabled the remote desktop firewall rule in a Windows Azure virtual machine.As you would expect, I can no longer remote desktop in to the server.
Does anyone know if it is possible to re-enable the Remote Desktop Windows firewall rule?
What I have tried
As a long shot, I have downloaded the Windows Azure CLI but can't see anything in there that would do it but have not found anything.
I have also tried to execute the following command against the MSSQL server:
EXEC xp_cmdshell 'netsh advfirewall firewall set rule group="remote desktop" new enable=Yes';
GO
I am getting the following message from the query:
The requested operation requires elevation (Run as administrator).
Please tell me I don't have to re-create the site (which is backed up).
If you're using a VM inside a resource group with the new azure portal, you can do this:
Click reset password
Change mode to "Reset configuration only"
Click update and wipe your sweat off :)
It turns out that all I needed to do was to PowerShell into the Azure VM.
Steps:
Make sure PowerShell is enabled in the Endpoints section of the Azure portal.
Get the server's certificate (PowerShell needs this for remote commands). You can get the server certificate by going to your domains' URL: https://yourdomaing.cloudapp.net:12345 (where :12345 is the port that PowerShell uses).
Export the SSL certificate of the site as a .CER file and install it on your local machine.
Save it to the "Trusted Root Certification Authorities" store on your machine.
Open PowerShell with administrative privileges on your local machine and type:
Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL
A login popup will appear, enter your VM's login credentials here.
You will now be able to execute commands against the Azure VM. In my case, I ran netsh advfirewall firewall set rule group="remote desktop" new enable=Yes and exited the PowerShell session and was able to remotely connect to my machine.
I'm new to PowerShell. I'm looking to run PowerShell command on a remote PC running Windows 7.
On the remote PC, I ran the following PowerShell commands:
Enable-PSRemoting -Force
Set-Item WSMAN:\localhost\client\trustedhosts <host_ip>
Restart-Service WinRM
I performed the last two commands on the host PC (but using <remote_ip>).
I confirmed this worked OK with:
Invoke-Command -ComputerName <name> -Credential <username> -ScriptBlock { Get-ChildItem C:\ }
My question: Is this secure on a public network? Should I be doing something else? Or should I be using SSL? If so, how do I go about this?
If you use the default authentication when using Invoke-Command the user is authenticated on the remote host using either NTLM or Kerberos. So I don't think you need to worry too much about the password being sniffed out on the network. Also, by default, remoting endpoints can only be used by administrators on that machine. Finally, if you need to allow non-admins access, you can configure a remoting endpoint that is restricted. It can be restricted in the cmdlets available and it can be restricted in language capability. This tutorial on remoting covers setting up a restricted session.