Error with v2 -- entering farm passphrase

Jan 25, 2011 at 12:22 AM

Hey guys, so I'm not sure if I'm just doing something fundementally wrong, but nothing about this script works for me.

1st, when it asks for the farm passphrase I get this error:

"Cannot convert the System.Security.SecureString value of type "system.string" to type System.Security.SecureString .... 

So I went ahead and scripted the initial farm install myself, so that this script would just join that farm and then continue to provision all the service accounts..  and really, this is nothing but red..  way to many errors and problems to even start..

Any ideas??

 

Jan 25, 2011 at 1:04 AM

Have you tried entering the passphrase into the SetInputs XML file?  If you leave this field blank, the script will prompt you for it.

Jan 25, 2011 at 1:14 AM

Yes, I have tried it both ways.

(the script throws similar errors all through the script)

example, when it attempts to add managed accounts:

Adding Managed Accounts
ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it
is an empty string.
At C:\SP2010\AutoSPInstaller\AutoSPInstallerFunctions.ps1:693 char:48
+             $password = ConvertTo-SecureString <<<< "$password" –AsPlaintex
t –Force
   + CategoryInfo         : InvalidData: (:) [ConvertTo-SecureString], Param
   eterBindingValidationException
   + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl
   lowed,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

- Registering managed account test\spservice
New-Object : Cannot convert argument "1", with value: "", for "PSCredential" to
type "System.Security.SecureString": "Cannot convert the "" value of type "Sys
tem.String" to type "System.Security.SecureString"."
At C:\SP2010\AutoSPInstaller\AutoSPInstallerFunctions.ps1:707 char:46
+                    $credAccount = New-Object <<<< System.Management.Automat
ion.PsCredential $username,$password
   + CategoryInfo         : InvalidOperation: (:) [New-Object], MethodExcept
   ion
   + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.Power
   Shell.Commands.NewObjectCommand

 

Thanks!

Jan 25, 2011 at 2:50 AM

I'm not really familiar with the latest beta code, but in the stable version, most password related functions first check to make sure the string is not null or empty.

E.g. If (($item.FarmAcctPWD -ne "") -and ($item.FarmAcctPWD -ne $null)) {$FarmAcctPWD = (ConvertTo-SecureString $item.FarmAcctPWD -AsPlainText -force)}

I know Powershell is supposed to be case insensitive, but in case it treats variables differently, line 692 should be:

$password = $account.Password

and not

$password = $account.password 

Coordinator
Jan 25, 2011 at 3:41 AM

With regard to your most recent post, it appears as though the script isn't picking up any value for passwords - as would be the case if the values were truly blank in the AutoSPInstallerInput*.xml, or if it were somehow picking up a different input file that had blank values.

The message: Cannot bind argument to parameter 'String' because it is an empty string tells us that the script clearly isn't picking up a value for $password or $account.password

I admit that the ability to prompt for missing information and process the console input is somewhat incomplete in this release; the ultimate goal is to prompt for any missing passwords at run-time and have be able to process the entered values.

If it continues to fail, I'd be interested to see a snippet of your input XML file especially around managed accounts (if it's OK to post).

Brian

Jan 25, 2011 at 5:48 PM
Edited Jan 25, 2011 at 5:52 PM

so a few more insights here. 

I did a more detailed :) job of setting all the parms in the inputs file.   The script still fails with the farm passphrase, can't seem to get past that one, but if I script the inital farm creation, and then run this v2 script to do all the additional configuration, it works well up until the Secure Store Service.  At that point it is failing to set the credentials as there was no passphrase entered for Secure Store (is that in the inputs file?).

 

Update-SPSecureStoreMasterKey : Cannot bind argument to parameter 'Passphrase'

because it is an empty string.

At C:\SP2010\AutoSPInstaller\AutoSPInstallerFunctions.ps1:1632 char:87

Jan 25, 2011 at 5:51 PM
Edited Jan 25, 2011 at 5:52 PM

...

Coordinator
Jan 28, 2011 at 6:33 PM

Yes right now the Secure Store Service just re-uses the Farm Passphrase to create the master key. This may change in the future (or at least should be documented).

Brian

Jan 28, 2011 at 6:58 PM

Right, and since the passphrase section of code at the very beginning of the script doesn't work, you need to hardcode a passphrase in that section of the fuctions.ps1 script in order to successfully get the SS setup.

(we have tried this now in a few different autonomous environments and the script fails everytime with the farm passphrase.  the only way around it that I have found is to setup the farm with a seperate powershell script, then run the v2 script to do the rest)

Coordinator
Jan 28, 2011 at 11:59 PM

I seem to recall a past issue whereby if the passphrase had spaces or special characters it wouldn't get picked up properly in the input XML file - might this be the case for you?

Brian

Jan 31, 2011 at 10:18 PM

It is a security issue.  You need to execute the Powershell command:

Set-ExecutionPolicy unrestricted

Take a look at this post for more details: 

http://social.technet.microsoft.com/Forums/en/winserverpowershell/thread/60b32355-905e-4d5c-b58c-858d9c5ba061

 

Darrell

Coordinator
Feb 1, 2011 at 1:55 AM

@sailingcoder, if that were the case then none of the script would run (not just that cmdlet). Plus one of the first thing that happens is AutoSPInstallerLaunch.bat sets the Execution Policy to Bypass (even less restrictive than Unrestricted).

@tialen, by the way I tested locally with a long, complex passphrase with all kinds of strange characters and I had no problem. Still wondering what the issue could be.

Brian

Feb 14, 2011 at 2:26 PM

In AutoSPInstallerFunctions.ps1 line 416 you need to change the following:

Else {$SecPhrase = "$FarmPassphrase"} 

 

to

Else {$SecPhrase = $FarmPassphrase} 
Coordinator
Feb 15, 2011 at 3:07 PM

@tialen, can you confirm that @martinkulov's proposed fix works for you? It makes sense to me now that I look at it.

The thing I wonder about is that you mentioned that you tried putting the passphrase in the input XML file (instead of being prompted) - the line above would only come into play if the passphrase was not read from the XML input (i.e. was blank)

Brian

Feb 15, 2011 at 7:26 PM
brianlala wrote:

@tialen, can you confirm that @martinkulov's proposed fix works for you? It makes sense to me now that I look at it.

The thing I wonder about is that you mentioned that you tried putting the passphrase in the input XML file (instead of being prompted) - the line above would only come into play if the passphrase was not read from the XML input (i.e. was blank)

Brian


To answer the 2nd question 1st:  I do get prompted, the script just fails to capture the passphrase

I have not tried martinkulov's fix, I'll try that next time I build an environment or a have a free min to attempt to play with this.  Thanks

Feb 17, 2011 at 12:34 AM
martinkulov wrote:

In AutoSPInstallerFunctions.ps1 line 416 you need to change the following:

Else {$SecPhrase = "$FarmPassphrase"} 

 

to

Else {$SecPhrase = $FarmPassphrase} 


Actually, if you *don't* specify a <Passphrase> in the config XML file, then you need to change this to include the ConvertTo-SecureString bit, just like the outside Else statement:

Else {$SecPhrase = "$FarmPassphrase"}

to

Else {$SecPhrase = ConvertTo-SecureString "$FarmPassphrase" -AsPlainText -Force}

For us, it bombed even though we entered our Farm pass phrase when prompted by the Read-Host line.

Whether or not you want to include the double-quotes is a different issue (for me).

Coordinator
Feb 17, 2011 at 2:35 PM

Hmm shouldn't have to, since the line:

Read-Host -Prompt " - Please enter the farm passphrase now" -AsSecureString

Should already set the passphrase you enter as a secure string. Anyhow I have made some enhancements to the passphrase prompting/parsing functionality that will be available very soon.

Brian