Suggested Enhancements

Jun 3, 2010 at 11:32 PM

Hi Brian, a few possible suggestions, which I had incorporated into my script:

1) To cater for the instance where SharePoint has already been installed

Change line 116 from:

$SPVersion = (Get-Command "$bits\setup.exe" -ErrorAction SilentlyContinue).FileVersionInfo.ProductVersion

to

## Detect installer/product version
If  (Test-Path "$env:CommonProgramFiles\Microsoft Shared\Web Server Extensions\14\BIN\stsadm.exe") #Crude way of checking if SP2010 is already installed
{
 $SPVersion = (Get-Command "$env:CommonProgramFiles\Microsoft Shared\Web Server Extensions\14\BIN\stsadm.exe").FileVersionInfo.ProductVersion
}
Else
{
 $SPVersion = (Get-Command "$bits\setup.exe" -ErrorAction SilentlyContinue).FileVersionInfo.ProductVersion
}

Reason: In my environment I had no internet connectivity. Therefore I had to obtain and install all of the prerequisites (not just the mandatory ones). The prerequisite installer fails if you have no internet connectivity and you have installed only a subset of them. Microsoft currently has 3 versions of the prerequisite item 'SQL 2008 R2 Analysis Services ADOMD.NET' available, where only the one at http://go.microrosft.com/fwlink/?LinkID=160390 will work because of the registry settings it makes (which the prereq installer looks for). Note that even though all the pre-reqs are installed, the prereq install must still be executed. If you go straight to the install option, it will fail and will say that the following items are missing (but nothing is listed in the missing list).

2) Create managed accounts for the My Site App Pool and Portal App Pool (to follow Microsoft's least privilege philosophy)

In my config file I changed the XML elements AppPoolAcct and AppPoolAcctPWD to ServiceAppPoolAcct and ServiceAppPoolAcctPWD, then added additional xml entries PortalAppPoolAcct, PortalAppPoolAcctPWD, MySiteAppPool and MySiteAppPoolAcct.  Then in the '#Region Register Managed Accounts' region, changed it to:

$ManagedAccount = Get-SPManagedAccount | Where-Object {$_.UserName -eq $ServiceAppPoolAcct}
If ($ManagedAccount -eq $NULL)
{
 Write-Host -ForegroundColor Green "- Registering managed account" $ServiceAppPoolAcct
 New-SPManagedAccount -Credential $cred_ServiceAppPoolAcct | Out-Null
}
Else {Write-Host -ForegroundColor Green "- Managed account $ServiceAppPoolAcct already exists, continuing."}

## Add Portal App Pool Managed Account
$PortalManagedAccount = Get-SPManagedAccount | Where-Object {$_.UserName -eq $PortalAppPoolAcct}
If ($PortalManagedAccount -eq $NULL)
{
 Write-Host -ForegroundColor Green "- Registering managed account" $PortalAppPoolAcct
 New-SPManagedAccount -Credential $cred_PortalAppPoolAcct | Out-Null
}
Else {Write-Host -ForegroundColor Green "- Managed account $PortalAppPoolAcct already exists, continuing."}

## Add MySite App Pool Managed Account
$MySiteManagedAccount = Get-SPManagedAccount | Where-Object {$_.UserName -eq $MySiteAppPoolAcct}
If ($MySiteManagedAccount -eq $NULL)
{
 Write-Host -ForegroundColor Green "- Registering managed account" $MySiteAppPoolAcct
 New-SPManagedAccount -Credential $cred_MySiteAppPoolAcct | Out-Null
}
Else {Write-Host -ForegroundColor Green "- Managed account $MySiteAppPoolAcct already exists, continuing."}

Then down around line 880, I changed the My Site creation code from:

    New-SPWebApplication -Name $MySiteName -ApplicationPoolAccount $AppPoolAcct -ApplicationPool $MySiteAppPool -DatabaseName $MySiteDB -HostHeader $MySiteHostHeader -Url $MySiteURL -Port $MySitePort -SecureSocketsLayer:$MySiteUseSSL | Out-Null
to

    New-SPWebApplication -Name $MySiteName -ApplicationPoolAccount $MySiteAppPoolAcct -ApplicationPool $MySiteAppPool -DatabaseName $MySiteDB -HostHeader $MySiteHostHeader -Url $MySiteURL -Port $MySitePort -SecureSocketsLayer:$MySiteUseSSL | Out-Null

Then down around line 811, I changed the Portal creation code from:

 New-SPWebApplication -Name $PortalName -ApplicationPoolAccount $AppPoolAcct -ApplicationPool $PortalAppPool -DatabaseName $PortalDB -HostHeader $PortalHostHeader -Url $PortalURL -Port $PortalPort -SecureSocketsLayer:$PortalUseSSL | Out-Null
to

 New-SPWebApplication -Name $PortalName -ApplicationPoolAccount $PortalAppPoolAcct -ApplicationPool $PortalAppPool -DatabaseName $PortalDB -HostHeader $PortalHostHeader -Url $PortalURL -Port $PortalPort -SecureSocketsLayer:$PortalUseSSL | Out-Null

3) Check logic for Farm Passphrase

In my environment, the scripts failed if I had a space in the Passphrase (within the XML file). I found it to be more reliable if I forced the prompting for the information (as you have done in the sample SetInputs.xml file)

4) Post install observations

As I had to install the Search service application by hand, I couldn't get around the database names having a GUID at the end. For the Excel Services stuff, I could create an unattended account (ApplicationID) through the secure store and reference that account during the Excel Services configuration. For Performance Point however, you have to just pass in an account name and password, then it auto-generates the unattended ApplicationID with a GUID in the name (thanks for the consistency Microsoft). It is only in the configuration of the User Profile sync service that you need to provide an account that has special privileges to AD. The MySitePersonalRelativePath is not required until you configure the User Profile sync service.

Coordinator
Jun 7, 2010 at 3:33 AM

Hi!

For 1), have you tried the script (part of this project) that can download all the required prerequisites for you in advance? Then you only need to specify <OfflineInstall>1</OfflineInstall> in the SetInputs.xml file and it won't try to download anything.

For 2), excellent suggestion and I've incorporated your suggestion in the next imminent release!

3) - again, thanks, and I've simply updated the script to have double-quotes around the $FarmPassPhrase variable, so spaces and other special chars don't make the script blow up

4) - I'm still trying to determine best approach to incorporate Gary Lapointe's Enterprise Search Powershell script into mine - but if you browse through the issues/discussions you might find an updated one from jthake which you can run separately in the meantime.

Cheers!

Brian