Objective: 3 Tier, Small farm (2 Web Front Ends and an App Server)
Planned Configuration: Central Admin and Query Elements on the 2 WFE's, with all other services and the Crawler on the App Server. Will not use Office Web Apps.
All three servers began as the exact clean image and all are on the same domain as the SQL server. Being DOD, I expect the image has several security tweaks in it, after I found the "Secondary Logon" service disabled on them and changed them to
run. (I'm not sure what all services need to be running on the SP servers or the SQL server for the scripts to run without issues.)
When problems occurred, I researched and verified all my common names, all the correct access priveleges on the SQL Server (server roles and db roles), local machine roles. It seems that some of the things the script said it couldn't do actually get
done when I investigate. Several issues are seemingly related to the script updating to run as the general "spservices" service account - though I ensured the "Secondary Logon" service is running on all servers.
POTENTIAL CLUE: Each time an issue occurred, there was an error in my ULS logs: It says it's a SQL server issue, that the account "[HOSTNAME]$" was unable to login."
I'm hoping that someone might know more than me about possible server hardening, different agents or other security issues that might lead to the pattern I'm seeing.
Other than the fact that after the SharePoint binaries are installed on all servers, the SharePoint Timer Service somehow is always "Disabled" (and I have to manually fix it) -
WFE-1 installation comes off nearly without a hitch - It freezes at "Creating Configuration Database" (When timer stops in ULS log, I re-run and the database is there); and
I notice one message near the end, around where the PDF search stuff is being configured that said,
WARNING: - No Search Applications found.
However, when I moved to the App Server, the script has the following issues:
Freezes at "Attempting to Join Farm" (Just like above, I wait until ULS shows timer stops, Re run and it is already joined)
Script Aborts when it updates to run as my service account & it errors out trying to start the "Sandboxed Code Service"; I go in and change my config input file to not install it
It then aborts when it updates to run as my service account and errors out while "Waiting for User Profile Sync Service...Cannot find an overload for "SetSynchronizationMachine"...
I change my input file to go around User Profile, and re-run...
Script then aborts when it updates to run as my service account and errors out
with "Exception calling "Deploy" with "0" argument(s): explaining an object already exists......." I edit my input file to go arount this too and...
Script aborts after it reports "Secure Store already provisioned" then errors out
while "Creating the Master Key" indicating a problem with the parameter argument for 'ServiceApplicationProxy' is null. I edit the input file and re-run and...
Script aborts after Updating Web Analytics Data Processing Service to run as the spservice account
and indicates an error with "0" arguments again here.
The last issue I see is when 'Setting the administration component..." on Enterprise Search. It
complains a "timer job can only be run on a server wher the timer service is installed."
The second WFE,
freezes attempting to join the farm like the others. It then has a few errors but
doesn't abort. First, it says when attempting to create a local Central Admin site that "an adminvs service instance could not be found on local machine because it's null";
It then struggles trying to create a search crawl extension.