Windows

使用 Invoke-Command 遠端安裝 SQL

  • July 3, 2014

我正在嘗試使用 Invoke-Command 通過 Powershell 在 Win 2012 r2 伺服器上遠端安裝 SQL Server 2012,但它失敗並出現此錯誤

"Validation for setting 'SQLSVCACCOUNT' failed. Error message: The SQL Server service account login or password is not valid. Use SQL Server Configuration Manager to update the service account."

登錄名和密碼正確。當我直接在伺服器上執行相同的命令時它工作正常……我不明白。

我正在使用域管理員憑據來啟動我的 PSSession。

這是我的程式碼:

$SApwd = "MyPassword"
$ServiceAccount= "SPRINGFIELD\SQLCitrix"
$ServicePassword = "MyPassword"
$SqlCollation = "French_CI_AS"

$user = "Springfield\Administrator"
$password = ConvertTo-SecureString -AsPlainText -Force -String "MyPassword"
$credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user,$password
$session = New-PSSession -ComputerName $ipsqlserver -Credential $credentials

Invoke-Command -Session $session -ScriptBlock {Set-Location -Path C:\sources\sql } 
Invoke-Command -Session $session -ScriptBlock {.\Setup.exe /SAPWD=$using:SApwd /IACCEPTSQLSERVERLICENSETERMS /Q /UpdateEnabled="False" /FEATURES=SQLENGINE,SSMS,ADV_SSMS /INDICATEPROGRESS="True" /X86="False" /ACTION=INSTALL /INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server" /INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server" /INSTANCENAME="MSSQLSERVER" /INSTANCEID="MSSQLSERVER" /SQMREPORTING="False" /ERRORREPORTING="False" /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /AGTSVCACCOUNT=$using:ServiceAccount /AGTSVCPASSWORD=$using:ServicePassword /AGTSVCSTARTUPTYPE="Automatic" /SQLSVCSTARTUPTYPE="Automatic" /FILESTREAMLEVEL="0" /ENABLERANU="False" /SQLCOLLATION="French_CI_AS" /SQLSVCACCOUNT=$using:ServiceAccount  /SQLSVCPASSWORD=$using:ServicePassword /SQLSYSADMINACCOUNTS="CASTOR\Administrator" /SECURITYMODE="SQL" /TCPENABLED="1" /NPENABLED="0" /BROWSERSVCSTARTUPTYPE="Automatic"}

這裡有一個更詳細的日誌文件:http: //pastebin.com/nNurAz0g

謝謝你的幫助

您需要讓目標機器受信任以進行委派。在 ADUC 中,轉到目標電腦的屬性->委派選項卡-> 信任此電腦以委派給任何服務(僅限 Kerberos)。然後設置正確的 SPN 以允許服務帳戶模擬目標框:

setspn -A MSSQLSvc/FQDNofYourTargetBox domain\accountname 
setspn -A MSSQLSvc/FQDNofYourTargetBox:1433 domain\accountname
setspn -A MSSQLSvc/NetbiosNameofYourTargetBox domain\accountname

留出一些時間讓 SPN 資訊在您的林中傳播,然後重試。更多關於 SPN 的資訊:http: //msdn.microsoft.com/en-gb/library/ms191153.aspx

引用自:https://serverfault.com/questions/609859