search

brianlala / AutoSPInstaller

Automated SharePoint 2010/2013/2016/2019/SE PowerShell-based installation script.
https://autospinstaller.com
MIT License
170 stars 80 forks source link

ApplicationPoolAccount is not found #49

Open UmrG opened 4 years ago

UmrG commented 4 years ago

Not a show stopper but here is how its behaving and if some one can provide better work around that will be great. Script will try to add managed accounts after provisioning CA and before creating any web applications and in case you don't have interactive logon enabled for those accounts it will fail to create local profiles. In my case accounts were not allowed interactive logon and were member of DenyInteractivelogon security policy. 

- Adding Managed Accounts...
  - Account "Domain\ServiceAccount:
   - Creating local profile for Domain\ServiceAccount...

PS>TerminatingError(Start-Process): "This command cannot be run due to the error: Logon failure: the user has not been granted the requested logon type at this computer."
Start-Process : This command cannot be run due to the error: Logon failure: the user has not been granted the
requested logon type at this computer.
At C:\Automation\SP\Automation\AutoSPInstallerModule.psm1:2259 char:17
+                 Start-Process -WorkingDirectory "$env:SYSTEMROOT\System32\" -Fil ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

.
WARNING: Could not create local user profile for Domain\ServiceAccount
 - Done Adding Managed Accounts.

So after failed attempt to add first account in to the managed account script will not try to add rest of the accounts and continues to create web applications and failed as it cant find the app pool account because it was not was not read in the step mentioned above ( adding managed account ) you will see some thing like that

Exception             : Microsoft.SharePoint.PowerShell.SPCmdletException: ApplicationPoolAccount is not found.
                           at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord
                        errorRecord)
TargetObject          : Microsoft.SharePoint.PowerShell.SPCmdletNewSPWebApplication
CategoryInfo          : InvalidArgument: (Microsoft.Share...PWebApplication:SPCmdletNewSPWebApplication)
                        [New-SPWebApplication], SPCmdletException
FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSPWebApplication

To avoid this I had to comment out the creation of local profile and it successfully added all the managed accounts and then was able to create web application with out any issues. 

line #2259
Start-Process -WorkingDirectory "$env:SYSTEMROOT\System32\" -FilePath "cmd.exe" -ArgumentList "/C" -LoadUserProfile -NoNewWindow -Credential $credAccount

we cant have interactive log on for any accounts other then admin and farm which will go away soon as well. Any suggestions or better solution will help others in the same situation ?

rw5207 commented 4 years ago

I also ran into the same issue (work in a big company) and added the managed accounts manually so it bypasses this point. All of our service accounts are also tagged with "DenyInteractiveLogon."