Not a show stopper but here is how its behaving and if some one can provide better work around that will be great.
Script will try to add managed accounts after provisioning CA and before creating any web applications and in case you don't have interactive logon enabled for those accounts it will fail to create local profiles. In my case accounts were not allowed interactive logon and were member of DenyInteractivelogon security policy.
- Adding Managed Accounts...
- Account "Domain\ServiceAccount:
- Creating local profile for Domain\ServiceAccount...
PS>TerminatingError(Start-Process): "This command cannot be run due to the error: Logon failure: the user has not been granted the requested logon type at this computer."
Start-Process : This command cannot be run due to the error: Logon failure: the user has not been granted the
requested logon type at this computer.
At C:\Automation\SP\Automation\AutoSPInstallerModule.psm1:2259 char:17
+ Start-Process -WorkingDirectory "$env:SYSTEMROOT\System32\" -Fil ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
.
WARNING: Could not create local user profile for Domain\ServiceAccount
- Done Adding Managed Accounts.
So after failed attempt to add first account in to the managed account script will not try to add rest of the accounts and continues to create web applications and failed as it cant find the app pool account because it was not was not read in the step mentioned above ( adding managed account )
you will see some thing like that
Exception : Microsoft.SharePoint.PowerShell.SPCmdletException: ApplicationPoolAccount is not found.
at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord
errorRecord)
TargetObject : Microsoft.SharePoint.PowerShell.SPCmdletNewSPWebApplication
CategoryInfo : InvalidArgument: (Microsoft.Share...PWebApplication:SPCmdletNewSPWebApplication)
[New-SPWebApplication], SPCmdletException
FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSPWebApplication
To avoid this I had to comment out the creation of local profile and it successfully added all the managed accounts and then was able to create web application with out any issues.
we cant have interactive log on for any accounts other then admin and farm which will go away soon as well. Any suggestions or better solution will help others in the same situation ?
I also ran into the same issue (work in a big company) and added the managed accounts manually so it bypasses this point. All of our service accounts are also tagged with "DenyInteractiveLogon."
Not a show stopper but here is how its behaving and if some one can provide better work around that will be great. Script will try to add managed accounts after provisioning CA and before creating any web applications and in case you don't have interactive logon enabled for those accounts it will fail to create local profiles. In my case accounts were not allowed interactive logon and were member of DenyInteractivelogon security policy.
So after failed attempt to add first account in to the managed account script will not try to add rest of the accounts and continues to create web applications and failed as it cant find the app pool account because it was not was not read in the step mentioned above ( adding managed account ) you will see some thing like that
To avoid this I had to comment out the creation of local profile and it successfully added all the managed accounts and then was able to create web application with out any issues.
we cant have interactive log on for any accounts other then admin and farm which will go away soon as well. Any suggestions or better solution will help others in the same situation ?