Windows – Installing SQL remotely using Invoke-Command

i'm trying to install SQL Server 2012 on Win 2012 r2 server remotely via Powershell using Invoke-Command, but it fails with this error

"Validation for setting 'SQLSVCACCOUNT' failed. Error message: The SQL Server service account login or password is not valid. Use SQL Server Configuration Manager to update the service account."

The login and the password are correct.
When i execute the same command directly on the server it works fine.. i don't understand.

I'm using Domain Administrator credentials to iniate my PSSession.

This is my code :

$SApwd = "MyPassword"
$ServiceAccount= "SPRINGFIELD\SQLCitrix"
$ServicePassword = "MyPassword"
$SqlCollation = "French_CI_AS"

$user = "Springfield\Administrator"
$password = ConvertTo-SecureString -AsPlainText -Force -String "MyPassword"
$credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user,$password
$session = New-PSSession -ComputerName $ipsqlserver -Credential $credentials

Invoke-Command -Session $session -ScriptBlock {Set-Location -Path C:\sources\sql } 
Invoke-Command -Session $session -ScriptBlock {.\Setup.exe /SAPWD=$using:SApwd /IACCEPTSQLSERVERLICENSETERMS /Q /UpdateEnabled="False" /FEATURES=SQLENGINE,SSMS,ADV_SSMS /INDICATEPROGRESS="True" /X86="False" /ACTION=INSTALL /INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server" /INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server" /INSTANCENAME="MSSQLSERVER" /INSTANCEID="MSSQLSERVER" /SQMREPORTING="False" /ERRORREPORTING="False" /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /AGTSVCACCOUNT=$using:ServiceAccount /AGTSVCPASSWORD=$using:ServicePassword /AGTSVCSTARTUPTYPE="Automatic" /SQLSVCSTARTUPTYPE="Automatic" /FILESTREAMLEVEL="0" /ENABLERANU="False" /SQLCOLLATION="French_CI_AS" /SQLSVCACCOUNT=$using:ServiceAccount  /SQLSVCPASSWORD=$using:ServicePassword /SQLSYSADMINACCOUNTS="CASTOR\Administrator" /SECURITYMODE="SQL" /TCPENABLED="1" /NPENABLED="0" /BROWSERSVCSTARTUPTYPE="Automatic"}

There is a more detailled log file here : http://pastebin.com/nNurAz0g

Thanks for your help

Best Answer

You need to let the target machine be trusted for delegation. In ADUC go to the properties of the target computer->Delegation tab-> Trust this computer for delegation to any service (Kerberos only). Then set correct SPNs to allow the service account to impersonate target box:

setspn -A MSSQLSvc/FQDNofYourTargetBox domain\accountname 
setspn -A MSSQLSvc/FQDNofYourTargetBox:1433 domain\accountname
setspn -A MSSQLSvc/NetbiosNameofYourTargetBox domain\accountname

Allow some time for SPN information to propagate through your forest and try again. More about SPNs here: http://msdn.microsoft.com/en-gb/library/ms191153.aspx.

Best Answer

Related Solutions

Windows – SQL Server 08 Express error when connecting to localhost – “Timeout expired”. Works with ::1 or 127.0.0.1

Sql-server – Installed SQL Server 2008 and now TFS is broken

Related Topic