i'm trying to install SQL Server 2012 on Win 2012 r2 server remotely via Powershell using Invoke-Command, but it fails with this error
"Validation for setting 'SQLSVCACCOUNT' failed. Error message: The SQL Server service account login or password is not valid. Use SQL Server Configuration Manager to update the service account."
The login and the password are correct.
When i execute the same command directly on the server it works fine.. i don't understand.
I'm using Domain Administrator credentials to iniate my PSSession.
This is my code :
$SApwd = "MyPassword"
$ServiceAccount= "SPRINGFIELD\SQLCitrix"
$ServicePassword = "MyPassword"
$SqlCollation = "French_CI_AS"
$user = "Springfield\Administrator"
$password = ConvertTo-SecureString -AsPlainText -Force -String "MyPassword"
$credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user,$password
$session = New-PSSession -ComputerName $ipsqlserver -Credential $credentials
Invoke-Command -Session $session -ScriptBlock {Set-Location -Path C:\sources\sql }
Invoke-Command -Session $session -ScriptBlock {.\Setup.exe /SAPWD=$using:SApwd /IACCEPTSQLSERVERLICENSETERMS /Q /UpdateEnabled="False" /FEATURES=SQLENGINE,SSMS,ADV_SSMS /INDICATEPROGRESS="True" /X86="False" /ACTION=INSTALL /INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server" /INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server" /INSTANCENAME="MSSQLSERVER" /INSTANCEID="MSSQLSERVER" /SQMREPORTING="False" /ERRORREPORTING="False" /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /AGTSVCACCOUNT=$using:ServiceAccount /AGTSVCPASSWORD=$using:ServicePassword /AGTSVCSTARTUPTYPE="Automatic" /SQLSVCSTARTUPTYPE="Automatic" /FILESTREAMLEVEL="0" /ENABLERANU="False" /SQLCOLLATION="French_CI_AS" /SQLSVCACCOUNT=$using:ServiceAccount /SQLSVCPASSWORD=$using:ServicePassword /SQLSYSADMINACCOUNTS="CASTOR\Administrator" /SECURITYMODE="SQL" /TCPENABLED="1" /NPENABLED="0" /BROWSERSVCSTARTUPTYPE="Automatic"}
There is a more detailled log file here : http://pastebin.com/nNurAz0g
Thanks for your help
Best Answer
You need to let the target machine be trusted for delegation. In ADUC go to the properties of the target computer->Delegation tab-> Trust this computer for delegation to any service (Kerberos only). Then set correct SPNs to allow the service account to impersonate target box:
Allow some time for SPN information to propagate through your forest and try again. More about SPNs here: http://msdn.microsoft.com/en-gb/library/ms191153.aspx.