Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ApplicationPoolAccount is not found #49

Open
UmrG opened this issue Oct 24, 2019 · 1 comment
Open

ApplicationPoolAccount is not found #49

UmrG opened this issue Oct 24, 2019 · 1 comment

Comments

@UmrG
Copy link

UmrG commented Oct 24, 2019
edited
Loading

Not a show stopper but here is how its behaving and if some one can provide better work around that will be great.
Script will try to add managed accounts after provisioning CA and before creating any web applications and in case you don't have interactive logon enabled for those accounts it will fail to create local profiles. In my case accounts were not allowed interactive logon and were member of DenyInteractivelogon security policy.

- Adding Managed Accounts...
  - Account "Domain\ServiceAccount:
   - Creating local profile for Domain\ServiceAccount...

PS>TerminatingError(Start-Process): "This command cannot be run due to the error: Logon failure: the user has not been granted the requested logon type at this computer."
Start-Process : This command cannot be run due to the error: Logon failure: the user has not been granted the
requested logon type at this computer.
At C:\Automation\SP\Automation\AutoSPInstallerModule.psm1:2259 char:17
+                 Start-Process -WorkingDirectory "$env:SYSTEMROOT\System32\" -Fil ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

.
WARNING: Could not create local user profile for Domain\ServiceAccount
 - Done Adding Managed Accounts.

So after failed attempt to add first account in to the managed account script will not try to add rest of the accounts and continues to create web applications and failed as it cant find the app pool account because it was not was not read in the step mentioned above ( adding managed account )
you will see some thing like that

Exception             : Microsoft.SharePoint.PowerShell.SPCmdletException: ApplicationPoolAccount is not found.
                           at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord
                        errorRecord)
TargetObject          : Microsoft.SharePoint.PowerShell.SPCmdletNewSPWebApplication
CategoryInfo          : InvalidArgument: (Microsoft.Share...PWebApplication:SPCmdletNewSPWebApplication)
                        [New-SPWebApplication], SPCmdletException
FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSPWebApplication

To avoid this I had to comment out the creation of local profile and it successfully added all the managed accounts and then was able to create web application with out any issues.

line #2259
Start-Process -WorkingDirectory "$env:SYSTEMROOT\System32\" -FilePath "cmd.exe" -ArgumentList "/C" -LoadUserProfile -NoNewWindow -Credential $credAccount

we cant have interactive log on for any accounts other then admin and farm which will go away soon as well. Any suggestions or better solution will help others in the same situation ?
@rw5207
Copy link

rw5207 commented Dec 11, 2019

I also ran into the same issue (work in a big company) and added the managed accounts manually so it bypasses this point. All of our service accounts are also tagged with "DenyInteractiveLogon."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@UmrG @rw5207