I'm trying to automate the deployment of the solution my team is working on through TFS Build server. One of the steps which executes a PowerShell script on the target machine fails with the following error:
Microsoft ODBC Driver 11 for SQL Server : Login failed for user 'sa'..
The PowerShell script I'm trying to execute does in fact connect to multiple databases using the sa credentials. When I try to execute the same script passing it the exact same arguments by hand (i.e: executing the script from the target machine VM itself) it works like a charm. But when it is being executed as part of the build steps it fails with the aforementioned error.
Is there a way to further debug the issue? It would be great if there is a way to output trace statements from the script so I could have some insight on what is actually going on.
Usually all the related error should reflect in TFS build log. To narrow your issue you can try to connect to the TFS build agent with the credentials used for the build service and manually run the ps script.
If you execute the ps script with your own account, which will not help to the issue. Usually this kind of problems is related to permissions. Your build service account are lack of related permission. Try to add it to Administrator or SQL Administrator group and execute the build again.
Related
I am working on a TFS CI build pipeline. The build includes execution of functional UI tests (Run Functional Tests) and the required accompanying preparatory test agent deployment step (Deploy Test Agent).
This build executed successfully in the past but spontaneously stopped working recently.
I initially ran into difficulty with the DTA task executing hanging:
Task 'SetupTestMachineForUiTests' on machine '[testVM]:5985' is taking time. Please Wait
I had encountered this issue with this build task before albeit intermittently. However, this time the step would not complete no matter how many times it executed. Eventually (~20 minutes), the step crashed out with the following error:
Task 'SetupTestMachineForUiTests' for machine [testVM]:5985's Error :
System.Exception: Stopping test machine setup as it exceeded maximum number of reboots. If you are running test agent in interactive mode, please make sure that autologon is enabled and no legal notice is displayed on logon in test machines.
Unfortunately, the DTA task only writes logs to the usual location on the test VM when the DTAExecutionHost.exe is manually closed on the server after the step has failed. The logs offer no clue as to what the problem might be.
One of the prerequisites for the DTA step to execute successfully is that AutoLogon is enabled on the test VM; I had done this with a simple PowerShell script, executed prior to the DTA task. In order to confirm that the test VM registry values had been correctly assigned (to enable auto logon, disable legal notice, screensaver etc) during my PowerShell script execution, I added a further PowerShell debug script to the build to output each relevant registry value to the build console (all are correctly assigned).
However, when I went to test remote login on the test VM, using the test username, the user creds are accepted but the following warning message shows:
To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you're in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.
I believe this is the problem. However, the solution has so far eluded me.
I double- and triple- checked; the test user has been added to the
Remote Desktop Users group (also Administrators group).
I've also confirmed that both Administrators and Remote Desktop Users groups
have been granted 'Allow log on through Remote Desktop Services' user
rights.
In testing, I forced successful execution of the build by substituting my own username instead of the test user into the build definition (my user name is also added to RDU and Admin user groups on the server but I can successfully remote onto the box with my own creds); this build executed successfully.
I also inspected the other (possibly, probably) related user groups:
Srv_SeDenyInteractiveLogonRight (test user is absent)
Srv_SeDenyRemoteInteractiveLogonRight (test user is absent)
Srv_SeInteractiveLogonRight (test user present)
I've been fighting with this problem for days now; it's now become a major headache. I'd be very grateful for any insights that might help find a resolution.
Thanks for looking.
The problem was that the account had been added to the AD domain 'DenyInteractiveLogon' group. Adding the account to the local 'Remote Desktop User' and/or the 'Srv_SeInteractiveLogonRight' groups had no effect.
Removing the user account from the domain group resolved the problem.
On Windows Server 2012 Datacenter with Microsoft Dynamics CRM 2016 installed, I want to run a deployment command but for every commands I get this error: "(500) Internal Server Error".
I first run this:
Add-PSSnapin Microsoft.Crm.PowerShell
and it will work fine and when I check it with get-pssnapin and Get-Help *Crm*, every thing is fine and every thing that I need is registered. but when I want to run a cmdlets command like these, I face the error: Get-CrmSetting or Get-CrmCertificate or ...
For example for Get-CrmSetting TraceSettings it give me this error:
How can I solve this problem and error?
Thanks
According to this article, you might want to try:
Get-CrmSetting –SettingType TraceSettings
Here are a couple more items to investigate, from this article:
To use the XRM tooling cmdlets, you need PowerShell version 3.0 or
later. To check the version, open a PowerShell window and run the
following command: $Host
Set the execution policy to run the signed PowerShell scripts. To do
so, open a PowerShell window as an administrator and run the
following command: Set-ExecutionPolicy -ExecutionPolicy AllSigned
Verify the (CRMDeploymentServiceAppPool Application Pool identity) has SQL SEVER SysAdmin permission. This is needed to perform any CRM configuration changes and organizational operations.
Note: it does not matter if the account executing the PowerShell is a system admin or SQL server sysadmin because these operations are executed via the deployment web service.
Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)
....Sysadmin permission on the instance of SQL Server to be used for the configuration and organization databases.
....
(500) Internal Server Error, refers to a HTTP response status code. This means that the Powershell command is calling a URL and the URL is reporting a error.
You need to know the URL to really find out what the problem is. One way you can get the URL, is downloading Fiddler Classic. Once installed, you have to enable HTTPS decryption.
In my case the URL was...
https://<my-crm-domain>/XrmDeployment/2011/deployment.svc?wsdl
When I ran this URL on the server where CRM is installed, I got an exception stating...
Could not load file or assembly 'Microsoft.Crm.Application.Components.Application'
All this meant, I needed to copy a file, Microsoft.Crm.Application.Components.Application.dll, from C:\Program Files\Dynamics 365\CRMWeb\bin into folder C:\Program Files\Dynamics 365\CRMWeb\XRMDeployment\bin.
Once this was done, the URL worked and therefor my PowerShell command as well.
EDIT: I overlooked "Prerequisites for executing build definitions is to have your build agent ready, here are steps to setup your build agent, you can find more details in this blog ." from these steps. I'm currently trying to get that build agent up and running on an Azure VM and will report back.
I'm following these steps to try and get CD and Selenium tests running through my Visual Studio Online TFbuild. I've had some helpful hints after sending some feedback via email, but I'm still not able to get past the file copy step.
I've created a Windows 10 Enterprise VM.
I've correctly set the ip address in my build test machines and am able to RDP into the machine.
I've successfully (after several attempts) gotten Remote Power shell working (though I'm not 100% certain winrm s winrm/config/client '#{TrustedHosts="Hosted Agent"}'). I got the name from https://{}.visualstudio.com/DefaultCollection/_admin/_AgentQueue or Build > edit build > General > Default Queue > Manage.
PS C:\users\cdd\Desktop> winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
This seems to be ready after
PS remoting is not supported when network connection type is public. Please check http://blogs.msdn.com/b/powershell/archive/2009/04/03/setting-network-location-to-private.aspx.
and echo "setting executionpolicy"
powershell -command "& Set-ExecutionPolicy -executionpolicy unrestricted -force"
echo "setting remoting"
powershell -command "& Enable-PSRemoting -force"
That's a lot of details, but I'm still stuck after that:
Copy started for - '{ip}:5985'
Copy status for machine '{ip}:5985' : 'Failed'
Failed to execute the powershell script. Consult the logs below for details of the error.
Failed to connect to the path \{ip} with the user cdd for copying.System error 53 has occurred.
The network path was not found.
For more info please refer to http://aka.ms/windowsfilecopyreadme
I have a few questions:
Do I have the correct name of the VM?
Do you have steps on how to get the VM setup to allow FileCopy?
I'm probably missing something else, I'm not familiar with PowerShell or getting this setup. What can I try to get the path available for my cdd adminstration user that I setup when I created the VM?
To copy files to an Azure VM machine, you should use the "Azure File Copy" step that provided in VSO build definition. It provides detailed setting for you to access to your Azure VM machine.
I have set-executionpolicy unrestricted. I was able to run scripts previously. After I got an error running a powershell script, I started getting the following error:
File C:..\test.ps1 cannot be loaded because its operation is blocked by
software restriction policies, such as those created by using Group Policy.
It doesn't matter what is in the script file I am trying to run.
From what I can tell nothing else has changed. I was doing something with a remote powershell session to a remote machine, got an error. Then was unable to run scripts locally unless I run powershell.exe as administrator.
Software Restriction Policies (SRP) have nothing to do with Powershell directly.
Someone has set a restriction on what can be run and/or from where it can be run.
This isn't related to Powershell Execution Policy, Powershell Remoting, nor administrative rights/privileges.
Typically SRP is set through Group Policy and pushed out (I'm guessing you're on a domain).
You could use rsop.msc on your machine to try to determine what the settings are and maybe which policy is applying them.
If you want more information on SRP you should probably post on ServerFault.
So we are trying to setup a Continuous Integration server at my company. What we need to do is svn update the working copy on the server, then build it, start the site using IIS express and then run Watin/Specflow tests on it. I'm using rake inside of CCNet to automate all of this. We are running CCNet as a service and logging in as a build agent because svn uses our domain login credentials in order to authenticate. I've been unable to call the command line "svn update --username user --password pass" because of this. Yet Watin needs to be run in an interactive mode, and the service won't let me . I'm able to get it to work if we manually log on to the server and run ccnet as command line. Unfortunately the Build Agent also logs out of that user account, closing any command lines with it (I don't know why they need it to do this but they do). So is it possible to run a service in interactive mode if its signed in as a user?
If you have access to two servers you can build (can also work from computer to server)
Automated remote desktop - in windows form
see this post http://www.codeproject.com/Articles/43705/Remote-Desktop-using-C-NET
from one server to log into the server you need to run the Watin tests on and in the scheduled task, have the tests to come on after the log in has happened. This then gives the impression that the service is interacting with the desktop.
If you need any more information let me know