Powershell DSC - xSQLServerInstall - Fails When Using Domain Service Accounts

Similar Messages

• CSACS servcies fail to start when using domain user account

  I have installed CSACS 3.3 on a member server in a Windows 2003 domain. The member server is running Server 2003, too.
  I created a user account in Active Directory and configured the CSACS services to log on as this account. Through Group Policy I granted the user the "log on as a service" and "act as part of the operating system" privileges per the Installation Guide for Cisco Secure ACS for Windows. I verefied that the policy has taken affect on the CSACS server.
  The CSACS services fail to start as this user account. The error messages are non-specific. If I add the user to the local administrators group the services start just fine.
  Anybody know what I might be missing?
  Thanks in advance.
  Colin

  Did you ever figure this out? I'm running into the exact same problem. Same version of ACS and everthing. CSLog is the only service that started.

• Failed to Configured Domain Services for Windows

  Hi!
  I am installing OES 2 SP3 with DSfW Pattern as a "New Domain Controller in an Existing Domain Services for Windows Domain" with Replication Configuration and Schema Partition.
  During the "Perform eDirectory Configuration" at last task "Configure Domain Services for Windows " at 93% we encountered an error: "Failed to configure Domain Services for Windows".
  Here's details of error ;
  command : perl /opt/novell/xad/sbin/ndsdcinit.pl retry full-replica -d 'vec.apd.com.ph' -l 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph'
  -g 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph' -f 'apd.com.ph' -p 'apd.com.ph' -o 192.168.81.92 -t
  Could not create gss directory /etc/opt/novell/xad/gss at /opt/novell/xad/sbin/ndsdcinit.pl line 463, line 652
  LDAP Based utility [ndsConfigServerContext.sh] to retrieve server context for YaST
  DomainName : vec.apd.com.ph
  NdsAdminName : CN=Administrator,CN=Users,DC=vec,DC=apd,DC=com,DC= ph
  ExistingServerIP : ANDROMEDA.vec.apd.com.ph
  ExistingServerPort : 0
  Add_DC : true
  Returning server context->ou=OESSystemObjects.dc=vec.dc=apd.dc=com.dc=ph
  LDAP Based utility [ndsConfigServerContext.sh] to retrieve server context for YaST
  DomainName : vec.apd.com.ph
  NdsAdminName : CN=Administrator,CN=Users,DC=vec,DC=apd,DC=com,DC= ph
  ExistingServerIP : ANDROMEDA.vec.apd.com.ph
  ExistingServerPort : 0
  Add_DC : true
  Returning server context->ou=OESSystemObjects.dc=vec.dc=apd.dc=com.dc=ph
  SASL/GSS-SPNEGO authentication started
  SASL SSF: 56
  SASL installing layers
  Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/novell/xad/lib64/perl/Install/adc_install.pm line 503
  at /opt/novell/xad/lib64/perl/Logger.pm line 119
  Logger::_err('Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/...') called at /opt/novell/xad/lib64/perl/Logger.pm line 202
  Logger::Log(0, 'Failed to fetch dNIPDNSZones from DNS_LOCATOR_OBJECT at /opt/...') at /opt/novell/xad/lib64/perl/Install/adc_install.pm line 532
  adc_install::decide_domain_zones() called at /opt/novell/xad/lib64/perl/install/adc_install.pm line 150
  adc_install::stage_domain('adc_install=HASH (0X8b9370)') called at /opt/novell/xad/sbin/ndsdcinit.pl line 1383
  main::main(62, 'apd.com.ph', 'vvec.apd.com.ph', 'TRUE','ou=OESSystemObjects,dc=vec,dc=apd,dc=com,d c=ph','ADM_PASSWD_DOMAIN','ou=OESSystemObjects,dc= vec,dc=apd,dc=com,dc=ph','replops::DESTROY',
  'APD.COM.PH',...) called at /opt/novell/xad/sbin/ndsdcinit.pl line 1301
  main::main() called at /opt/novell/xad/sbin/ndsdcinit.pl line 1425
  ENV PATH = /opt/novell/xad/sbin:/opt/novell/xad/bin:/opt/novell/xad/share/dcinit:/opt/novell/eDirectory/bin:
  LIB=lib64
  LD LIBRARY PATH =
  /opt/novell/xad/lib64:/opt/novell/xad/lib64/nds-
  modules:/opt/novell/eDirectory/lib64:/opt/novell/eDirectory/lib64/nds-modules
  SASL PATH = /opt/novell/xad/lib64/sasl2
  DCINIT CONFIG: /etc/opt/novell/xad/xad.ini
  DOMAIN NAME: vec.apd.com.ph
  PARENT NAME: apd.com.ph
  FOREST NAME: apd.com.ph
  NETBIOS NAME: VEC
  Any ideas on this error ?
  Regards. Thanks.
  denzmo

  Thanks for the reply.
  I have some followup questions
  2. Can you explain the DNS setting in your setup ?
  Tree ---> Power--> apd.com.ph -- dlpc.apd.com.ph
  -- vec.apd.com.ph -- Andromeda.vec.apd.com.ph (DNS)
  -- Pictor.vec.apd.com.ph ( additional domain server ) -> "Failed to configure in DSFW"
  1. apd.com.ph, dlpc.apd.com.ph, vec.apd.com.ph are DSfW domains or just DNS domains ?
  2. Andromeda.vec.apd.com.ph (DNS) - is this the DC of a DSfW domain ?
  3. You are adding the Additional domain controller to the vec.apd.com.ph domain right ?
  The
  # LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapsearch -Y EXTERNAL -s sub -b dc=ph "(objectclass=dniplocator)" dn
  Heres the result ;
  a.) running the command in the DNS server (child domain) ANDROMEDA;
  SASL /EXTERNAL authentication started
  SASL username: gidNumber=0+uidNumber=0, cn=peercred,cn=external,cn=auth
  SASL SSF: 0
  # extended LDIF
  # LDAPv3
  # base <dc=ph(objectclass=dniplocator) [email protected]> with scope subtree
  # filter: (objectclass=*)
  # requesting:ALL
  # search result
  search : 2
  result : 32 No such object
  text : NDS error : no such entry (-601)
  # numResponses :1
  This is strange. This ldapsearch is failing to find the locator object in the tree under dc=ph.
  - Can you try this same command from your FRD DC too and find the result ?
  - Is your server non-name mapped or your adding a DSfW server into an existing eDirectory tree (name mapped) ?
  - If it is later can you try the same search with '-b' parameter replaced with container to which FRD is mapped to into the eDirectory Tree.
  - Can you tell in your setup where are the locator object present for your first DSfW server which is acting as DNS server ?
  - While installing this ADC server, you have given the remote dns server as 192.168.81.92. In the YaST DNS screen did you do retrieve (by clicking 'retrieve' button on the screen ) or you entered those inputs manually ?
  - Another follow up question. The locator context provided to the ndsdcinit command in your first post, is 'ou=OESSystemObjects,dc=vec,dc=apd,dc=com,dc=ph'. Can you confirm your locator
  context is correct ?
  [/QUOTE]
  b.) running the command in the ADC PICTOR;
  SASL /EXTERNAL authentication started
  ldap_sasl_interactive_bind_s: invalid credentials (49)
  [/QUOTE]
  This is expected as the server is not completely configured.
  Please get it touch with our NTS for passing on more information about this setup.

• [svn:bz-4.x] 16147: Fix a few more regression tests on the 4. x branch that were failing when using Spring integration.

  Revision: 16147
  Revision: 16147
  Author:   [email protected]
  Date:     2010-05-17 06:18:38 -0700 (Mon, 17 May 2010)
  Log Message:
  Fix a few more regression tests on the 4.x branch that were failing when using Spring integration.
  Modified Paths:
      blazeds/branches/4.x/qa/apps/qa-regress/WEB-INF/src/runtimeconfig/remoteobjects/ROMessage Destination.java
      blazeds/branches/4.x/qa/apps/qa-regress/WEB-INF/src/runtimeconfig/remoteobjects/RuntimeCo nfigurator.java
      blazeds/branches/4.x/qa/resources/webtier/flex_sdk_4/flex-config.xml

  Well heres my story. I tried kde4 from extra the last 3 weeks and I like it. I have used xfce for the past 3 years, previous to that gnome. Tried kde but never really liked it. Now I am only using workspace, base, mutimedia and graphics.
  Here is what I like.
  1- Dolphin, awesome I have used thunar a while and it is great but I love splitview, and fish for ssh (which has been around a while I know), and the ability to mount other partitions on my hdd with a click no fstab entry or nothin'.
  2-Pretty, I've used xfce with built in compositor an love the snappiness. But I like desktop grid with kde4 and flipswitch. Compiz-fusion is cool but I prefer not to use I'll take what the DE gives. Plasmoid are cool too.
  3- Gwenview is nice too. Use to use gqview, but thumnails are nice.
  Looking forward to or lacking
  1- Keyboard shortcuts, Yes xbindkeys is there but if I have a DE I want it to do it. They just don't work now.
  2- kde4 has windows specific settings, but I can't set the opacity for particular windows , doesn't work.
  3- Ram of course is much higher in kde4, but maybe I'm getting old I just don't care as much.

• Changing Export Location when using Publish Services to Hard Drive?

  Hi,
  I am aware that typically when using publish services it is not possible to change the export location once it has been set. This has put me in a very precarious situation; let me explain.
  I work for a distribution company that sells 15+ product lines. For almost every product, they have a photograph. I was asked to set up a system whereby a number of sales representatives could access these photographs in an organized fashion from their own computers. This is how I have set things up: A media computer (backed up onto an external hard drive) has all the raw files. In lightroom I have set up two publish services to hard drive. The export location for these two publish services was an external drive that was accessible throughout the company network. Unfortunately, while I was gone, the external drive was changed over to a cloud-based system. As such, the export location for my publish services no longer exists.
  Of course, I could go and re-create the publish services, but unfortunately that would be an incredibly laborious process because each publish service has 10 or so sets with 2-4 levels of folders amounting to several hundred folders that would need to be re-created. Moreover, because of the complexity of the system, I made them all smart-folders with specified attributes, etc. So re-creating all these folders would take a whole lot of time and could literally drive a guy crazy (I would know, I set the thing up and it did almost drive me crazy!)
  So, I was wondering if there is any lightroom wiz out there who knows a work-around for my issue.
  Now, I did do some digging already and I came across this article: http://blog.27shutterclicks.com/2012/03/how-to-change-the-publish-service-export-location- in-lightroom-3-4/    which outlines a method for changing the export location! However, as far as I can tell, I would still have to change the export location of each folder manually, which would basically be just as complex and confusing as recreating the publish service anyways. Am I correct in this thinking, or using this method is there a "root" folder than I can change, which will change every other folder?
  Hopefully I have outlined this clearly enough. I will really appreciate any response! Thanks and have a good day.
  -M

  MichaelKuby wrote:
  I am aware that typically when using publish services it is not possible to change the export location once it has been set. This has put me in a very precarious situation; let me explain.
  Yes, it is not possible to change the export location for a Publish service.
  But it is possible to set up another Publish Service with a different location.
  Under <Publish Services> right-click the header bar where it says "Hard Drive: .... " and select <Create Another Publish Service via Hard Drive>.
  See screen shot:
  In the editor that comes up select the "cloud" as location.

• Install OBIEE Failed When Creating Domain

  Hi all,
  I tried to install OBIEE on 64bit redhat linux, but failed when creating domain, the error log shows:
  Starting the domain ...
  oracle.as.provisioning.util.ConfigException:
  Error while starting the domain.
  Cause:
  An error occurred while starting the domain.
  Action:
  See logs for more details.
       at oracle.as.provisioning.util.ConfigException.createConfigException(ConfigException.java:123)
       at oracle.as.provisioning.weblogic.ASDomain.startDomain(ASDomain.java:3180)
       at oracle.as.provisioning.weblogic.ASDomain.startDomain(ASDomain.java:3043)
       at oracle.as.provisioning.engine.WorkFlowExecutor._startAdminServer(WorkFlowExecutor.java:1645)
       at oracle.as.provisioning.engine.WorkFlowExecutor._createDomain(WorkFlowExecutor.java:635)
       at oracle.as.provisioning.engine.WorkFlowExecutor.executeWLSWorkFlow(WorkFlowExecutor.java:391)
       at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:866)
       at oracle.as.install.bi.biconfig.standard.StandardWorkFlowExecutor.executeHelper(StandardWorkFlowExecutor.java:31)
       at oracle.as.install.bi.biconfig.standard.DomainProvisioningTask.doExecute(DomainProvisioningTask.java:49)
       at oracle.as.install.bi.biconfig.standard.AbstractProvisioningTask.execute(AbstractProvisioningTask.java:70)
       at oracle.as.install.bi.biconfig.standard.StandardProvisionTaskList.execute(StandardProvisionTaskList.java:66)
       at oracle.as.install.bi.biconfig.BIConfigMain.doExecute(BIConfigMain.java:113)
       at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:375)
       at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:88)
       at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:105)
       at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
       at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:96)
       at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:186)
       at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
       at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:86)
       at java.lang.Thread.run(Thread.java:662)
  Caused by: oracle.as.provisioning.util.ConfigException:
  Error while starting the domain.
  Cause:
  An internal WLST operation has failed.
  Action:
  See logs for more details.
       at oracle.as.provisioning.util.ConfigException.createConfigException(ConfigException.java:123)
       at oracle.as.provisioning.weblogic.ASDomain.startDomain(ASDomain.java:3126)
       ... 19 more
  oracle.as.provisioning.exception.ASProvisioningException
       at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:872)
       at oracle.as.install.bi.biconfig.standard.StandardWorkFlowExecutor.executeHelper(StandardWorkFlowExecutor.java:31)
       at oracle.as.install.bi.biconfig.standard.DomainProvisioningTask.doExecute(DomainProvisioningTask.java:49)
       at oracle.as.install.bi.biconfig.standard.AbstractProvisioningTask.execute(AbstractProvisioningTask.java:70)
       at oracle.as.install.bi.biconfig.standard.StandardProvisionTaskList.execute(StandardProvisionTaskList.java:66)
       at oracle.as.install.bi.biconfig.BIConfigMain.doExecute(BIConfigMain.java:113)
       at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:375)
       at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:88)
       at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:105)
       at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
       at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:96)
       at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:186)
       at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
       at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:86)
       at java.lang.Thread.run(Thread.java:662)
  Caused by: oracle.as.provisioning.exception.ASProvWorkflowException: Error Executing workflow.
       at oracle.as.provisioning.engine.WorkFlowExecutor._createDomain(WorkFlowExecutor.java:686)
       at oracle.as.provisioning.engine.WorkFlowExecutor.executeWLSWorkFlow(WorkFlowExecutor.java:391)
       at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:866)
       ... 14 more
  the following steps(steps after creating domain) raised:
  Caused by: java.net.ConnectException: t3://hostname:7001: Destination unreachable; nested exception is:
      java.net.ConnectException: Connection refused; No available router to destination
  It's unlikely a hosts file issue which I've met before.
  Install OBIEE Failed on Linux 64bit
  the log caused by hosts file shows:
  Caused by: oracle.as.provisioning.util.ConfigException:
  Error while starting the domain.
  Cause:
  Starting the Admin_Server timed out.
  BTW, the port was tested to be available.
  any idea?
  thanks in advance
  Nathaniel

  we had this issue couple of days back ,,
  Resolved by doing below
  1. uninstall obiee 2. drop the repository 3, remount /tmp folder
  with this we could successfully install obiee 11.1.1.7

• IFCORE-1565: The Dgraph could fail when using a relevance ranking strategy.

  Hi,
  I just saw the release notes for Endeca 6.2.2 and read this bug:
  IFCORE-1565: The Dgraph could fail when using a relevance ranking strategy.
  Is there someone who could provide some more information on this bug? What is it and when does it occur? Reading the word 'could' would suggest a kind of unpredictability?
  Thanks,
  Maarten

  The known trigger for the bug was doing relrank on a query that contained multiple text searches.

• Use SIA service account for SQL Server reporting connections (BIP4.1)

  Is it possible to use the SIA service account as a proxy for a SQL Server connection using OLE DB? This way, anytime a report was refreshed, the SIA service account would be used when authenticating to the reporting database? This is a common pattern in software development to minimize database maintenance (when there is sufficient security being enforced at the application layer - BOBJ provides this).
  This would make SQL Server database security management very easy for the DBAs (just add the BOBJ service account to the database and assign dbreader).
  I would think this would be an option, but a Relational Connection only provides the following 3 Authentication modes when using the IDT to create and publish a Relational Connection (OLEDB/MSSQL):
  Use BusinessObjects credential mapping
  This takes the username and password from the "Database Credentials" section of the BusinessObjects User object for the user in the current session. It passes the info as hard-coded SQL authentication.
  Use single sign-on when refreshing reports at view time
  This is ONLY for end-to-end single-sign-on (as the error message in the next paragraph specifies) and uses the Windows AD credentials for the user in the current session. It is this method of authentication that I'd like to use, i.e. Windows Integrated Security, but I'd like to have the SIA account act as the account that makes the connection, not end-to-end.
  Use specified username and password
  This is for hard-coding usernames and passwords (only SQL authentication in OLE DB).
  I've tried leaving the "Cache security context" option OFF in Windows AD Authentication settings, hoping it would default to using the service account for authentication to the database... to no avail. It fails during tests in the IDT with the message:
  "Single Sign-On failed in the CMS. Please contact your system administrator for details. : The authentication provider (secWinAD) associated with this logon session does not have inter-process Single Sign-On enabled. Contact your system administrator for details. (FWB 00019)"
  Alternatively, a SQL user could be hard-coded into the connection (same simple maintenance on the DBA side), but we'd really like to rely on Windows Integrated Security if possible!
  Is there a way?
  Any help is greatly appreciated!
  David

  Hey David,
  Did you ever solve this? We get the same SSO error when indexing information spaces in Explorer.
  Thanks,
  Brandon

• R12 using domain user account

  Hi All,
  Our architecture is R12.1.3 Apps and 11.2.0.3 database.we are trying to clone from PROD to test.
  Copyright (c) 1991, 2011, Oracle. All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ppclone15db.ppgpl.co.tt)
  (PORT=1524)))
  The command completed successfully
  ECHO is off.
  Listener DB15 has already been started.
  ECHO is off.
  addlnctl.cmd exiting with status 0
  [SC] OpenService FAILED 1060:
  The specified service does not exist as an installed service.
  oracleserviceTest is created with path executable /orant/bin oracle.exe instead of ORACLE_HOME/bin oracle.exe.
  we are doing rapidclone using Domain user account (with local administrator privilege)
  As per metalink note id 406982.1 Note: On Microsoft Windows, Rapid Clone is not currently certified for use from Domain User Accounts
  kindly provide us suitable solutions to overcome rapid clone issue in windows machine.
  Regards,
  Dinesh

  Hi,
  As a workaround, always keep a copy of your configuration files like (XML files, .ora files etc) from the TEST environment before removing all the files for cloning.
  Original files can be copied over from backup copies and can be reused after running the autoconfig.
  You can take a backup of your existing Oracle services running on windows for TEST environment before removing it for Clone.
  To view the oracle services running and their location on windows OS you can view the services by:
  go to Run --> services.msc to get to the services page.
  Regards
  Neeraj Sharma
  Edited by: NeSharma on Jul 9, 2012 2:13 AM

• SQL Server services accounts using Managed Service Accounts

  Hi guys,
  Need your feedback on something, is it wiser to use Managed Service Accounts or normal domain accounts to run SQL Server services? MSA's only work in a single computer, so for every environment I would need to create a new set of sql services accounts.
  If I create a single account wouldn't it be simpler? For instance domain\sqlservices and set it on every service and every environment (dev, qa and production)

  Hi
  It is a good question but the answer is not black or white. The answer is depend like most configuration questions.
  I recommend you to use
  Google to find blogs about the issue.
  You can start from this links, which are great starting point for you question:
  Best Practices For Using SQL Server Service Accounts
  Book Online
    Ronen Ariely
   [Personal Site]    [Blog]    [Facebook]

• When using my Gmail account, I often (many times a day) get "Unresponsive Script" errors.

  when using my Gmail account I often (many times daily) get "Unresponsive Script" errors. I have to hit "CONTINUE" button to continue.

  Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  You can try to reset Firefox and create a new profile.
  *https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems
  See also:
  *http://kb.mozillazine.org/Firefox_crashes
  *https://support.mozilla.org/kb/Firefox+crashes

• Failing to install Domain Services on a Windows 2012R2 without internet connection

  Hello
  i have a windows 2012r2 server without internet connection.
  when i try to add the Domain Services role it failed in the Feature installation phase
  i even tried to provide an alternate location from a ISO source but that didn't help either 
  im lost here what should i do?
  i attached the fail screenshot
  Thanks 
  Guy

  What error is shown in Event Viewer when the install fails?
  Is it the first 2012 R2 DC in a lower level domain?
  Try installing ADDS via PowerShell:
  Import-Module ServerManager
  Install-windowsfeature -name AD-Domain-Services –IncludeManagementTools
  The other thing that it could be is an issue with the WID (Windows Internal Database)
  Check in the Event Viewer for anything to do with Service: MSSQL$MICROSOFT##WID and perhaps try this:
  Adjust your domain (or domain controller if appropriate) security policy to allow “NT SERVICE\MSSQL$MICROSOFT##WID” to log on as a service, a GPO setting that can be found under Computer Configuration > Policies > Windows Settings > Security Settings
  > Local Policies > User Rights Assignment.
  Kind Regards
  Michael Coutanche
  Blog:   
  Twitter:   LinkedIn:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Should I use Managed Service Accounts or individual, Domain User accounts?

  I'm setting up a new SP 2013, and I'm trying to be very granular as it relates to "Least Privilege".
  I'm trying to figure out which accounts could be created as Managed Service Accounts (MSA's) and which ones truly need to be created as Domain User accounts in order to run either specific SQL and/or SharePoint services.
  At face value, I *think* any service could be successfully run using an MSA and yet any installation of either SQL Server 2012 and/or SharePoint 2013 should be done using a Domain User account created for that specific purpose (i.e., SP_FARM, SP_ADMIN, SQL_ADMIN,
  etc.). In fact, I *think* the installation would HAVE to be done with an actual Domain User account, because (unless I'm wrong), MSA's do not have a shell and therefore CAN'T log on...which is by design?
  Here's a Microsoft TechNet article that lists many of the accounts I'm referring to:
  https://social.technet.microsoft.com/wiki/contents/articles/14500.sharepoint-2013-service-accounts.aspx
  Note that it says MOST of the accounts are Domain accounts, but I don't *think* all of these need to BE
  Domain accounts - I think MOST of them could be created as MSA's and assigned to run the specific service without any problems whatsoever?
  So again, my question is: which accounts could be created as Managed Service Accounts (MSA's) and which ones truly need to be created as Domain User accounts in order to run either specific SQL and/or SharePoint service or to even perform a
  successful installation of the software?
  Ed

  No, script 1 does not create Active Directory Managed Service Accounts (see here:
  http://blogs.technet.com/b/askds/archive/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting.aspx) These are not applicable to SharePoint and are not mentioned in any of those scripts, look at the PowerShell
  commandlets, they are very different.
  Script 1 creates active directory users. These are, as far as AD cares, just standard user objects. There is nothing at all special about them in AD.
  At some point you would install SharePoint using those accounts, during that process they get resisted in SharePoint as SharePoint Managed Accounts.
  Script 2 updates the settings on those managed accounts in bulk.

• Import Fails When Using Transport Manager ID

  Hi Experts,
  When carrying out an import request in NWDI in Change Management Service under
  'Consolidation' with an ID (ztesttpt) which has been assigned only 'NWDI.Operator' Role
  we are getting the below errors and import fails.
  'TCSDeployException_Communication: Server cdbaxd08 did not accept
  login request as apiadmin on port 50018'
  'Caller ztesttpt not authorized, only role administrators is allowed to access JMX'
  Note that as per the SAP NWDI document 'How To setup NWDI Permissions and Roles', we
  have assigned the following actions to the 'NWDI.Operator' Role.
  CBS.Administrator
  CMS.CriticalFunctions
  CMS.Display
  CMS.Transport
  However, when using the ID 'nwdi_cmsadm' (which has FULL authorizations) to do the import
  there is no issue.
  Is there any additional actions/roles that need to be assigned to the ztesttpt ID?
  Any advice or comments would be greatly appreciated.

  Abhishek,
  check this link
  http://help.sap.com/saphelp_nw70/helpdata/en/46/5b8c954bb04cae84a21793ad9b4c92/frameset.htm
  Thanks
  Bala Duvvuri

• APP-V 5: Powershell: "New-AppVSequencerPackage" fails when Reboot is needed from Software

  Hi,
  I am trying to automate the process of sequencing an application using a powershell-script.
  Here's the Powershell-Script:
  New-AppvSequencerPackage -FullLoad -Installer $Setup -Name
  $Name -Path $SavePath -PrimaryVirtualApplicationDirectory $PVAD -TemplateFilePath
  $Template  -Verbose
  The Variables are set earlier in the Script.
  This script works perfect to automatically sequence Applications, but as soon as there is an Application needing a Restart, the automated sequencing fails.
   The machine starts the shutdown-process and kills all running applications (including the Powershell-Script).
  After the machine has rebooted the Sequencing-Process is supposed to resume from the point it stopped right before shutting down, but this is not the case. Instead nothing happens after restarting.
  If the Sequencer-GUI (Startmenu) is being used, the machine starts the GUI and the sequencing process after rebooting without any user-interaction.
  Since all App-V commands are powershell-driven, how come the Sequencing doesn't resume when using the script?

  Hi,
  http://blogs.technet.com/b/gladiatormsft/archive/2014/09/30/app-v-5-on-why-the-app-v-5-sequencer-really-reboots.aspx indicates
  that the command line Sequencer does not support reboot operations during the Sequencing process. 
  Falko
  Twitter
  @kirk_tn   |   Blog
  kirxblog   |   Web
  kirx.org   |   Fireside
  appvbook.com