none
Task sequences containing "Install roles and features" and "PowerShell scripts" are failing when a PowerShell execution policy is set by a GPO

    Question

  • Hi all

    We are currently facing some troubles with the new PowerShell feature in MDT 2012 Update 1. Let me shortly describe our environment. We use MDT 2012 Update 1 version 6.1.2373.0 and WADK to deploy Windows Server 2008 R2 images. At the moment PowerShell 2.0 is installed on deployed servers. All servers are joined to an AD and placed into a dedicated OU. There are several GPOs linked to that OU. One specific GPO sets the PowerShell execution policy to remote signed.

    At the moment all task sequences running PowerShell scripts (ZTIPowershell.wsf) are going to fail during the deployment process of a server. Even worse no roles and features are going to be installed as for Windows Server 2008 R2 with PowerShell 2.0 the internal MDT PowerShell host Microsoft.BDD.TaskSequencePSHost35.exe is used as well. In the log file ZTIOSRole.log an error is reported for each role or feature (see log file further down). But if the GPO containing the execution policy setting is disabled all roles and features are going to be installed smoothly. Moreover the task sequences running the PowerShell scripts are processed without an error as well. Are there any known problems using the MDT PowerShell host in conjunction with execution policies set by GPOs?

    Your help is very much appreciated. Many thanks!

    Stephan Kuhnen

     

    ZTIOSRole.log:

    <![LOG[Property Parameters is now = -FeatureName Desktop-Experience]LOG]!><time="09:01:27.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[PowerShell version detected: 2.0]LOG]!><time="09:01:27.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[About to run: "C:\MININT\Modules\Microsoft.BDD.TaskSequenceModule\Microsoft.BDD.TaskSequencePSHost35.exe" "<SERVERNAME>\DeploymentProd$\Scripts\ZTIOSRolePS.ps1" "C:\MININT\SMSOSD\OSDLOGS" -FeatureName Desktop-Experience]LOG]!><time="09:01:27.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = ]LOG]!><time="09:01:27.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[ERROR - Desktop-Experience role processing via PowerShell failed, rc = 10904]LOG]!><time="09:01:27.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="3" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles001 is now = APPLICATION-SERVER]LOG]!><time="09:01:27.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles002 is now = RDS-RD-SERVER]LOG]!><time="09:01:27.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles003 is now = NET-FRAMEWORK-CORE]LOG]!><time="09:01:27.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles004 is now = DESKTOP-EXPERIENCE]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = -FeatureName GPMC]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[PowerShell version detected: 2.0]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[About to run: "C:\MININT\Modules\Microsoft.BDD.TaskSequenceModule\Microsoft.BDD.TaskSequencePSHost35.exe" "<SERVERNAME>\DeploymentProd$\Scripts\ZTIOSRolePS.ps1" "C:\MININT\SMSOSD\OSDLOGS" -FeatureName GPMC]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = ]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[ERROR - GPMC role processing via PowerShell failed, rc = 10904]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="3" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles001 is now = APPLICATION-SERVER]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles002 is now = RDS-RD-SERVER]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles003 is now = NET-FRAMEWORK-CORE]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles004 is now = DESKTOP-EXPERIENCE]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles005 is now = GPMC]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = -FeatureName RSAT-Print-Services]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[PowerShell version detected: 2.0]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[About to run: "C:\MININT\Modules\Microsoft.BDD.TaskSequenceModule\Microsoft.BDD.TaskSequencePSHost35.exe" "<SERVERNAME>\DeploymentProd$\Scripts\ZTIOSRolePS.ps1" "C:\MININT\SMSOSD\OSDLOGS" -FeatureName RSAT-Print-Services]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = ]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[ERROR - RSAT-Print-Services role processing via PowerShell failed, rc = 10904]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="3" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles001 is now = APPLICATION-SERVER]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles002 is now = RDS-RD-SERVER]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles003 is now = NET-FRAMEWORK-CORE]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles004 is now = DESKTOP-EXPERIENCE]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles005 is now = GPMC]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles006 is now = RSAT-PRINT-SERVICES]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = -FeatureName Telnet-Client]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[PowerShell version detected: 2.0]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[About to run: "C:\MININT\Modules\Microsoft.BDD.TaskSequenceModule\Microsoft.BDD.TaskSequencePSHost35.exe" "<SERVERNAME>\DeploymentProd$\Scripts\ZTIOSRolePS.ps1" "C:\MININT\SMSOSD\OSDLOGS" -FeatureName Telnet-Client]LOG]!><time="09:01:28.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = ]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[ERROR - Telnet-Client role processing via PowerShell failed, rc = 10904]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="3" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles001 is now = APPLICATION-SERVER]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles002 is now = RDS-RD-SERVER]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles003 is now = NET-FRAMEWORK-CORE]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles004 is now = DESKTOP-EXPERIENCE]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles005 is now = GPMC]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles006 is now = RSAT-PRINT-SERVICES]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles007 is now = TELNET-CLIENT]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = -FeatureName XPS-Viewer]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[PowerShell version detected: 2.0]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[About to run: "C:\MININT\Modules\Microsoft.BDD.TaskSequenceModule\Microsoft.BDD.TaskSequencePSHost35.exe" "<SERVERNAME>\DeploymentProd$\Scripts\ZTIOSRolePS.ps1" "C:\MININT\SMSOSD\OSDLOGS" -FeatureName XPS-Viewer]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property Parameters is now = ]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[ERROR - XPS-Viewer role processing via PowerShell failed, rc = 10904]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="3" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles001 is now = APPLICATION-SERVER]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles002 is now = RDS-RD-SERVER]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles003 is now = NET-FRAMEWORK-CORE]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles004 is now = DESKTOP-EXPERIENCE]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles005 is now = GPMC]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles006 is now = RSAT-PRINT-SERVICES]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles007 is now = TELNET-CLIENT]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Property InstalledRoles008 is now = XPS-VIEWER]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[One or more roles were not processed successfully]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[FAILURE: 1: Server 2008 R2 Role Processing]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="2" thread="" file="ZTIOSRole">
    <![LOG[ZTIOSRole processing completed successfully.]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Validating connection to <SERVERNAME>\Events]LOG]!><time="09:01:29.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Already connected to server G0AARE-INST0001]LOG]!><time="09:01:30.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    <![LOG[Event 41001 sent: ZTIOSRole processing completed successfully.]LOG]!><time="09:01:30.000+000" date="03-14-2013" component="ZTIOSRole" context="" type="1" thread="" file="ZTIOSRole">
    Monday, March 25, 2013 8:20 AM

All replies

  • Perhaps you can do a bypass to elevate the execution of your powershell scripts?

    single command line:


    powershell -noprofile -executionpolicy bypass -file "script.ps1"


    multiple scripts/commands/actions after each other:


    powershell -noprofile -command "Set-ExecutionPolicy Bypass LocalMachine"


    and to clean up after you have ran your commands:


    powershell -noprofile -command "Set-ExecutionPolicy RemoteSigned LocalMachine"


    If this post is helpful please click "Mark for answer", thanks! Kind regards

    Monday, March 25, 2013 9:28 AM
  • something that people suggest a lot is having a specific OU for deployment without any problematic GPO's and only join them to the right OU as last step of the task sequence.
    Monday, March 25, 2013 11:46 AM
  • Hi Rens

    I know this workaround but according to Michael Niehaus MDT itself should be aware of the PowerShell execution policy. Thats probably one of several reasons why a dedicated PowerShell host was built into MDT. Moreover it is not applicable to the task sequence step "Install Roles and features". Please see the comments on blog entry "MDT 2012 Update 1: PowerShell 3.0 support" http://blogs.technet.com/b/mniehaus/archive/2012/07/23/mdt-2012-update-1-powershell-3-0-support.aspx

    Thank you anyway!

    Monday, March 25, 2013 8:38 PM
  • Hi Stefan

    For several reasons we should be able to join the servers to the corresponding OU right from scratch. We don’t want to move the servers after the installation has finished. But as long as there is no other solution we have to go this way.

    Thank you!

    Monday, March 25, 2013 8:52 PM