none
Powershell scripts failed after join domain RRS feed

  • Question

  • Hi everybody,

    I've prepare new deployment share for Win10.

    I've make all task sequences, everything is ok.

    Finally, add join computer to my domain and after join is ok, next task with powershell script failed with RC 10904

    My domain have GPO wich set execution policy to unrestricted (Get-ExecutionPolicy is ok when LiteTouch run).

    I don't understand powershell failed after domain joinning :(

    Please help me if you have idea :)

    Thanks !

    Friday, November 25, 2016 10:14 AM

All replies

  • From what I have experienced, setting the execution policy to anything during MDT deployments will cause Powershell scripts to fail to execute in the task sequence. We had an execution policy set in our environment that was set to RemoteSigned.

    My work-around for this is to move the computer to a staging OU by our web front-end where all group policies are blocked for the entire deployment process and at the end of the process to move the object back into the production OUs via script. You can easily use the MDT database to determine where the computer should go at the end of imaging and even where the staging OU is.

    Friday, November 25, 2016 2:10 PM
  • Hum ! I understand :(

    That's problematic and bad news for me who want to do 99% of my MDT scripts in PS !

    I delayed joining at finish but in last script I've PS script wich generate XML report :(


    • Edited by BCerede Friday, November 25, 2016 3:00 PM error
    Friday, November 25, 2016 3:00 PM
  • The question is not very clear. I performed Step "X" but there was a failure after step "x"

    I don't understand the need to set the execution policy within GPO, if do that, you will *NOT* get the correct exeucution policy for the remainder of your task sequence, as the GPO may take a while to apply, instead if you are concerned about powershell running in the right execution policy, I would simply put: powershell.exe -executionpolicy bypass in your command line.

    2. However, I would NOT call powershell.exe directly in your task sequence. Instead, I would use the built-in powershell step within MDT, it does a MUCH better job of capturing script errors and adding them to the bdd.log here.

    If you are still having problems, please copy your bdd.log and smsts.log files to a public site like OneDrive and share the link.

    -k


    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    Friday, November 25, 2016 11:23 PM
    Moderator
  • In fact ! Before join domain all task sequences works. But when add domain joining (in unattend or delayed in recover task) before joining all powershell task (with run powershell script task not powershell.exe call) work, but after joining all failed. I try the mbrunn solution, at domain join add computer in OU without all GPO and it's ok ! So monday, i try to add GPO and try to find problem. But it's curious phenomen :(
    • Edited by BCerede Saturday, November 26, 2016 9:05 AM
    Saturday, November 26, 2016 9:05 AM
  • In fact ! Before join domain all task sequences works. But when add domain joining (in unattend or delayed in recover task) before joining all powershell task (with run powershell script task not powershell.exe call) work, but after joining all failed. I try the mbrunn solution, at domain join add computer in OU without all GPO and it's ok ! So monday, i try to add GPO and try to find problem. But it's curious phenomen :(
    If you have group policy that sets a powershell execution policy then what you are seeing isn't unexpected.

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.

    Saturday, November 26, 2016 8:34 PM
    Moderator