TFS 2017 Update 1 - 无法通过PS Remoting执行无人值守的VSTS代理安装 [英] TFS 2017 Update 1 - Unable To Perform Unattended Install of VSTS Agent via PS Remoting
问题描述
大家好,
我遇到了一些问题,我创建了一些脚本来执行无人值守的VSTS代理安装到我们的构建环境中而且我遇到了一个问题在进行故障排除时使用墙。
我正在使用On-Prem TFS 2017 Update 1,我将代理安装到Windows Server 2012 R2服务器上。
<我有两个脚本;一个充当"驱动者"的角色。另一个执行实际的代理安装。驱动程序脚本获取服务器列表,获取代理将运行的帐户的凭据,将代理程序安装从网络位置
复制到每个服务器上的本地路径,然后执行Invoke-Command以调用代理在每个指定的服务器上安装脚本我放置了用于获取凭据并使用下面的Invoke-Command的代码:
$ credentialtype = [System.Management.Automation.PSCredentialTypes] :: Domain
$ validateoption = [System.Management.Automation.PSCredentialUIOptions] :: ValidateUserNameSyntax
$ credential = $ Host.UI.PromptForCredential(" Enter Build Agent Credentials","请输入环境的构建代理帐户凭据您正在安装构建代理。",",",","",$ credentialtype,$ validateoption)
Invoke-Command - ComputerName $ server -Credential $ credential -FilePath $ networkPath -ArgumentList $ BuildDir,$ NumberOfAgents,$ TfsUrl,$ credential
需要注意的两件事:Invoke-Command中的$ credential是与PromptForCredential期间设置的变量相同的变量。其次,$ networkPath是代理安装脚本的路径。该脚本位于可从所有计算机访问的网络位置。
代理安装脚本为代理创建一个新目录,将代理安装程序解压缩到该目录中,然后调用该配置。 cmd具有无人参与的参数。以下是我如何调用它:
$ username = $ credentials.UserName
$ password = $ credentials.GetNetworkCredential()。密码
& .\config.cmd --unattended --url $ tfsurl --auth Integrated --pool Windows --agent" $ env:computername-Agent $($ i + 1)" --runasservice --windowslogonaccount" $ username" --windowslogonpassword" $ password"
每次我从远程计算机调用驱动程序脚本时,一旦代理程序安装脚本进入连接到服务器步骤,问题就出现了配置,它抛出一个错误,它无法连接到TFS服务器。
如果我作为我传入Invoke-Command的同一用户登录服务器并运行代理程序安装脚本具有相同的参数,它的工作原理。就在我通过Invoke-Command从另一台机器执行脚本到这台机器失败时。
我尝试过硬编码凭证,使用不同的用户,将脚本放入主机上的本地路径。我也尝试使用Negotiate标志而不是Integrated并提供凭据。不幸的是,这些都没有奏效。
之前有没有遇到过这样的事情,或者可能知道发生了什么?我花了好几个小时试图解决这个问题,但我完全陷入困境。如果需要,我可以提供完整的脚本,或者其他任何需要的脚本。如果有人能提供
的一些见解,我将非常感激!
谢谢
嗨kyle.robertson,
感谢您在此发帖。
可能你能提供完整的脚本吗?因此,我可以尝试使用您的powershell脚本在我身边重现您的问题。根据您的powershell脚本,您使用的是集成身份验证类型。由于您使用的是TFS2017 update1,因此i
建议您可以使用PAT身份验证类型而不是集成身份验证类型,您只需先在TFS Web访问中创建PAT,然后将PAT放入您的PowerShell脚本中。
最好的问候
Limitxiao Gao
Hi all,
I'm encountering an issue with some scripts I created to perform an unattended install of the VSTS agent to our build environment and I've hit a wall while troubleshooting.
I'm using On-Prem TFS 2017 Update 1, and I'm install the agents onto Windows Server 2012 R2 servers.
I have two scripts; one acts as a "driver" and the other performs the actual agent install. The driver script takes a list of servers, gets the credentials for the account that agent will run as, copies the agent install from a network location to a local path on each server, then does an Invoke-Command to invoke the agent install script on each server specified. I placed the code I used for getting credentials and using Invoke-Command below:
$credentialtype = [System.Management.Automation.PSCredentialTypes]::Domain
$validateoption = [System.Management.Automation.PSCredentialUIOptions]::ValidateUserNameSyntax
$credential = $Host.UI.PromptForCredential("Enter Build Agent Credentials","Please enter the build agent account credentials for the environment you are installing the build agents in.","","",$credentialtype,$validateoption)
Invoke-Command -ComputerName $server -Credential $credential -FilePath $networkPath -ArgumentList $BuildDir,$NumberOfAgents,$TfsUrl,$credential
Two things to note: $credential in Invoke-Command is the same variable as the one set during PromptForCredential. Second, $networkPath is the path to the agent install script. The script is in a network location that is accessible from all machines.
The agent install script makes a new directory for the agent, unzips the agent installer into that directory, then invokes the config.cmd with unattended parameters. Here is how I am invoking it:
$username = $credentials.UserName
$password = $credentials.GetNetworkCredential().Password
& .\config.cmd --unattended --url $tfsurl --auth Integrated --pool Windows --agent "$env:computername-Agent$($i+1)" --runasservice --windowslogonaccount "$username" --windowslogonpassword "$password"The issue is every time I invoke the driver script from my remote machine, once the agent install script gets to the connect to server step during the configuration, it throws an error that it cannot connect to the TFS server.
If I log into the server as the same user that I am passing into Invoke-Command and run the agent install script with the same parameters, it works. It's just when I execute the script via Invoke-Command from a different machine to this machine that it fails.
I've tried hard-coding credentials, using different users, putting the script in a local path on the host machine. I also tried using Negotiate flag instead of Integrated and provided credentials. None of these worked, unfortunately.
Has anyone encountered anything like this before, or maybe has an idea of what is going on? I've spent hours trying to figure this out, but I'm completely stuck. I can provide the full scripts if needed, or anything else that is needed. If anyone could provide some insight, I would be super grateful!
Thank you
Hi kyle.robertson,
Thank for posting here.
Could you please provide the full scripts? So that I could try to use your powershell script to reproduce your issue in my side. According to your powershell script, you are using integrated authentication type. Since you are using TFS2017 update1, i suggest that you could use the PAT authentication type instead of integrated authentication type, you just need to create the PAT in TFS web access first, then put the PAT in your powershell script.
Best Regards
Limitxiao Gao
这篇关于TFS 2017 Update 1 - 无法通过PS Remoting执行无人值守的VSTS代理安装的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
