Try our conversational search powered by Generative AI!
AI OnAI Off
Security error in Installation Manager
Are you using a domain account without the computer having access to the domain? Tried a local admin account?
#25567
Oct 30, 2008 9:30
Was this resolved and how? I am currently having the same problem. I have tried a local admin account, with the same result. Any ideas?
Error - System.Management.Automation.CmdletInvocationException: Det gick inte att upprätta en förtroenderelation mellan den primära domänen och den betrodda domänen.
---> System.SystemException: Det gick inte att upprätta en förtroenderelation mellan den primära domänen och den betrodda domänen.
vid System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
vid System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed)
vid System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
vid System.Security.Principal.NTAccount.Translate(Type targetType)
vid EPiServer.Install.FileSystem.FileSystemInstallationManager.ValidateIdentity(String identity)
vid EPiServer.Install.FileSystem.FileSystemInstallationManager.SetAccessRights(String path, String identity, String operation)
vid EPiServer.Install.FileSystem.Cmdlets.SetAccessRightsCmdlet.ProcessRecord()
vid System.Management.Automation.Cmdlet.DoProcessRecord()
vid System.Management.Automation.CommandProcessor.ProcessRecord()
--- Slut på stackspårning för interna undantag ---
vid System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
vid System.Management.Automation.Parser.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
vid System.Management.Automation.Parser.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
Machine spec:
Windows XP sp3
Sql Server 2005
.Net 3.5 with sp1
Dec 10, 2008 11:38
Hello,
We think that this error might have something to do with the call to NTAccount.Translate trying to validate the ASPNET and IIS accounts against the domain controller.
Can I ask you to try the script you will find here which ensures that the ASPNET and IIS accounts are prefixed with the local machine name.
You need to do the following:
1) Copy the <Program Files>\EPiServer\CMS\5.2.375.7\Install\System Scripts\Install Site (No database).ps1 file to safe place as this will be overwritten with the above file.
2) Save the new file provided to the <Program Files>\EPiServer\CMS\5.2.375.7\Install\System Scripts\ folder
3) As this new script file is NOT signed you will need to change your PowerShell execution policy to allow unsigned scripts to run. To do this:
i) Start the PowerShell Command Application (ensure this is the x86 version on a 64 bit machine)
ii) Type Set-ExecutionPolicy RemoteSigned and press the enter key. To reset this later you need to run the Set-ExecutionPolicy command with AllSigned instead.
4) Run the EPiServer Installation Manager and try and install a site.
Please let me know if this solves your problem.
Thanks
Paul Smith, Developer, EPiServer
Dec 10, 2008 15:16
Hi,
Thank you for the fast response. I followed the steps 1-4 (with one modification; 3ii should be Set-ExecutionPolicy Unrestricted). However there is a problem:
Error - System.Management.Automation.CmdletInvocationException: STC08064\ASPNET is not a valid user or group ---> System.Exception: STC08064\ASPNET is not a valid user or group ---> System.Security.Principal.IdentityNotMappedException: Vissa eller alla identitetsreferenser kunde inte översättas.
vid System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
vid System.Security.Principal.NTAccount.Translate(Type targetType)
vid EPiServer.Install.FileSystem.FileSystemInstallationManager.ValidateIdentity(String identity)
--- Slut på stackspårning för interna undantag ---
vid EPiServer.Install.FileSystem.FileSystemInstallationManager.ValidateIdentity(String identity)
vid EPiServer.Install.FileSystem.FileSystemInstallationManager.SetAccessRights(String path, String identity, String operation)
vid EPiServer.Install.FileSystem.Cmdlets.SetAccessRightsCmdlet.ProcessRecord()
vid System.Management.Automation.Cmdlet.DoProcessRecord()
vid System.Management.Automation.CommandProcessor.ProcessRecord()
--- Slut på stackspårning för interna undantag ---
vid System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
vid System.Management.Automation.Parser.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
vid System.Management.Automation.Parser.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
Dec 10, 2008 16:55
Setting execution policy to RemoteSigned should be enough.
With regards to the main problem, I assume you have a local machine ASPNET account?
Dec 11, 2008 8:58
Interesting, when checking this I find that I now have a ASPNET account. What probably has happened is that the ASPNET account is created when 'regiis -i' is run, as indicated in http://channel9.msdn.com/forums/TechOff/241434-ASPNet-User-Account/ . That is something that I have done since my last post. When I now run the script provided above it successfully creates a site. I also changed back to the old file, and run "Install Site (SqlServer)" and it also worked fine.
The main problem seemed to be that the ASPNET account was missing.
Thank you for your help.
#26730
The main problem seemed to be that the ASPNET account was missing.
Thank you for your help.
Dec 17, 2008 14:10
This thread is locked and should be used for reference only.
Trying to install CMS 5 R2 for testing and get the following errors. First this prompt:
"Do you want to run software from this untrusted publisher?
File C:\Program Files\EPiServer\CMS\5.2.375.7\Install\System Scripts\Install Site (SqlServer).ps1 is published by CN=EPiServer AB, OU=CMS, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=EPiServer AB, L=Kista, S=Stockholm, C=SE and is not trusted on your system. Only run scripts from trusted publishers."
I choose "yes" then in a short while get this error:
"Progress - Install Site (SqlServer)
Error - The trust relationship between the primary domain and the trusted domain failed.
Error - System.Management.Automation.CmdletInvocationException: The trust relationship between the primary domain and the trusted domain failed.
---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.
at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed)
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)
at EPiServer.Install.FileSystem.FileSystemInstallationManager.ValidateIdentity(String identity)
at EPiServer.Install.FileSystem.FileSystemInstallationManager.SetAccessRights(String path, String identity, String operation)
at EPiServer.Install.FileSystem.Cmdlets.SetAccessRightsCmdlet.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
--- End of inner exception stack trace ---
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
at System.Management.Automation.Parser.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
at System.Management.Automation.Parser.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)"
Machine specs:
Brand new machine with Windows XP sp3
Visual Studio 2008
SqlServer 2008
.Net 3.5
Any ideas? Thanks!