Security error in Installation Manager

 

Trying to install CMS 5 R2 for testing and get the following errors. First this prompt:

"Do you want to run software from this untrusted publisher?

File C:\Program Files\EPiServer\CMS\5.2.375.7\Install\System Scripts\Install Site (SqlServer).ps1 is published by CN=EPiServer AB, OU=CMS, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=EPiServer AB, L=Kista, S=Stockholm, C=SE and is not trusted on your system. Only run scripts from trusted publishers."

I choose "yes" then in a short while get this error:

"Progress - Install Site (SqlServer)

Error - The trust relationship between the primary domain and the trusted domain failed.

Error - System.Management.Automation.CmdletInvocationException: The trust relationship between the primary domain and the trusted domain failed.
 ---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.

   at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed)
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at EPiServer.Install.FileSystem.FileSystemInstallationManager.ValidateIdentity(String identity)
   at EPiServer.Install.FileSystem.FileSystemInstallationManager.SetAccessRights(String path, String identity, String operation)
   at EPiServer.Install.FileSystem.Cmdlets.SetAccessRightsCmdlet.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
   at System.Management.Automation.Parser.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
   at System.Management.Automation.Parser.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)"

Machine specs:

Brand new machine with Windows XP sp3

Visual Studio 2008

SqlServer 2008

.Net 3.5

Any ideas? Thanks!

#25564 Oct 30, 2008 9:02
  • Member since: 2007
     
    Are you using a domain account without the computer having access to the domain? Tried a local admin account?
    #25567 Oct 30, 2008 9:30
  • Member since: 2008
     

    Was this resolved and how? I am currently having the same problem. I have tried a local admin account, with the same result. Any ideas?

    Error - System.Management.Automation.CmdletInvocationException: Det gick inte att upprätta en förtroenderelation mellan den primära domänen och den betrodda domänen.
     ---> System.SystemException: Det gick inte att upprätta en förtroenderelation mellan den primära domänen och den betrodda domänen.

       vid System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
       vid System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed)
       vid System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
       vid System.Security.Principal.NTAccount.Translate(Type targetType)
       vid EPiServer.Install.FileSystem.FileSystemInstallationManager.ValidateIdentity(String identity)
       vid EPiServer.Install.FileSystem.FileSystemInstallationManager.SetAccessRights(String path, String identity, String operation)
       vid EPiServer.Install.FileSystem.Cmdlets.SetAccessRightsCmdlet.ProcessRecord()
       vid System.Management.Automation.Cmdlet.DoProcessRecord()
       vid System.Management.Automation.CommandProcessor.ProcessRecord()
       --- Slut på stackspårning för interna undantag ---
       vid System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
       vid System.Management.Automation.Parser.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
       vid System.Management.Automation.Parser.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)

    Machine spec:

    Windows XP sp3

    Sql Server 2005

    .Net 3.5 with sp1

    #26532 Dec 10, 2008 11:38
  • Member since: 2007
     

    Hello,

    We think that this error might have something to do with the call to NTAccount.Translate trying to validate the ASPNET and IIS accounts against the domain controller.

    Can I ask you to try the script you will find here which ensures that the ASPNET and IIS accounts are prefixed with the local machine name.

    You need to do the following:

    1) Copy the <Program Files>\EPiServer\CMS\5.2.375.7\Install\System Scripts\Install Site (No database).ps1 file to safe place as this will be overwritten with the above file.

    2) Save the new file provided to the <Program Files>\EPiServer\CMS\5.2.375.7\Install\System Scripts\ folder

    3) As this new script file is NOT signed you will need to change your PowerShell execution policy to allow unsigned scripts to run. To do this:

    i) Start the PowerShell Command Application (ensure this is the x86 version on a 64 bit machine)

    ii) Type Set-ExecutionPolicy RemoteSigned and press the enter key. To reset this later you need to run the Set-ExecutionPolicy command with AllSigned instead.

    4) Run the EPiServer Installation Manager and try and install a site.

    Please let me know if this solves your problem.

    Thanks

    Paul Smith, Developer, EPiServer

     

    #26543 Dec 10, 2008 15:16
  • Member since: 2008
     

    Hi,

    Thank you for the fast response. I followed the steps 1-4 (with one modification; 3ii should be Set-ExecutionPolicy Unrestricted). However there is a problem:

     Error - System.Management.Automation.CmdletInvocationException: STC08064\ASPNET is not a valid user or group ---> System.Exception: STC08064\ASPNET is not a valid user or group ---> System.Security.Principal.IdentityNotMappedException: Vissa eller alla identitetsreferenser kunde inte översättas.
       vid System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
       vid System.Security.Principal.NTAccount.Translate(Type targetType)
       vid EPiServer.Install.FileSystem.FileSystemInstallationManager.ValidateIdentity(String identity)
       --- Slut på stackspårning för interna undantag ---
       vid EPiServer.Install.FileSystem.FileSystemInstallationManager.ValidateIdentity(String identity)
       vid EPiServer.Install.FileSystem.FileSystemInstallationManager.SetAccessRights(String path, String identity, String operation)
       vid EPiServer.Install.FileSystem.Cmdlets.SetAccessRightsCmdlet.ProcessRecord()
       vid System.Management.Automation.Cmdlet.DoProcessRecord()
       vid System.Management.Automation.CommandProcessor.ProcessRecord()
       --- Slut på stackspårning för interna undantag ---
       vid System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
       vid System.Management.Automation.Parser.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)
       vid System.Management.Automation.Parser.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList)

    #26547 Dec 10, 2008 16:55
  • Member since: 2007
     

    Setting execution policy to RemoteSigned should be enough.

    With regards to the main problem, I assume you have a local machine ASPNET account? 

     

    #26557 Dec 11, 2008 8:58
  • Member since: 2008
     

    There is no ASPNET account present.

    #26560 Dec 11, 2008 11:18
  • Member since: 2007
     

    ok, what account do you use to run asp net processes then?

     

     

    #26700 Dec 16, 2008 15:25
  • Member since: 2008
     
    Interesting, when checking this I find that I now have a ASPNET account. What probably has happened is that the ASPNET account is created when 'regiis -i' is run, as indicated in http://channel9.msdn.com/forums/TechOff/241434-ASPNet-User-Account/ . That is something that I have done since my last post. When I now run the script provided above it successfully creates a site. I also changed back to the old file, and run "Install Site (SqlServer)" and it also worked fine.

    The main problem seemed to be that the ASPNET account was missing.

    Thank you for your help.
    #26730 Dec 17, 2008 14:10
  • This message was deleted by Sherry Warsi at Aug 09, 2009 14:50.