Invoke-Command with MSBuild

Topics: Server Deployment
Feb 28, 2013 at 7:32 PM
I have a powershell script that deploys an .msi built with TFS using BTDF. It runs fine deploying locally, and when I log into a BizTalk server and run the script there. I need to run the script from another server (a Jenkins server) and that is where I run into a problem. I am using msbuild to do the actual deployment to Biztalk.

This command works when I run it on the BizTalk server:

$exitCode =(Start-Process -FilePath ( Join-Path $env:windir "Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" ) -ArgumentList $MSBargs -Wait -Passthru).ExitCode

When I run this command remotely from the Jenkins server to the BizTalk server:

$exitCode = Invoke-Command -Session $s -ScriptBlock {param($MSBargs) (Start-Process -FilePath ( Join-Path $env:windir "Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" ) -ArgumentList $MSBargs -Wait -Passthru).ExitCode} -ArgumentList $MSBargs

It gets to "Target VerifyBizTalkAppExists" and throws this error:

error MSB4061: System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.\r

In both cases $MSBargs= /p:DeployBizTalkMgmtDB=True;Configuration=Server;SkipUndeploy=True;Deploying=true /target:Deploy /l:FileLogger,Microsoft.Build.Engine;logfile="C:\Program Files (x86)\GetAgent for BizTalk\1.0\DeployResults\GetAgent-1.0.4.msi_dev_2013-02-28_12.44.24_DeployResults.txt" "C:\Program Files (x86)\GetAgent for BizTalk\1.0\Deployment\Deployment.btdfproj"

It looks like it is trying to connect to the management database without any credentials. I tried running the command from my local machine (so it should be using my credentials) and I tried explicitly adding credentials to session "$s". No luck either way.

Has anyone run into a problem like this?
Coordinator
Feb 28, 2013 at 8:21 PM
Hi, since you mentioned writing your own PowerShell script, perhaps you have not seen Randy Paulo's solution. Check it out and see if it helps.

Thanks,
Tom
Feb 28, 2013 at 9:13 PM
My script is based on Randy Paulo's, and the MSBuild section where I'm having problems remoting is identical. Currently I have to run the script from another server, and remote (using Invoke-command for now) to the biztalk server for the parts that need to run there (like the msbuild command). It runs fine if it is run directly from the BizTalk server.
Coordinator
Mar 1, 2013 at 4:16 AM
Did you check all of the comments on Randy's post? Did you try enabling CredSSP? Some people have had better luck using SysInternals psexec. Another related post here.

Tom
Mar 1, 2013 at 1:21 PM
I read Randy's article, but I am unfamiliar with CredSSP. I think it is the dirrection I need to go, but my situation is a little different from the one he discribed and I am a little confused about who is the server, who is the client, and where I run the Enable-WSManCredSSP commands from.

I am logged into and running the the PS script from "Server01".

In the PS script I'm using a PSsession and Invoke-command to deploy the application with MSBuild on BizTalk server "Server02".

MSBuild tasks need to talk to the BizTalk management database (which currently can't see my credentials) on SQL server "Server03".

Windows Remote Management is running on all three servers.

From Randy's article it looks like I need to run this command on Server01:
Enable-WSManCredSSP -role Client -DelegateComputer "Server02" -force

But where do I run:
Enable-WSManCredSSP -role Server -force

Does it run on Server01, or do I run it on Server02 (and Server03) with Invoke-command?

Or do I run the Client command for Server02 and Server03 for Server01?

Or should I be using something other than SPsession and Invoke-command?

Thanks for your help.
Coordinator
Mar 5, 2013 at 6:33 AM
My understanding then is that on Server01 you run:

Enable-WSManCredSSP -role Client -DelegateComputer Server02 -force

And on Server02 you run:

Enable-WSManCredSSP -role Server -force

Then when you create a remote session to Server02 from Server01 you need to use:

$session = New-PSSession -ComputerName Server02 -Authentication CredSSP -Credential Get-Credential

That's taken from Randy's post and looks like it gives an interactive logon, so you may need a different form that can be used unattended.

If that still doesn't get you there, you might try posting a comment on Randy's original blog post. He seems to respond to them for the most part.

Thanks,
Tom
Coordinator
Mar 5, 2013 at 6:37 AM
Also, on Server03 you'd need to run:

Enable-WSManCredSSP -role Server -force

I believe this is a one-time setup process, so you will need to log into each server and run the respective command, and hopefully from that point things start to work.

Tom
Mar 5, 2013 at 1:48 PM
Changing the authentication in the PSSession was the piece I was missing. I was able to get past the "VerifyBizTalkAppExists" after running the client command on server01 and the server command on server02. I have not run the server command on server03 (the SQL server) because I don't have access to it. I have rights to the database, but not the server.

It is a one-time set up, and it is also cumulative. I did not realize this at first, and when I ran Get-WSManCredSSP I saw was was delegating credentials to server02 a dozen times.

I am now getting an out-of-memory error on target "DeployAppDefinition". I'm just beginning to track that one down but it looks unrelated to this problem.

Thanks for your help.
Coordinator
Mar 5, 2013 at 4:32 PM
OK great, glad to hear you're making some progress and thanks for the update. Randy also has a post about the out of memory issue here.

Tom
Mar 5, 2013 at 8:51 PM
I was able to get around the earlier memory error, but then I encountered the exact situation that Randy described. His solution worked for me also. Now I am able to do deployments and re-deployments remotely. Thanks again.
Coordinator
Mar 5, 2013 at 10:38 PM
Great, thanks for the update!

Tom