Error "There was an error generating the XML document" while trying to install SQL Server 2017 unattended

6

I'm trying to install SQL Server 2017 unattended into a Windows 10 Azure virtual machine, via chocolatey using the following command on a remote powershell session:

choco install sql-server-express -ia ""/IACCEPTSQLSERVERLICENSETERMS /FEATURES=SQLEngine /Q /ACTION=install /INSTANCEID=[INSTANCE_NAME] /INSTANCENAME=SQLCHEMETER /FILESTREAMLEVEL=1 /SECURITYMODE=SQL /SAPWD=[SA_PASSWORD] /UPDATEENABLED=FALSE"" -o -y"

But the installation fails and the log file only tells me that this exception had been thrown:

(01) 2018-08-14 06:42:11 Slp: Inner exceptions are being indented
(01) 2018-08-14 06:42:11 Slp: 
(01) 2018-08-14 06:42:11 Slp: Exception type: Microsoft.SqlServer.Chainer.Infrastructure.ChainerInfrastructureException
(01) 2018-08-14 06:42:11 Slp:     Message: 
(01) 2018-08-14 06:42:11 Slp:         There was an error generating the XML document.
(01) 2018-08-14 06:42:11 Slp:     HResult : 0x84b10001
(01) 2018-08-14 06:42:11 Slp:         FacilityCode : 1201 (4b1)
(01) 2018-08-14 06:42:11 Slp:         ErrorCode : 1 (0001)
(01) 2018-08-14 06:42:11 Slp:     Stack: 
(01) 2018-08-14 06:42:11 Slp:         at Microsoft.SqlServer.Chainer.Infrastructure.DataStoreService.SerializeObject(String rootPath, Object objectToSerialize, Boolean saveToCache)
(01) 2018-08-14 06:42:11 Slp:         at Microsoft.SqlServer.Chainer.Infrastructure.DataStoreService.SerializeObject(Object objectToSerialize)
(01) 2018-08-14 06:42:11 Slp:         at Microsoft.SqlServer.Chainer.Infrastructure.PublicConfigurationBridge.Calculate()
(01) 2018-08-14 06:42:11 Slp:         at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.CalculateSettings(IEnumerable`1 settingIds)
(01) 2018-08-14 06:42:11 Slp:         at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.CalculateAllSettings(Boolean chainerSettingOnly)
(01) 2018-08-14 06:42:11 Slp:         at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
(01) 2018-08-14 06:42:11 Slp:         at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.<>c__DisplayClasse.<ExecuteActionWithRetryHelper>b__b()
(01) 2018-08-14 06:42:11 Slp:         at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(ActionWorker workerDelegate)
(01) 2018-08-14 06:42:11 Slp:     Inner exception type: System.InvalidOperationException
(01) 2018-08-14 06:42:11 Slp:         Message: 
(01) 2018-08-14 06:42:11 Slp:                 There was an error generating the XML document.
(01) 2018-08-14 06:42:11 Slp:         HResult : 0x80131509
(01) 2018-08-14 06:42:11 Slp:         Stack: 
(01) 2018-08-14 06:42:11 Slp:                 at System.Xml.Serialization.XmlSerializer.Serialize(XmlWriter xmlWriter, Object o, XmlSerializerNamespaces namespaces, String encodingStyle, String id)
(01) 2018-08-14 06:42:11 Slp:                 at System.Xml.Serialization.XmlSerializer.Serialize(TextWriter textWriter, Object o, XmlSerializerNamespaces namespaces)
(01) 2018-08-14 06:42:11 Slp:                 at Microsoft.SqlServer.Chainer.Infrastructure.DataStoreService.SerializeObject(String rootPath, Object objectToSerialize, Boolean saveToCache)
(01) 2018-08-14 06:42:11 Slp:         Inner exception type: System.Security.Cryptography.CryptographicException
(01) 2018-08-14 06:42:11 Slp:             Message: 
(01) 2018-08-14 06:42:11 Slp:                         Access is denied.
(01) 2018-08-14 06:42:11 Slp:                         
(01) 2018-08-14 06:42:11 Slp:             HResult : 0x80070005
(01) 2018-08-14 06:42:11 Slp:             Stack: 
(01) 2018-08-14 06:42:11 Slp:                         at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
(01) 2018-08-14 06:42:11 Slp:                         at Microsoft.SqlServer.Common.SqlSecureString.WriteXml(XmlWriter writer)
(01) 2018-08-14 06:42:11 Slp:                         at System.Xml.Serialization.XmlSerializationWriter.WriteSerializable(IXmlSerializable serializable, String name, String ns, Boolean isNullable, Boolean wrapped)
(01) 2018-08-14 06:42:11 Slp:                         at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterAgentConfigurationPublic.Write6_AgentConfigurationPublic(String n, String ns, AgentConfigurationPublic o, Boolean isNullable, Boolean needType)
(01) 2018-08-14 06:42:11 Slp:                         at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationWriterAgentConfigurationPublic.Write7_AgentConfigurationPublic(Object o)

I've checked and the user that launches it has Admin permissions.

But this only happens if i did not connect to the machine with remote desktop before, if i connect and then launch the process it will go smoothly.

The problem is that this must be a automatized process so i can't open a remote desktop connection with the created machines.

Has someone an idea about what is going on?

Thanks.

sql-server
azure
powershell
asked on Stack Overflow Aug 14, 2018 by pabloef95

2 Answers

3

Figured this out myself shortly after placing the bounty. CredSSP does the trick, but it's not as simple as a one-liner. Basically, this is the "double-hop" problem, if you're not passing authentication over, you'll hit this error.

To enable CredSSP, you'll need to run this on the server (the remote host you're trying to install SQL Server on:

Enable-WSManCredSSP -Role Server -Force

You'll also need to enable CredSSP on the Client, the machine that is delegating to the server:

Enable-WSManCredSSP -Role client -DelegateComputer $nameOrIp -Force

Additionally, you'll need to allow Credentials Delegation on the Client, which can be done in PowerShell automatically with this script:

$allowed = @("WSMAN/$nameOrIp")
$key = 'hklm:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation'
if (!(Test-Path $key)) {
    md $key
}
New-ItemProperty -Path $key -Name AllowFreshCredentials -Value 1 -PropertyType Dword -Force            
$key = Join-Path $key 'AllowFreshCredentials'
if (!(Test-Path $key)) {
    md $key
}
$i = 1
$allowed |% {
    New-ItemProperty -Path $key -Name $i -Value $_ -PropertyType String -Force
    $i++
}

If you haven't already, make sure both machines have set each other as trusted hosts:

$curList = (Get-Item WSMan:\localhost\Client\TrustedHosts).value
$exists = $curList -match $nameOrIp
if ($exists -eq $false) {
  "Adding IP to trusted hosts..."
  Set-Item WSMan:\localhost\Client\TrustedHosts -Value "$curList, $nameOrIp" -Force
}

Lastly, using the existing Session wasn't working for me, I had to instead send the Invoke-Command with -Authentication CredSSP:

$cred = New-Object System.Management.Automation.PSCredential ($adminName, $secureWindowsPassword)
Invoke-Command -Computername $nameOrIp -Authentication CredSSP -Credential $cred -ScriptBlock {
    Param($sqlPass)
    Start-Process -FilePath C:\temp\SQLEXPR_x64_ENU.exe -Args "/ConfigurationFile=C:\temp\MSSQL.ini /SAPWD='$sqlPass' /Q /HIDECONSOLE /UpdateEnabled=FALSE" -Verb RunAs -Wait 4>&1
} -ArgumentList $sqlPass
answered on Stack Overflow Aug 11, 2020 by rrowland
0

Run this in the powershell session before starting the SQL Server setup:

Enable-WSManCredSSP -Role "Server"
answered on Stack Overflow Mar 17, 2020 by gordy

User contributions licensed under CC BY-SA 3.0