Event ID 1511 – Create SharePoint Service Account Local Profiles – PowerShell
​As per my post from yesterday, the guys who created AutoSPInstaller saved some coding for me by integrating a suggestion that they add local profile creation to the batch routines, in order to overcome the EventID 1511 error described by Sean on How to resolve event id 1511 windows cannot find the local-profile on windows server 2008/.
That’s great and all, however we not going to be using AutoSPInstaller exclusively for new SharePoint installs anytime soon. Something was still required for creating local profiles for service accounts in the case of hand-crafted installs, or in the case where we come upon SharePoint installs that have this error symptom pre-existing. So, I stripped the key functions required out of the AutoSPInstaller solution and created a standalone PowerShell that will create local profiles for accounts you specifiy by modifying the related Input.xml file (a stripped down version of the AutoSPInstaller’s AutoSPInstallerInput.xml).
My minimalist take on this is composed of two files, CreateLocalProfiles.ps1 and Input.xml.
CreateLocalProfiles.ps1
param ( [string]$InputFile = $(throw '- Need parameter input file (e.g. "c:Input.xml")') ) # Globally update all instances of "localhost" in the input file to actual local server name [ xml ]xmlinput = (Get-Content $InputFile) $Host.UI.RawUI.WindowTitle = " -- itgroove SharePoint Service Account Local Profile Creator --" Function Get-AdministratorsGroup { If(!$builtinAdminGroup) { $builtinAdminGroup = (Get-WmiObject -Class Win32_Group -computername $env:COMPUTERNAME -Filter "SID='S-1-5-32-544' AND LocalAccount='True'" -errorAction "Stop").Name } Return $builtinAdminGroup } Function CreateLocalProfiles([ xml ]$xmlinput) { Write-Host -ForegroundColor White " - Starting up.." If ($xmlinput.Configuration.Farm.ManagedAccounts) { # Get the members of the local Administrators group $builtinAdminGroup = Get-AdministratorsGroup $AdminGroup = ([ADSI]"WinNT://$env:COMPUTERNAME/$builtinAdminGroup,group") $LocalAdmins = $AdminGroup.psbase.invoke("Members") | ForEach-Object {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} # Ensure Secondary Logon service is enabled and started If (!((Get-Service -Name seclogon).Status -eq "Running")) { Write-Host -ForegroundColor White " - Enabling Secondary Logon service..." Set-Service -Name seclogon -StartupType Manual Write-Host -ForegroundColor White " - Starting Secondary Logon service..." Start-Service -Name seclogon } ForEach ($account in $xmlinput.Configuration.Farm.ManagedAccounts.ManagedAccount) { $username = $account.username $password = $account.Password $password = ConvertTo-SecureString "$password" -AsPlaintext -Force Try { Write-Host -ForegroundColor White " - Creating local profile for $username..." -NoNewline $credAccount = New-Object System.Management.Automation.PsCredential $username,$password $ManagedAccountDomain,$ManagedAccountUser = $username -Split "" # Add managed account to local admins (very) temporarily so it can log in and create its profile If (!($LocalAdmins -contains $ManagedAccountUser)) { $builtinAdminGroup = Get-AdministratorsGroup ([ADSI]"WinNT://$env:COMPUTERNAME/$builtinAdminGroup,group").Add("WinNT://$ManagedAccountDomain/$ManagedAccountUser") } Else { $AlreadyAdmin = $true } # Spawn a command window using the managed account's credentials, create the profile, and exit immediately Start-Process -WorkingDirectory "$env:SYSTEMROOTSystem32" -FilePath "cmd.exe" -ArgumentList "/C" -LoadUserProfile -NoNewWindow -Credential $credAccount # Remove managed account from local admins unless it was already there $builtinAdminGroup = Get-AdministratorsGroup If (-not $AlreadyAdmin) {([ADSI]"WinNT://$env:COMPUTERNAME/$builtinAdminGroup,group").Remove("WinNT://$ManagedAccountDomain/$ManagedAccountUser")} Write-Host -BackgroundColor Blue -ForegroundColor Black "Done." } Catch { $_ Write-Host -ForegroundColor White "." Write-Warning " - Could not create local user profile for $username" break } } } Write-Host -ForegroundColor White " - Done Creating Local Profiles for Managed Accounts" } # Run the function CreateLocalProfiles $xmlinput
Input.xml
<?xml version="1.0" ?> <!-- General Instructions: 1. If you use the characters ' " < > & in your configuration (e.g. in passwords) you should encode them as follows: ' ' " " < < > > & & For example <Password>Fd"je&f</Password> should be written <Password>Fd"je&f</Password> 2. Configuration IS case sensitive. 3. Use a validator like http://www.w3schools.com/xml/xml_validator.asp to check the syntax of your file.--> <!-- The Farm section contains basic farm-wide settings --> <Configuration> <Farm> <!-- The ManagedAccounts section configures all accounts that will be have local profiles created for them. --> <ManagedAccounts> <!-- Add ManagedAccount nodes as required --> <ManagedAccount CommonName="spAdmin"> <username>DOMAINspAdmin</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spFarm"> <username>DOMAINspFarm</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spContentAppPool"> <username>DOMAINspContentAppPool</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spMySitesAppPool"> <username>DOMAINspMySitesAppPool</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spServiceAppPool"> <username>DOMAINspServiceAppPool</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spSearch"> <username>DOMAINspSearch</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spContentAccess"> <username>DOMAINspContentAccess</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spUPS"> <username>DOMAINspUPS</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spSuperUser"> <username>DOMAINspSuperUser</username> <Password></Password> </ManagedAccount> <ManagedAccount CommonName="spSuperReader"> <username>DOMAINspSuperReader</username> <Password></Password> </ManagedAccount> </ManagedAccounts> </Farm> </Configuration>
Create SharePoint Service Account Local Profiles
1. Copy the .ps1 and the .xml file to SharePoint server in question.
2. Edit the input.xml in Notepad (following the notes in the comments regarding syntax) to reflect the names and passwords of the service accounts you need to create local profiles for. Yes, storing passwords in text files/PS scripts is bad and many people will say bad things. Do it anyways knowing that you are responsible enough to copy and delete a text file off a server after a patch. 🙂 :
To add more accounts, just duplicate the node.
3. Execute the PowerShell in the SharePoint 2010 Management Shell (Start > Microsoft SharePoint 2010 Products > SharePoint Management Shell) by going to it’s folder in the command line and typing:
.CreateLocalProfiles.ps1 -inputfile c:input.xml
Obviously, adjust the folder path to the XML file as necessary.
4. The Script will run through and create your local profiles:
Credit again goes to BrianLala and the AutoSPInstaller project – he wrote this, I just stripped it out and re-jigged it.