通过

Deployment–Introducing PowerShell Deployment Toolkit

  • 项目

In this post, I want to provide an overview of the “PowerShell Deployment Toolkit”, or PDT. PDT is a set of scripts and knowledge that can be used to deploy… well, probably just about anything, but the samples we provide are for deployment of System Center 2012 SP1. There’s nothing to stop someone from modifying the XML files provided with PDT to deploy something else, but that’s not to say that would be the correct way to deploy other technologies.

Of course, System Center itself provides ways to deploy software or even complete services. Software distribution has been a core capability of Configuration Manager ever since I’ve been working with it – at least 17 years – and it’s certainly true that Configuration Manager has a very sophisticated and reliable way to distribute software to vast numbers of geographically distributed devices. Virtual Machine Manager includes a capability called Service Templates that allows for complete services to be deployed, including the virtualization resources to support those services. Service Templates also allow for servicing of those services.

PDT is absolutely not intended to replace any of those capabilities. Rather, PDT is intended to help solve the chicken and egg problem – I need System Center for all of those advanced software and service deployment capabilities, but without System Center already in place how do I deploy System Center? Internally at Microsoft, with every milestone during development – CTP, Beta, RC, RTM – we rebuild the SCDemo environment to allow our field to learn the new capabilities we are delivering. PDT is the automation we use to do those rebuilds very quickly – usually in 2-4 hours. Yes, just 2-4 hours to deploy all of System Center including SQL and all prerequisites in a highly available configuration including all of the automatable post-setup integration. We want to provide you with the same efficiency.

It is going to take a whole series of posts to explain all of the capabilities of PDT, so I’ll start in this post with a simple overview and sample deployment. PDT requires that the servers that System Center will be deployed to are already running, members of an Active Directory domain, and you have administrator permissions to those servers. They can be physical or virtual, and can even be on any virtualization platform – PDT doesn’t care. They just need to be running Windows Server – and in most cases, that can be either Windows Server 2012 or Windows Server 2008 R2. The only exceptions to this are that the server for the Virtual Machine Manager Management server must be Windows Server 2012, and the server for the Service Manager SharePoint Web Parts server must be Windows Server 2008 R2. You will also need all the software to be used in the deployment – System Center components, SQL Server, and prerequisite software – downloaded and available in a specific folder structure. Getting that part right is the subject of another post.

PDT is posted to the TechNet Gallery here.

PDT consists of 5 files:

  • Installer.ps1 is the PowerShell script that you run to actually perform the deployment. It should be run from a system that is not a target system for the deployment itself – it can even be run from a workstation.
  • Workflow.xml contains all the “knowledge” of how to deploy system center – we will look in more detail at the content of this file in later posts.
  • Variable.xml is the file that you modify to define your deployment.
  • Downloader.ps1 is a utility to allow you to obtain all the software required to deploy. Using this utility will be the topic of another post.
  • VMCreator.ps1 is a utility to quickly create domain joined VMs on which to deploy. Using this utility will be the topic of another post.

The only one of these files that you should modify is Variable.xml – the sample provided in the initial PDT post in the TechNet Gallery deploys a minimal installation of System Center 2012 SP1 with a single server per component (three for Service Manager), exactly the same way that Unified Installer did for System Center 2012, but with additional roles and integration completed.

Those of you brave enough to try this at this point, just edit Variable.xml replacing the “Variable” entries with appropriate values for your environment, and the “Role” entries with appropriate server names, then run Installer.ps1.  If there are roles you don’t want to deploy, just delete those entries from the “Roles” section.

Later posts in this blog will go into detail about how PDT works and how to customize it for your deployment needs.

Comments

  • Anonymous
    January 01, 2003
    Mads - the certificate common name has to match the server FQDN, so change "-dnsname SystemCenter" to the FQDN of the SPF server, and it should work.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The Mother of all Automation Tools is out ! I had the chance to share with my customer a real-time demo by @Rob himself from Texas, and frankly, this is IT ! :-) Outstanding job, Man.

  • Anonymous
    January 01, 2003
    I have this error too, but the recommended fix is just part of catch 22's all around this particular deploy of the last vm. I've only minimally changed variable.xml by using my domain name and credentials except for the vhd file I changed to my Windows Server 2012 DataCenter I created with Convert-WindowsImage.ps1 The first problem is that the scripts are set up to create 10 vm's and all with the one vhd file but the Installer.ps1 fails validation for windows version on the 10th vm (Server20).  It needs to be Windows Server 2008 R2.  I've resolved this by adding <VM Count="10"> section pointing to a vhd of the correct os. The second problem is that it now passes the OS validation but then fails the validation described above.. why?  Because Windows 2008 R2 doesn't have PKI.  Catch22 right there. What am I missing?  Seems maybe I have an environment problem somewhere or others would have seen this?

  • Anonymous
    January 01, 2003
    Latest PDT (that supports 2012 R2) is here: gallery.technet.microsoft.com/PowerShell-Deployment-822d44c7 It even supports the creation of your Active Directory! Dave

  • Anonymous
    January 01, 2003
    Hi Bob yes it does. once the install is completed you are good to go. Davey

  • Anonymous
    January 01, 2003
    Mark - if you want to email me, I'm happy to work through the issues with you.  There's almost always a good explanation - validation does not catch every possible installation error.  My email address is in the scripts. Rob

  • Anonymous
    January 01, 2003
    My experience using PDT to build a home lab... www.systemcentercentral.com/my-2nd-week-with-the-powershell-deployment-toolkit-pdt

  • Anonymous
    January 01, 2003
    Sam - ADK was updated recently, I have to update Workflow.xml to reflect that. If you use -SkipValidation, it may or may not work depending on whether the updated ADK has new Windows Installer product codes or not. Will plan to post updated Workflow.xml later today or this weekend.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi Owais. I was also getting the same error. But finally, I got the solution of this problem. This is because your localhost machine or the machine from which you are running this powershell script is not able to contact to the DC. So, I would suggest you to make this machine a member of domain (if not, already) or rejoin it to the domain (if already a member of domain) and then try again. I hope this will work. Thanks

  • Anonymous
    January 01, 2003
    Simon - check the troubleshooting PDT blog post for details on where the logs are - they should help you determine where it is stuck.

  • Anonymous
    January 01, 2003
    Paul - re PDT/SC2012 R2 and TechEd Australia, can you email me - my address is in the PDT scripts.  Thanks!

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Server20 had a couple of validation fails(OS and RPC locater) that I had fixed and so the next failure I figured was the same server but was actually Server14.  I created the certificate on Server14 and validations are working now.  Thanks for the -ValidateOnly flag in v2.4  =)

  • Anonymous
    January 01, 2003
    Terry - That's a Service Manager requirement, which in turn is a SharePoint 2010 requirement - not specific to PDT.

  • Anonymous
    January 01, 2003
    Why this? --> "...the Service Manager SharePoint Web Parts server must be Windows Server 2008 R2."

  • Anonymous
    January 01, 2003
    Hi Rob, In the variable.xml file I had changed the corresponding values <Variable Name="SystemCenter2012SP1ServiceManagerAdminRoleGroup" Value="tfSMAdmins" /> <Variable Name="SystemCenter2012SP1ServiceManagerPortalUsers" Value="tfDomain Users" /> Our domain is tf.local But when we are running the installer script we are getting the following error when its validating AD  Principal: SystemCener2012ServiceManagerAdmin Role Group... Exception calling "FindOne" with "0" arguements. the specified domain either does not exist or could be contacted and its finally telling tfSMAdmins is not a valid Security Principal We have created a group called as SMAdmins in our AD.. So why are we facing this issue? We are also unable to move forward if we remove that variable.

  • Anonymous
    January 01, 2003
    This is amazing! I'm getting ready to deploy OM12 I look forward to reading these to see how I can use them to deploy OM12.

  • Anonymous
    January 01, 2003
    Hi Sky Microsoft updated the windows MP a couple of weeks ago.  As a result you will need to change the size in the workflow xml document. you will need to update it to be this.        <File>Microsoft.Windows.Server.Library.mp</File>        <FileSize>72336</FileSize> Davey

  • Anonymous
    January 01, 2003
    how do you have other vms login automatically? right now it seems only the domain controller one does...

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    D.Hubert - no, you should use the VMM service templates for those, not PDT.

  • Anonymous
    January 01, 2003
    I'm getting validation errors with the Installer.ps1 script, specifically with 'Validating Servers and Access'. The odd thing is that if I run the validation multiple times, the number of servers that fail validation for Current User, and !Installer access will change. What exactly is being checked? PS: I am running the Installer.ps1 script from the Domain Controller, as this seemed to be required to get past the Service Account validation errors.

  • Anonymous
    January 01, 2003
    Which roles are failing validation?  SPF is the only one that requires a certificate, and it also requires Windows Server 2012.  The Service Manager SharePoint Web Parts Server is the only one that requires Windows Server 2008 R2 - so I suspect you have a bad combination.  Also, please try with version 2.4, there are more validations in there that might pinpoint the issue closer.

  • Anonymous
    January 01, 2003
    Matt - thanks for bringing this to our attention.  While we look into it, you can manually download from the eval link on microsoft.com/windowsserver, and extract the ISO to a folder WindowsServer2012 in your download location – the downloader will then skip attempting to download that item.

  • Anonymous
    February 28, 2013
    Very cool stuff! - looking forward to trying it out in real life!

  • Anonymous
    March 19, 2013
    I'm really looking forward to further explanations of the tool. It seems like a huge time saver.

  • Anonymous
    March 22, 2013
    How to prepare the PDT's Env? Now I got error information as follows. Validating...  Validating certificates for roles...    Role: System Center 2012 SP1 Service Provider Foundation Server... Failed Validation failed Can you give some advice? Best Regards, shan

  • Anonymous
    March 22, 2013
    SPF requires a certificate for installation – you can create one with PowerShell New-SelfSignedCertificate, or you can remove the SPF server from the deployment by removing those lines from the <Roles> section of variable.xml

  • Anonymous
    April 16, 2013
    The comment has been removed

  • Anonymous
    April 24, 2013
    The comment has been removed

  • Anonymous
    May 21, 2013
    I'm trying to get the Installer to run, I'm getting one error around System Center 2012 SP1 Management Packs - incorrect size for Microsoft.Windows.Server.Library.mp. I've attempted the one that was downloaded, also grabbed a copy from two different versions of System Center ISO's that I have (2012, 2012SP1), same issue. Any suggestions on how to resolve this issue?

  • Anonymous
    May 28, 2013
    Does this install the service manager portal as well?

  • Anonymous
    June 07, 2013
    Have anyone gotten past this message: Validating certificates for roles... Role: System Center 2012 SP1 Service Provider Foundation Server... Failed Validation failed I have tried creating a self-signed certificate "new-selfsignedcertificate -dnsname SystemCenter -certstorelocation cert:localmachinemy but even when this certificate is placed at "personal" and "trusted root" the installation will not continue.. Does anyone please guide me to a solution (skipping the role is not at solution) :) Thanks.

  • Anonymous
    June 11, 2013
    I am getting error in "Validating role security principals" while running Installer script. Rest of the things are fine but I am stucked at this point. I have already created Admin Role Group for Service Manager but its giving an error that "ContosoSMAdmins" is not a valid security principal" Any help would be really appreciated. Thanks

  • Anonymous
    June 15, 2013
    Hi Rob, Will PDT support System Center 2012 R2? I'm about to submit a session suggestion for TechEd Australia 2013 and I'd like to cover PDT in the session as a way to quickly get SC up and running.

  • Anonymous
    July 04, 2013
    To create the certificates I used the following script - replace contoso.local with your Domain Name! $compname = (gwmi win32_computersystem).Name.Trim() $dnsname = $compname + ".contose.local" Get-Module PKI Import-Module PKI New-SelfSignedCertificate -DnsName $dnsname  -CertStoreLocation cert:LocalMachineMy (This only works on W2K12...)

  • Anonymous
    August 08, 2013
    Is there a plan to update this for R2? If I replaced the bits in the SytemCenterSP1 folders with R2 bits would this still work or would I need to further edit the scripts?

  • Anonymous
    September 06, 2013
    Just to follow up on the problems I was having back in July... First, thanks to Rob for his assistance sorting things out.  Second, the issues I was having were the result of two separate problems. The first problem was having "special" characters in the password being used for the various accounts.  This caused no end of grief.  My using only alphanumeric characters this problem was solved. The second problem was the result of service that were supposed to automatically start not starting.  In other words, a service's properties indicated it should start when the system was booted, but it did not start; and there was nothing in the error log to indicate why it did not start.  (BTW, I have also seen this happen with the POP service used by Exchange.) The solution to the second problem was to start the services and then re-run the PDT installer.  This allowed it to pick up where it left off, and eventually everything was successfully deployed.

  • Mark

  • Anonymous
    September 11, 2013
    The comment has been removed

  • Anonymous
    November 20, 2013
    dear Rob I get this error and I can't find any faut Validating (ActiveDirectory)...  Validating role security principals...    System Center 2012 R2 Data Protection Manager security principals      Principal: SystemCenter2012R2DataProtectionManagerAdminGroup... Failed        SERVICESDPMAdmins is not a valid security principal Heinz

  • Anonymous
    January 15, 2014
    This post isn’t going to tell you how to install System Center screen by screen as there are some 434

  • Anonymous
    January 15, 2014
    This post isn’t going to tell you how to install System Center screen by screen as there are some 434

  • Anonymous
    January 15, 2014
    This post isn’t going to tell you how to install System Center screen by screen as there are some 434

  • Anonymous
    February 03, 2014
    Could you please tell me, whether it makes sense to integrate Exchange 2013 and Sharepoint 2013 in PDT. Is this already planned or is there already a way to do it?

  • Anonymous
    May 08, 2014
    Hi All,
    Aidan E : VMCreator.PS1 needs only Variable.xml (The Section ) and Workflow.xml.
    Rob, can you advise please : I'm using PDT 2600 (PDT 2.64.2608) to deploy SC 2012 R2 and WAP 2013. DPM always fails to install, the DPM log contains some lines and no errors are mentioned, it's like that the installation stops unexpectedly (never begins). Going through the workflow.xml, it seems the an INI file (installer.ini) is generated with the DPM setup options ( the [options]) then copied to the $TempPath. Obviously, i'm unable to find that file on the DPM server, all the other folders are there (DPM Sources...). I suspect his to be the culprit, Any idea please ?
    Thanks Rob, amazing work!

  • Anonymous
    May 23, 2014
    Hi, I'm trying the PDT for the first time in a lab. I'm using a 1 U HP G6 server with 72 GB RAM, dual Xeon sockets, 2 TB mirrored disks drive D:
    I've installed Winrar and WebPI
    I've edited variable AD.xml to change download folder to d:pdtinstaller, updated domain name, default pwds, default VM locations (all to d: instead of c:)
    I've manually expanded the Server 2012 R2 and SC 2012 R2 isos into the correct folders
    D:PDTInstallerWindowsServer2012R2
    d:pdtInstallerSystemCenter2012R2AppController
    d:pdtInstallerSystemCenter2012R2ConfigurationManager
    d:pdtInstallerSystemCenter2012R2DataProtectionManager
    d:pdtInstallerSystemCenter2012R2OperationsManager.en
    d:pdtInstallerSystemCenter2012R2Orchestrator
    d:pdtInstallerSystemCenter2012R2ServiceManager
    d:pdtInstallerSystemCenter2012R2VirtualMachineManager
    - I ran the Downloader again to get SC 2012 R2 pre-requisites.
    It reports missing SC 2012 SP1 and Server 2012. I'm not concerned about that since I intend to use Server 2012 R2 and SC 2012 R2 not the older 2012 versions.
    - I ran VMCreator. It passes all tests except:
    Windows Automated Deployment Kit 8.1... Failed - d:pdtInstallerPrerequisitesADK81adksetup.exe incorrect version
    and
    Windows Server 2012... Failed - d:pdtInstallerWindowsServer2012setup.exe missing => I'm not concerned about that
    - I verified the D:PDTInstallerPrerequisitesADK81adksetup.exe version 8.100.26629.0
    I intend to bypass the validation by running the -SkipValidation switch, but before I do that, does anyone know about this "ADK81 incorrect version" message?
    Thanks

  • Anonymous
    May 29, 2014
    The comment has been removed

  • Anonymous
    June 12, 2014
    The comment has been removed

  • Anonymous
    January 14, 2015
    Hey Rob, How does a service provider get a hold of SPORK?