Sitecore 9.1 SIF: Distributed Installation 101… and 1 Gotcha
If you plan on leveraging Sitecore 9.1 SIF to perform a distributed installation, there are few keys things to consider.
Contents
What is a Distributed SIF Installation
In a Distributed SIF Installation, which is a feature available starting with Sitecore 9.1, you can select the desired implementation level such as XM1 or XP1 and deploy “all at once” to your targets.
As an example, if you had a Virtual Machine (VM) for the CMS/Processing/Reporting roles, a VM for the Identity Server role, another VM for CDS role, and finally another VM for xConnect… you can install all the roles from a single server instead of installing a server at a time.
This server is referred to as the Distributor (Source) while the servers you are installing roles onto are the Target (Destination) servers.
Enable PS-Remoting
PS-Remoting must be installed on all the target servers. As a matter of practice, I also like to install it on the distributor. This opens up WinRM and other communication aspects so you can deploy from source to target.
PS-Remoting is enabled by running the following PowerShell command on the desired servers:
Enable-PSRemotingA basic test to confirm connectivity is as follows:
Test-WSMan -ComputerName "scrusktarget1.sitecore.local"SIF Deployment Account
An Active Directory account with local machine Administrator access is required to deploy across the targets. Without this, the remote servers can’t execute the required PowerShell as it needs Admin rights.
Create a single user in AD (making sure all your Sitecore Servers are domain joined) and add this account to the local admin group on each server. If you create an generic user with the same name on each server, it will fail as these are technically not the same user account.
In your Distributed SIF PowerShell, you should see the following section. This is where you will get prompted to add the name and password of your AD Deployment User.
#Getting Hosts User credentials:
Write-Host "Hosts user name: "
$HostsUserName = Read-Host
Write-Host "Hosts user password: "
$HostsUserPassword = Read-Host
Clear-HostMake Sure Prerequisites are Installed
You must install the Sitecore Prerequisites on every Sitecore and Solr Target
In the past, installing the Sitecore 9 Prereqs was painful and likely required you to develop or find your own script. In Sitecore 9.1, Sitecore provides a SIF Prereqs JSON file to automate this process.
Important: You will need to install SIF on each VM, noting the correct version before you run the SIF Prereqs. Please see the Sitecore Installation Guide for details (this can be downloaded from the Sitecore Downloads page.
One approach to installing SIF via PowerShell is as follows:
Register-PSRepository -Name sc-powershell -SourceLocation https://sitecore.myget.org/F/sc-powershell/api/v2
# Install Sitecore Fundamentals (Required for Standard Operations)
Install-Module -Name "SitecoreFundamentals" -RequiredVersion "1.1.0" -Repository "sc-powershell" -Force
# Install Sitecore Install Framework
Install-Module -Name "SitecoreInstallFramework" -RequiredVersion "2.0.0" -Repository "sc-powershell"Make Sure all WDP Packages and SIF Resources are Saved on the Target Servers
When you run a Distributed Installation, the Powershell executed on the target machine will look for its own file system for the WDP Packages and SIF Resources to complete its role deployment (ex. CDS).
To that end, Sitecore recommends that you use the same folder name and location on each target server, such as c:\resourcefiles
Can’t Install Roles Onto Itself (Distributor Can’t Deploy to Itself)
And now for the gotcha. Where you deploy from is critical. One might think that you can use one of your Sitecore servers as the Distributor. As an example, that you would execute the Distributed Installation from your CMS Server and target the other servers that have differing roles.
However, a Sitecore 9.1 SIF Distributed Installation cannot deploy to itself. As it is using PS-Remoting, you will be unable to install a role on the Distributor because it can’t remote to itself.
So, what options do you have? You need to have a machine (or VM) on the domain to act as the dedicated Distributed that will not have Sitecore or Solr roles installed on it. This can be a “Utility Server” for long term use, or a temporary machine used for installation purposes.
Thanks for pointing out this gotcha! Do you have guidance for the Certificates during the installation? The Install-XP1-Distributed.ps1 script (or one of the scripts called from the SIF module) appears to generate a self-signed cert for the Identity server and I don’t see a way to specify the certificate that we have already requested and installed on the ID server from the Enterprise CA.
Thanks in advance for any guidance!!!
Error:
Install-SitecoreConfiguration : Unable to parse [variable(‘IdentityServer_Session’)] – Exception calling “Evaluate”
with “2” argument(s): “The running command stopped because the preference variable “ErrorActionPreference” or common
parameter is set to Stop: Unable to parse [NewPSSession(ComputerName:parameter(‘IdentityServer_ComputerName’),Credentia
l:variable(‘IdentityServer_Credential’),SessionOption:variable(‘IdentityServer_SessionOption’),UseSSL:true)] –
Exception calling “InvokeWithContext” with “2” argument(s): “The running command stopped because the preference
variable “ErrorActionPreference” or common parameter is set to Stop: [FQDN of Identity Server] Connecting to remote
server FQDN of Identity Server failed with the following error message : The client cannot connect to the destination
specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the
logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the
destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM
service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.””
At C:\resourcefiles\Install-XP1-Distributed.ps1:206 char:1
+ Install-SitecoreConfiguration @DistributedDeploymentParams -Verbose * …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-SitecoreConfiguration
[TIME] 00:00:13
GetConfigFunctionResult : Unable to parse [variable(‘IdentityServer_Session’)] – Exception calling “Evaluate” with “2”
argument(s): “The running command stopped because the preference variable “ErrorActionPreference” or common parameter
is set to Stop: Unable to parse [NewPSSession(ComputerName:parameter(‘IdentityServer_ComputerName’),Credential:variable
(‘IdentityServer_Credential’),SessionOption:variable(‘IdentityServer_SessionOption’),UseSSL:true)] – Exception calling
“InvokeWithContext” with “2” argument(s): “The running command stopped because the preference variable
“ErrorActionPreference” or common parameter is set to Stop: [FQDN of Identity Server] Connecting to remote server
FQDN of Identity Server failed with the following error message : The client cannot connect to the destination
specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the
logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the
destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM
service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.””
At C:\Program Files\WindowsPowerShell\Modules\SitecoreInstallFramework\2.1.0\Private\JsonConfiguration.ps1:226 char:20
+ … return GetConfigFunctionResult -FunctionText $InputObject -Param …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,GetConfigFunctionResult
Hi Michael,
I would deploy the default and then post op, apply your Enterprise CA.
What is the solution for this query
Hi Michael,
You need to ensure that you have a domain user account. I like to create one as an AD User and add it to the Domain Admins account. When running SIF, I then use this as the deployment account with the domain (ex. mydomain\scdeploy).
What I have found with that error is, if when you kick off your deploy, if you have a command prompt up with netstat -an at the ready (run it several times after starting the install) you will see a SYN_SENT as it’s trying to communicate over port 5986 and fail because winrm does not have a listner for SSL which is 5986 (port 80 is 5985). I ran these two commands after the fact and enabled the listner for SSL:
1.) $cert = Get-ChildItem -Path Cert:\LocalMachine\My\
2.) New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force
Reference Article:
https://stackoverflow.com/questions/41890240/winrm-cannot-create-a-winrm-listener-on-https-due-to-incorrect-ssl-certificate
Correct Eric, this is why it’s important to setup up WinRM listeners over SSL.
Hi, I met below error during installation. Appreciate if you can enlighten?
[—————- IdentityServer_CopyResourceFilesToRemote : CopyItem ————————————————]
Resolving ConfigFunction extension ‘concat’
Resolved ‘Invoke-ConcatConfigFunction’
Resolving ConfigFunction extension ‘JoinPath’
Resolved ‘Invoke-JoinPathConfigFunction’
Resolving ConfigFunction extension ‘concat’
Resolved ‘Invoke-ConcatConfigFunction’
Invoke-ConcatConfigFunction
Concatenating: identityserver.sif.org.sg .pfx
Result: identityserver.sif.org.sg.pfx
Invoke-JoinPathConfigFunction
Joining: C:\certificates identityserver.sif.org.sg.pfx
Result: C:\certificates\identityserver.sif.org.sg.pfx
Resolving ConfigFunction extension ‘JoinPath’
Resolved ‘Invoke-JoinPathConfigFunction’
Resolving ConfigFunction extension ‘concat’
Resolved ‘Invoke-ConcatConfigFunction’
Invoke-ConcatConfigFunction
Concatenating: SitecoreRootCert .pfx
Result: SitecoreRootCert.pfx
Invoke-JoinPathConfigFunction
Joining: C:\certificates SitecoreRootCert.pfx
Result: C:\certificates\SitecoreRootCert.pfx
Invoke-ConcatConfigFunction
Concatenating: System.Object[] System.Object[]
Result: .\IdentityServer.json C:\resourcefiles\license.xml .\importcert.json
C:\certificates\identityserver.sif.org.sg.pfx C:\certificates\SitecoreRootCert.pfx
Resolving ConfigFunction extension ‘NewPSSession’
No current registration for NewPSSession attempting to locate match from available commands.
Registering ConfigFunction extension ‘NewPSSession’ => ‘New-PSSession’
Resolved ‘New-PSSession’
Resolving ConfigFunction extension ‘NewPSCredential’
Resolved ‘Invoke-NewPSCredentialConfigFunction’
Resolving ConfigFunction extension ‘ConvertToSecureString’
Resolved ‘ConvertTo-SecureString’
Resolving ConfigFunction extension ‘NewPSSessionOption’
No current registration for NewPSSessionOption attempting to locate match from available commands.
Registering ConfigFunction extension ‘NewPSSessionOption’ => ‘New-PSSessionOption’
Resolved ‘New-PSSessionOption’
Install-SitecoreConfiguration : Cannot bind argument to parameter ‘Path’ because it is null.
At C:\resourcefiles\XP1-Distributed.ps1:205 char:1
+ Install-SitecoreConfiguration @DistributedDeploymentParams -Verbose * …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-SitecoreConfiguration
You need to check your networking and ensure you are using the correct deployment account. If you modified SIF, please track your changes.