我正在嘗試在 Windows Server 2022 上安裝 SQL Server Express 2022。
當我設定 Windows 伺服器時,我新增了軟體限制策略以防止安裝執行檔和 msi 檔案。我還為AppLocker添加了一些限制。
無論我嘗試什麼,當嘗試安裝 SQL Server 2022(或 19)時,該應用程式總是在兩個方面失敗。
中途出現一則彈出訊息: 出現以下錯誤。檔案 <%localpath%>/msoledbsql.msi 被數位簽章政策拒絕。
繼續短暫操作後,安裝稍後會失敗,並顯示以下訊息:系統策略禁止此安裝。請聯絡您的系統管理員。
它向我指出了一個日誌文件,我將其包含在下面:
=== Verbose logging started: 22/01/2024 09:45:45 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\x64\ScenarioEngine.exe ===
MSI (c) (AC:14) [09:45:46:000]: Resetting cached policy values
MSI (c) (AC:14) [09:45:46:000]: Machine policy value 'Debug' is 0
MSI (c) (AC:14) [09:45:46:000]: ******* RunEngine:
******* Product: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi
******* Action:
******* CommandLine: **********
MSI (c) (AC:14) [09:45:46:001]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (AC:14) [09:45:46:002]: Grabbed execution mutex.
MSI (c) (AC:14) [09:45:46:003]: Cloaking enabled.
MSI (c) (AC:14) [09:45:46:003]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (AC:14) [09:45:46:003]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (DC:40) [09:45:46:010]: Running installation inside multi-package transaction C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi
MSI (s) (DC:40) [09:45:46:010]: Grabbed execution mutex.
MSI (s) (DC:E0) [09:45:46:012]: Resetting cached policy values
MSI (s) (DC:E0) [09:45:46:012]: Machine policy value 'Debug' is 0
MSI (s) (DC:E0) [09:45:46:012]: ******* RunEngine:
******* Product: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi
******* Action:
******* CommandLine: **********
MSI (s) (DC:E0) [09:45:46:012]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (DC:E0) [09:45:46:055]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (DC:E0) [09:45:46:057]: SRSetRestorePoint skipped for this transaction.
MSI (s) (DC:E0) [09:45:46:061]: File will have security applied from OpCode.
MSI (s) (DC:E0) [09:45:46:087]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi' against software restriction policy
MSI (s) (DC:E0) [09:45:46:087]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi has a digital signature
MSI (s) (DC:E0) [09:45:46:261]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (DC:E0) [09:45:46:262]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (DC:E0) [09:45:46:263]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi is not permitted to run at the 'unrestricted' authorization level.
MSI (s) (DC:E0) [09:45:46:263]: The installation of C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi is not permitted by software restriction policy. The Windows Installer only allows installation of unrestricted items. The authorization level returned by software restriction policy was 0x0 (status return 0x0).
MSI (s) (DC:E0) [09:45:46:263]: Note: 1: 1718 2: C:\Windows\Installer\de178b1.msi
MSI (s) (DC:E0) [09:45:46:266]: MainEngineThread is returning 1625
MSI (s) (DC:40) [09:45:46:266]: No System Restore sequence number for this installation.
MSI (s) (DC:40) [09:45:46:267]: User policy value 'DisableRollback' is 0
MSI (s) (DC:40) [09:45:46:268]: Machine policy value 'DisableRollback' is 0
MSI (s) (DC:40) [09:45:46:268]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (DC:40) [09:45:46:268]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (DC:40) [09:45:46:268]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (DC:40) [09:45:46:268]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (AC:14) [09:45:46:270]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (AC:14) [09:45:46:270]: MainEngineThread is returning 1625
=== Verbose logging stopped: 22/01/2024 09:45:46 ===
正如您所看到的,日誌往往將失敗指向此部分:
MSI (s) (DC:E0) [09:45:46:263]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi is not permitted to run at the 'unrestricted' authorization level.
MSI (s) (DC:E0) [09:45:46:263]: The installation of C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi is not permitted by software restriction policy. The Windows Installer only allows installation of unrestricted items. The authorization level returned by software restriction policy was 0x0 (status return 0x0).
我對此嘗試了各種不同的方法。我目前以本機管理員根帳戶身分登錄,以管理員身分執行安裝程式等。全部軟體限制策略及其註冊表資料夾。我還刪除了 AppLocker 中的所有內容。我還檢查了軟體限制中的“為用戶運行而不是本地管理員帳戶”複選框(儘管現在為空)並重新啟動並刷新了 GPO,但無論我嘗試什麼,這根本行不通。
我在這裡缺少什麼? GPO 中是否有某些內容導致報告錯誤?或是 Windows Server 2022 中是否有錯誤,可能無法辨識我已移除軟體限制策略?
只是補充一下,如果出現問題,伺服器已連接到 Azure Arc。
非常感謝任何幫助。
答案1
我其實已經發現這個問題了。不幸的是,錯誤訊息的措辭完全不正確,讓用戶白費力氣。無法想像其他人會發現自己處於這種獨特的情況下,但為了以防萬一,這裡有解決方案!
我的 GPO 設定為永遠不會讓管理員帳戶鎖定,但如果偵測到嚴重的網路攻擊嘗試,伺服器防毒/維護軟體可能會覆蓋該設定。這意味著儘管該帳戶已被鎖定,但仍可以登錄,但會阻止對該帳戶進行任何管理操作。
這可以透過檢查 GPO 和防毒策略不競爭來解決,重要的是,存取lmgrusr.msc並解鎖任何鎖定的帳戶。