SQL Server 安装因软件限制策略而失败-但服务器上不存在策略?

SQL Server 安装因软件限制策略而失败-但服务器上不存在策略?

我正在尝试在 Windows Server 2022 上安装 SQL Server Express 2022。

当我设置 Windows 服务器时,我添加了软件限制策略,以防止安装可执行文件和 msi 文件。我还对 AppLocker 添加了一些限制。

无论我尝试什么,当尝试安装 SQL Server 2022(或 19)时,应用程序总会在两个方面不断失败。

  1. 中途会弹出一条消息,内容如下: 发生了以下错误。文件 <%localpath%>/msoledbsql.msi 被数字签名策略拒绝。 错误消息提示 .msi 文件被数字签名策略拒绝。

  2. 安装在短暂继续后会失败并显示以下消息:系统策略禁止此安装。请联系系统管理员。 安装失败错误消息建议系统策略禁止该进程。

它指向一个日志文件,我已将其包含在下面:

=== Verbose logging started: 22/01/2024  09:45:45  Build type: SHIP UNICODE 5.00.10011.00  Calling process: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\x64\ScenarioEngine.exe ===
MSI (c) (AC:14) [09:45:46:000]: Resetting cached policy values
MSI (c) (AC:14) [09:45:46:000]: Machine policy value 'Debug' is 0
MSI (c) (AC:14) [09:45:46:000]: ******* RunEngine:
           ******* Product: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi
           ******* Action: 
           ******* CommandLine: **********
MSI (c) (AC:14) [09:45:46:001]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (AC:14) [09:45:46:002]: Grabbed execution mutex.
MSI (c) (AC:14) [09:45:46:003]: Cloaking enabled.
MSI (c) (AC:14) [09:45:46:003]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (AC:14) [09:45:46:003]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (DC:40) [09:45:46:010]: Running installation inside multi-package transaction C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi
MSI (s) (DC:40) [09:45:46:010]: Grabbed execution mutex.
MSI (s) (DC:E0) [09:45:46:012]: Resetting cached policy values
MSI (s) (DC:E0) [09:45:46:012]: Machine policy value 'Debug' is 0
MSI (s) (DC:E0) [09:45:46:012]: ******* RunEngine:
           ******* Product: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi
           ******* Action: 
           ******* CommandLine: **********
MSI (s) (DC:E0) [09:45:46:012]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (DC:E0) [09:45:46:055]: Note: 1: 2203 2: C:\Windows\Installer\inprogressinstallinfo.ipi 3: -2147287038 
MSI (s) (DC:E0) [09:45:46:057]: SRSetRestorePoint skipped for this transaction.
MSI (s) (DC:E0) [09:45:46:061]: File will have security applied from OpCode.
MSI (s) (DC:E0) [09:45:46:087]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi' against software restriction policy
MSI (s) (DC:E0) [09:45:46:087]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi has a digital signature
MSI (s) (DC:E0) [09:45:46:261]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (DC:E0) [09:45:46:262]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (s) (DC:E0) [09:45:46:263]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi is not permitted to run at the 'unrestricted' authorization level.
MSI (s) (DC:E0) [09:45:46:263]: The installation of C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi is not permitted by software restriction policy. The Windows Installer only allows installation of unrestricted items. The authorization level returned by software restriction policy was 0x0 (status return 0x0).

MSI (s) (DC:E0) [09:45:46:263]: Note: 1: 1718 2: C:\Windows\Installer\de178b1.msi 
MSI (s) (DC:E0) [09:45:46:266]: MainEngineThread is returning 1625
MSI (s) (DC:40) [09:45:46:266]: No System Restore sequence number for this installation.
MSI (s) (DC:40) [09:45:46:267]: User policy value 'DisableRollback' is 0
MSI (s) (DC:40) [09:45:46:268]: Machine policy value 'DisableRollback' is 0
MSI (s) (DC:40) [09:45:46:268]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (DC:40) [09:45:46:268]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (DC:40) [09:45:46:268]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (DC:40) [09:45:46:268]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (AC:14) [09:45:46:270]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (AC:14) [09:45:46:270]: MainEngineThread is returning 1625
=== Verbose logging stopped: 22/01/2024  09:45:46 ===

如您所见,日志倾向于将故障指向此部分:

MSI (s) (DC:E0) [09:45:46:263]: SOFTWARE RESTRICTION POLICY: C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi is not permitted to run at the 'unrestricted' authorization level.
MSI (s) (DC:E0) [09:45:46:263]: The installation of C:\ProgramData\Plesk\Installer\SQL2022EXPRADV_x64_ENU\1033_ENU_LP\x64\setup\SqlSupport.msi is not permitted by software restriction policy. The Windows Installer only allows installation of unrestricted items. The authorization level returned by software restriction policy was 0x0 (status return 0x0).

我尝试了各种不同的方法。我目前以本地管理员 root 帐户登录,以管理员身份运行安装程序等。我已删除全部软件限制策略及其注册表文件夹。我还从 AppLocker 中删除了所有内容。我还选中了软件限制中的为用户而不是本地管理员帐户运行复选框(尽管现在为空),然后重新启动并刷新了 GPO,但无论我尝试什么,这都不起作用。

我在这里遗漏了什么? GPO 中是否存在导致此故障报告错误的因素? 或者 Windows Server 2022 中是否存在错误,可能无法识别我已删除软件限制策略?

补充一下,如果出现问题,服务器将连接到 Azure Arc。

非常感谢您的帮助。

答案1

我确实发现了这个问题。不幸的是,错误消息的措辞完全不正确,并向用户发出了徒劳无功的警告。无法想象其他人会遇到这种特殊情况,但以防万一,以下是解决方案!

我的 GPO 设置为永不锁定管理员帐户,但如果检测到严重的网络攻击企图,服务器防病毒/维护软件可以覆盖该设置。这意味着尽管帐户被锁定,但仍可以登录,但会阻止对该帐户进行任何管理操作。

可以通过检查 GPO 和防病毒策略是否相互竞争来解决此问题,并且重要的是,前往lmgrusr.msc并解锁任何被锁定的帐户。

相关内容