我的原型2008 R2在Azure上构建。我有工作code来部署虚拟机，检索X509证书，并建立WinRM的访问远程PowerShell在部署虚拟机。

I am prototyping a build of 2008 R2 on Azure. I have working code to deploy the VM, retrieve the x509 certificate, and establish WinRM access to remote Powershell on the deployed VM.

我需要安装一些pre-请求数我们的软件。其中之一是.NET 4。当我启动这个命令：

I need to install some pre-reqs for our software. One of those is .NET 4. When I launch this command:

调用命令-ConnectionUri $ azUri -Credential $ vmCreds -ScriptBlock {启动过程-FilePathC：\安装\ dotNetFx40_Full_x86_x64.exe-ArgumentList/ Q / norestart更新日志文件 - 等待}

我得到的设置事件日志此错误：

I get this error in the Setup event log:

的Windows更新无法安装访问被拒绝。 （命令行：wusa.exeC：\ 1112ac1e217ef544ae09 \ Windows6.1-KB958488-v6001-x64.msu程序/静音/ norestart更新日志文件）

我使用的使用与虚拟机本身创建的管理帐户是内置vim的信任状。通过PowerShell的使用FTP获得的文件（我鹅卵石的FTP功能一起使用.NET方法和一些google搜索）。

The creds I am using are built using the administrative account created with the VM itself. The file is obtained using FTP via Powershell (I cobbled an FTP function together using .net methods and some googling).

我工作的项目要求在我使用Microsoft提供清洁的默认图像中的一个，所以我不能自定义模板的时间提前。最终，这些业务也将通过一个配置管理工具，如厨师或木偶来进行的，所以我需要能够做到这一点的一个配置管理风格。

The project I am working on requires that I use one of the clean default images provided by Microsoft, so I can't customize the template ahead of time. Eventually these operations will also be performed by a config management tool such as Chef or Puppet, so I need to be able to do this in a config management style.

我已经试过这条命令的不同排列，这是最接近我已经能够得到它的工作。我禁用UAC并重新启动作为一个实验，这并没有改变行为。我的搜索迄今已发现有这个问题，但没有足够的解决方案，适合我的方案的其他人。

I have tried various permutations of this command and this is the closest I've been able to get it to working. I disabled UAC and rebooted as an experiment, which did not change the behavior. My searching so far has revealed other people having this problem, but no adequate solution that fits my scenario.

推荐答案

我碰到的这个问题，以及和我pretty的确定问题是WUSA不能被远程调用：

I've run into this as well and I'm pretty sure the problem is that wusa cannot be invoked remotely:

KB：Windows更新独立安装程序（WUSA）通过WinRM和部署的Windows .msu文件时返回0x5的ERROR_ACCESS_DENIED远程Shell

问题源于该.NET 4.0安装程序有几个MSU更新，它要申请的事实。因为WUSA不能从远程命令执行，整个事情失败。

The problem stems from the fact that the .NET 4.0 installer has a couple of msu updates that it wants to apply. Because wusa can't be run from a remote command, the whole shebang fails.

编辑：我做了一些挖掘，发现了一个无证标志ParamaterInfo.xml - 的SkipMSUInstall标志将绕过MSU安装，否定WUSA调用，从而导致安装成功。我刚刚通过这个上几百服务器上运行，它的伟大工程。我们的安全策略不允许的CredSSP使用，所以我在本地复制每台服务器上安装文件，然后使用调用命令，并启动进程来运行安装。

I did some digging and found an undocumented flag in ParamaterInfo.xml - the SkipMSUInstall flag will bypass the msu installs, negating the wusa calls, resulting in a successful install. I've just run through this on a few hundred servers and it works great. Our security policies don't allow for CredSSP to be used, so I'm copying the install files locally on each server, then using Invoke-Command and Start-Process to run the installs.

以下修改PowerShell的代码段：

Modified powershell snippet below:

$servers = get-Content c:\temp\serverlist.txt

foreach ($server in $servers) {
  $session = New-PSSession -ComputerName $server -Credential $credential
  Invoke-Command -session $session -asJob -scriptBlock {
    Start-Process "C:\Temp\dotNetFx40_Full_x86_x64\setup.exe" -ArgumentList "/passive /norestart /SkipMSUInstall" -Wait -Passthru
    }
  }