Correct syntax for Un-Attended install of HPC Pack 2016 client RRS feed

  • Question

  • Trying to automate the install of the client side portions of HPC pack but I cannot associate a certificate.

    Each time I get a syntax error around specifying the password for the certificate but can't find any documentation on how to set it up properly as it seems as though I cannot install HPC pack without the cert.

    Wednesday, July 18, 2018 5:47 PM

All replies

  • you could run setup.exe /? to get the help.

    And if you set up through GUI manually, you can refer to the logs under c:\windows\temp\hpcsetup\HPCSetupLogs-xxxxx\chainer.txt, the first line will tell you the setup commandline such as:

    06:09:01.879 -  Command arguments : -Unattend -ClusterName:"HPCBVT2HN" -HeadNode -HeadNodeList:"HPCBVT2HN" -SSLPfxFilePath:"z:\tests\setup\test.pfx" -SSLPfxFilePassword:******

    THus, for client silent installation, it will be like: setup.exe -unattend -client

    You don't need specify cert for client installation. 

    Qiufang Shi

    Thursday, July 19, 2018 2:32 AM
  • Actually I misspoke, I am trying to set up a compute node and I cannot for the life of me get the following command to work properly:

    & C:\HPC2016\5.1.6086.0\setup.exe -Unattend -ComputeNode:pwawoscm552400C -SSLPfxFilePath:'C:\hpccomm.pfx' -SLPfxPassword:'passwordhere'

    I get the error window that tells me "The parameter SSLPfxPassword is incorrect or it is in the wrong format."

    However no guidance is given about what the format should be.  I know the password is correct because I can install it with the GUI.  I also checked the logs as you suggested, and when you import the cert, it just imports it without displaying the command line.

    so what is the correct format?  

    I have tried loading the password into a variable using the ConvertTo-SecureString cmdlet and then passing the $secure_string_pwd as a variable.  tried the plaintext password in quotes, unquoted same result each time.

    Friday, July 20, 2018 4:32 AM
  • Please check below commandline we used in testing: suppose you shouldn't use single quote. And the last one should be SSLPfxPassword instead of SLPfxPassword

    \\<HN>\REMINST\setup.exe -unattend -ComputeNode:<HN> -SSLPfxFilePath:"\\<HN>\REMINST\test.pfx" -SSLPfxFilePassword:"mypassword"

    Qiufang Shi

    Saturday, July 21, 2018 9:44 AM
  • Hi Qiufang,

    Sorry to reopen this old case but I did have a problem when try to deploy hpc client only in unattended mode. The version I try to deploy is HPC2016update3 v5.3.6435

    Go to \\hpcheadnode\reminst double click setup.exe and go through gui, everything works great. If I use command line, setup.exe -Unattend -Client -ClusterName:"hpcheadnode". Installation doesn't throw any error. Open Job manager without issue. But when trying to open cluster manager and setup connection to hpcheadnode, I get error like below.

    "The connection to the management service failed. detail error: Microsoft.Hpc.RetryCountExhaustException: Retry Count of RetryManager is exhausted. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure."

    I follow your method to check chainer log of gui installation. Unfortunately the first line only shows "timestamp  -  Command arguments :". There is no information after command arguments.

    Headnode uses self signed certificate not public CA issued certification. I don't think install client only will require pfx because gui installation doesn't ask either.

    Could you try client unattended installation on your end to see if your can reproduce the  problem?

    Thank you very much for your time.


    • Edited by lijun1234 Wednesday, September 11, 2019 12:33 AM
    Tuesday, September 10, 2019 7:51 PM
  • Hi Jun,

    You can add a DWORD type registry value with name "CertificateValidationType" and value 0 under the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\HPC to skip the CA validation. If the registry key does not exist, create the registry key first.

    • Proposed as answer by lijun1234 Wednesday, September 11, 2019 2:34 AM
    Wednesday, September 11, 2019 2:02 AM
  • Hi Sunbin

    Your magic works. The key does exist but with value 1. During gui installation process, I do get a step to select skip certification check but this option doesn't exist under setup.exe option. The command I use according to your solution is  reg add hklm\software\microsoft\hpc /v CertificateValidationType /t reg_dword /d 0 /f

    Thank you and qiufang.


    • Edited by lijun1234 Wednesday, September 11, 2019 2:40 AM
    Wednesday, September 11, 2019 2:34 AM