EPiServer 7 Installation Error – $accountName is not a valid user or group

I ran into some problems the other day trying to install an EPiServer 7 site onto an old Windows 7 developer machine using EPiServer‘s Deployment Center. Everything seemed to be going well until I was hit with an account related error.

EPiServer's Deployment Center Error when installing EPiServer 7 without valid user or group.

Opening up the installation PowerShell script file in question (\EPiServer\CMS\7.0.586.1\Install\System Scripts\Install Site (No database).ps1) soon revield what was going on. Apparently the EPiServer installation process was attempting to update directory access rights on disk, but was failing to do so due to an invalid account name.

Install Site (No database).ps1

# Set up access rights for the destination folders
# Get the name of the user configured for anonymous access and the worker process accounts
$anonymousUserName = $webServer.AnonymousUserAccount($wizard.Site.SiteName)
$workerProcessGroups = $webServer.WorkerProcessAccounts($wizard.Site.AppPoolName)

if (![string]::IsNullOrEmpty($anonymousUserName))
{
  Set-EPiAccess -FileSystemPath $wizard.Site.SitePath -Grant "[OI][CI]R" -Identity $anonymousUserName
}

foreach($accountName in $workerProcessGroups)
{
  Set-EPiAccess -FileSystemPath $wizard.Site.SitePath -Grant "[OI][CI]R" -Identity $accountName

The anonymous user was set to IUSR as expected (195), but for some reason the $accountName variable from the $workerProcessGroup caused an error (200); it turned out to be set to the non-existing username TestAdmin rather than something useful (i.e. the group IIS_IUSRS).

Windows directory user rights.

When installing a new site, EPiServer uses the default application pool settings from the IIS creating it’s application pool. In this case, those default settings said that the Identity to use was to be one called TestAdmin. This would have been all fine and good, had it not been for the small detail that there was no such user on the system. Apparently it had been created, used for some sort of testing in the IIS, and then deleted without being removed from usage.

IIS settings for default application pool configuration.

Another thing that may generate this error message is apparently account names being too long; see Jonas Lindau‘s article Getting “Error– is not a valid user or group”, when upgrading?.

ERROR – $accountName is not a valid user or group

An unhandled error has occured:
TestAdmin is not a valid user or group
When executing

At C:\Program Files (x86)\EPiServer\CMS\7.0.586.1\Install\System Scripts\Install Site (No Database).ps1:213 char:16
+ 		Set-EPiAccess <<<<  -FileSystemPath $wizard.Site.SitePath -Grant "[OI][CI]R
" -Identity $accountName

True
=
Get-EPiIsBulkInstalling

An unhandled error has occured:
TestAdmin is not a valid user or group
When executing

At C:\Program Files (x86)\EPiServer\CMS\7.0.586.1\Install\System Scripts\Install Site (No Database).ps1:213 char:16
+ 		Set-EPiAccess <<<<  -FileSystemPath $wizard.Site.SitePath -Grant "[OI][CI]R
" -Identity $accountName

=
Get-EPiIsBulkInstalling

At C:\Program Files (x86)\EPiServer\CMS\7.0.586.1\Install\System Scripts\Install Site (No Database).ps1:213 char:16
+ 		Set-EPiAccess <<<<  -FileSystemPath $wizard.Site.SitePath -Grant "[OI][CI]R" -Identity $accountName
System.Exception: TestAdmin is not a valid user or group ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.NTAccount.Translate( IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at EPiServer.Install.FileSystem.FileSystemInstallationManager .ValidateIdentity(String identity)
   --- End of inner exception stack trace ---
   at EPiServer.Install.FileSystem.FileSystemInstallationManager .ValidateIdentity(String identity)
   at EPiServer.Install.FileSystem.FileSystemInstallationManager .SetAccessRights(String path, String identity, String operation)
   at EPiServer.Install.FileSystem.Cmdlets.SetAccessRightsCmdlet .ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()

Leave a Reply