SharePoint passphrase recovery
Was doing a Service Pack upgrade on a SharePoint installation and hit an unexpected error:
Unable to create a Service Connection Point in the current Active Directory domain. Verify that the SharePoint container exists in the current domain and that you have rights to write to it.
Microsoft.SharePoint.SPException: The object LDAP://CN=Microsoft SharePoint Products,CN=System,DC=xxx,DC=com doesn’t exist in the directory.
This seemed odd - I’d just completed the same process on a different environment and didn’t hit the same issue. And after checking with one of the domain admins… confirmed that this container does not exist at all. So it seems it’s a spurious issue.
I suspect this is yet another place where running PSConfig varies between the UI client and the CLI. Because, by running PSConfig from the CLI, I was able to complete the upgrade. With one small issue.
The command you need is:
psconfig.exe -cmd upgrade -inplace v2v -passphrase
-wait
But the issue here is you need your passphrase - that’s right, the passphrase you created when you installed the environment. I mean, of course, this was all properly documented and available and easy to track down… but that wouldn’t make an interesting blog post! The good news is, it’s easy to change the passphrase, so that you can then complete the upgrade:
$passphrase = ConvertTo-SecureString -String "mynewpassword" -asPlainText -ForceSet-SPPassPhrase -PassPhrase $passphrase -Confirm
The only condition here is that the new password needs to meet certain criteria:
- At least 8 characters
- A capital letter
- A number
- A special char
I’m not 100% sure if this is a SharePoint restriction or based on the AD policy.
Anyway, after changing the passphrase, and of course, ahem, updating the documentation… the upgrade completed.