USMT 脚本失败并返回代码 71答案

【问题标题】：USMT script is failing with Return Code 71USMT 脚本失败并返回代码 71
【发布时间】：2021-11-18 21:25:50
【问题描述】：

我正在编写用于配置文件迁移的 USMT 脚本，并遇到一个问题，当我尝试使用 scanstate.exe 时，它将退出并显示代码 71 -“无法启动。确保您正在以提升的权限运行 USMT”

https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-return-codes#bkmk-returncodes

根据上述站点，解决方法是退出 USMT 并以提升的权限运行。好吧，我正在使用我的域管理员帐户登录并以管理员身份运行 powershell 的管理服务器运行它，但仍然收到此错误消息。我真的不明白我为什么会得到它。

这是我正在使用的脚本：

#Import-Module -Name 'P:\Information Technology\WindowsPowerShell\Scripts\Modules\Write-Log' -Verbose

$PSDefaultParameterValues = @{
     'Write-Log:Label' = 'USMT'
}

function Invoke-USMT {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$SourceComputer,
        [Parameter(Mandatory=$true)]
        [string]$DestinationComputer,
        [Parameter(Mandatory=$true)]
        [string]$UserName,
        [Parameter(Mandatory=$true)]
        [string]$SharePath,
        [Parameter(Mandatory=$true)]
        [string]$USMTFilesPath,
        [Parameter(Mandatory=$true)]
        [string]$Domain,
        [Parameter(Mandatory=$true, HelpMessage='Enter USMT key')]
        [Security.SecureString]$SecureKey,
        [pscredential]$Credential
    )
    
    begin 
    {
        #Test source and destination computers are online
        Write-Host 'Begin function'
        Write-Host 'Attempting to ping source computer'
        if (!(Test-Connection -ComputerName $SourceComputer -Count 2 -ErrorAction Continue))
        {
            Write-Host 'Ping to source computer failed'
            #Write-Log -Message "Count not ping $SourceComputer" -Level "Warning" -File
            Break
        } else {
            Write-Host 'Success'
        }
        Write-Host 'Attempting to ping destination computer'
         if (!(Test-Connection -ComputerName $DestinationComputer -Count 2 -ErrorAction Continue))
        {
            Write-Host 'Ping to destination computer failed'
            #Write-Log -Message "Count not ping $DestinationComputer" -Level "Warning" -File
            Break
        } else {
            Write-Host 'Success'
        }
    }
    
    process 
    {
        #Copy USMT files to remote computers
        Try 
        {
            Write-Host 'Attempting to copy USMT files to source computer'
            #Write-Log -Message "Attempting to copy USMT files to source computer" -File
            Copy-Item -Path $USMTFilesPath -Destination "\\$SourceComputer\C$\USMTFiles" -ErrorAction Stop -Recurse -force -con
            Write-Host 'Attempting to copy USMT files to destination computer'
            #Write-Log -Message "Attempting to copy USMT files to destination computer" -File
            Copy-Item -Path $USMTFilesPath -Destination "\\$DestinationComputer\C$\USMTFiles" -ErrorAction Stop -Recurse -force
        }
        Catch 
        {
            Write-Host $_ + ' - Error'
            #Write-Log -Message '$_' -Level "Error" -File
            Break
        }
        #Enable CredSSP
        Write-Host 'Invoking CredSSP on source computer & passing credentials'
        #Write-Log -Message "Enabling CredSSP on source computer" -File
        Invoke-Command -ComputerName $SourceComputer -Credential $Credential -ScriptBlock {Enable-WSManCredSSP -Role server -Force}
        Write-Host 'Invoking CredSSP on destination computer & passing credentials'
        #Write-Log -Message "Enabling CredSSP on destination computer" -File
        Invoke-Command -ComputerName $DestinationComputer -Credential $Credential -ScriptBlock {Enable-WSManCredSSP -Role server -Force} 
        Write-Host 'Enabling CredSSP on source computer'
        Enable-WSManCredSSP -Role client -DelegateComputer $SourceComputer -Force
        Write-Host 'Enabling CredSSP on destination computer'
        Enable-WSManCredSSP -Role client -DelegateComputer $DestinationComputer -Force 
        
        #Start startscan on source
        Write-Host 'Starting startscan on source computer & passing credentials'
        #Write-Log -Message "Starting startscan on source computer" -File
        Invoke-Command -ComputerName $SourceComputer -Authentication Credssp -Credential $Credential -Scriptblock {
            $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Using:SecureKey)
            $Key = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
            c:\USMTFiles\scanstate.exe "$Using:SharePath\$Using:Username" /i:c:\usmtfiles\printers.xml /i:c:\usmtfiles\custom.xml /i:c:\usmtfiles\migdocs.xml /i:c:\usmtfiles\migapp.xml /v:13 /ui:$Using:Domain\$Using:UserName /c /localonly /encrypt /key:$Key /listfiles:c:\usmtfiles\listfiles.txt /ue:pcadmin /ue:$Using:Domain\*
        } -ArgumentList {$UserName,$SharePath,$SecureKey,$SourceComputer,$Domain}
#
        #Start loadscan on destination
        Write-Host 'Starting loanscan on destination computer  passing credentials'
        #Write-Log -Message "Starting loadscan on destination computer" -File
        Invoke-Command -ComputerName $DestinationComputer -Authentication Credssp -Credential $Credential -Scriptblock {
            $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Using:SecureKey)
            $Key = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
            c:\USMTFiles\loadstate.exe "$Using:SharePath\$Using:Username" /i:c:\usmtfiles\printers.xml /i:c:\usmtfiles\custom.xml /i:c:\usmtfiles\migdocs.xml /i:c:\usmtfiles\migapp.xml /v:13 /ui:$Using:Domain\$Using:username /c /decrypt /key:$Key
        } -ArgumentList {$UserName,$SharePath,$SecureKey,$DestinationComputer,$Domain}

        #Remove USMT files on remote computers
        Write-Host 'Removing USMT files from source computer'
        #Write-Log -Message "Removing USMT files from source computer" -File
        Remove-Item \\$SourceComputer\C$\USMTFiles -Force -Recurse
        Write-Host 'Removing USMT files from destination computer'
        #Write-Log -Message "Removing USMT files from destination computer" -File
        Remove-Item \\$DestinationComputer\C$\USMTFiles -Force -Recurse

        #Disable CredSSP on remote computers
        Write-Host 'Disabling CredSSP on source computer'
        #Write-Log -Message "Disabling CredSSP on source computer" -File
        Invoke-Command -ComputerName $SourceComputer -Credential $Credential -ScriptBlock {Disable-WSManCredSSP -Role server }
        Write-Host 'Disabling CredSSP on destination computer'
        #Write-Log -Message "Disabling CredSSP on destination computer" -File
        Invoke-Command -ComputerName $DestinationComputer -Credential $Credential -ScriptBlock {Disable-WSManCredSSP -Role server }  
        Write-Host 'Disabling CredSSP on client'
        Disable-WSManCredSSP -Role client        
     }
}

这是我得到错误的部分

 #Start startscan on source
        Write-Host 'Starting startscan on source computer & passing credentials'
        #Write-Log -Message "Starting startscan on source computer" -File
        Invoke-Command -ComputerName $SourceComputer -Authentication Credssp -Credential $Credential -Scriptblock {
            $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Using:SecureKey)
            $Key = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
            c:\USMTFiles\scanstate.exe "$Using:SharePath\$Using:Username" /i:c:\usmtfiles\printers.xml /i:c:\usmtfiles\custom.xml /i:c:\usmtfiles\migdocs.xml /i:c:\usmtfiles\migapp.xml /v:13 /ui:$Using:Domain\$Using:UserName /c /localonly /encrypt /key:$Key /listfiles:c:\usmtfiles\listfiles.txt /ue:pcadmin /ue:$Using:Domain\*
        } -ArgumentList {$UserName,$SharePath,$SecureKey,$SourceComputer,$Domain}

我已确保在源计算机和目标计算机上都已启用 Enable-PSRemoting -Force，并且我还确保在管理服务器、源计算机和目标计算机以及将“WSMAN/*.domain.com”添加到服务器列表。

我在网上做了很多搜索并与团队成员进行了交叉检查，但我们对此一无所知。希望大家能有所了解。

powershell中的错误：

【问题讨论】：

标签： windows powershell usmt

【解决方案1】：

由于在脚本块中您使用$using: 的外部变量，因此您无需使用-ArgumentList 参数发送它们。
如果您确实想这样做，请在脚本块中添加一个 param() 块并删除变量的 using: 范围修饰符。

顺便说一句，-ArgumentList 接受一个值数组，而不是脚本块，我在第二个示例中省略了 $SourceComputer 变量，因为脚本块不使用它。

试试这个：

Invoke-Command -ComputerName $SourceComputer -Authentication Credssp -Credential $Credential -Scriptblock {
    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Using:SecureKey)
    $Key = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
    c:\USMTFiles\scanstate.exe "$Using:SharePath\$Using:Username" /i:c:\usmtfiles\printers.xml /i:c:\usmtfiles\custom.xml /i:c:\usmtfiles\migdocs.xml /i:c:\usmtfiles\migapp.xml /v:13 /ui:$Using:Domain\$Using:UserName /c /localonly /encrypt /key:$Key /listfiles:c:\usmtfiles\listfiles.txt /ue:pcadmin /ue:$Using:Domain\*
}

或：

Invoke-Command -ComputerName $SourceComputer -Authentication Credssp -Credential $Credential -Scriptblock {
    param(
        $UserName,
        $SharePath,
        $SecureKey,
        $Domain
    )
    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecureKey)
    $Key = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
    c:\USMTFiles\scanstate.exe "$SharePath\$Username" /i:c:\usmtfiles\printers.xml /i:c:\usmtfiles\custom.xml /i:c:\usmtfiles\migdocs.xml /i:c:\usmtfiles\migapp.xml /v:13 /ui:$Domain\$UserName /c /localonly /encrypt /key:$Key /listfiles:c:\usmtfiles\listfiles.txt /ue:pcadmin /ue:$Domain\*
} -ArgumentList $UserName,$SharePath,$SecureKey,$Domain

【讨论】：

谢谢，我在那里使用了第二组，这解决了我的问题并且效果很好！
@Caleb 感谢您的反馈！