I am getting “AuthorizationManager check failed” error when Octopus runs “Octopus.Features.IISWebSite_BeforePostDeploy.ps1” script.
Please bear in mind I am deploying contents of my site on a network share, I don’t get this error when I deploy files locally on servers.
In my setup the Octopus service on tentacle is running under custom account which is a domain admin. I can also confirm that ExecutionPolicy on Tentacle is set to “Unrestricted”
I will highly appreciate if you can help me in resolving this issue.
Sorry for delayed response I was on annual leave last week.
I have tried creating Powershell profiles both for Current User and All Host All User on my Server and Tentacle. unfortunately it did not helped, I am still getting the same error. I can also confirm WMI service is running.
Thanks for the reply. Honestly, we don’t know the answer to this, and haven’t seen it before.
If you log in to the Tentacle machine as this custom domain account user, and open PowerShell.exe, and attempt to copy files to that path via PowerShell, do you get a similar error?
Error 16:12:25
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
Error 16:12:25
+ FullyQualifiedErrorId : UnauthorizedAccess
Warning 16:12:26
The script returned an exit code of 0, but output was written to the error output stream. Please investigate any errors in the script output above.
Do you know what Bootstrap.29157d52-724e-454b-b818-40945… is?
We are at the moment evaluating Octopus for our production environment, it will be great if I can get a quick response, it will help us in reaching a decision on licensing Octopus Deploy.
Kind regards,
Rafid Haroon
Online Systems Support Team Leader, Group IT
T: +44 20 8996 7867 | M: +44 7901 108907
From: Rafid Haroon
Sent: 31 December 2014 11:16
To: 'Paul Stovell'
Subject: RE: AuthorizationManager check failed when using Network Share [Problems #28417]
Hi Paul,
Thanks for your reply. I have tried what you suggested below, I did not got any errors. File were copied successfully while logged in as domain user.
Kind regards,
Rafid Haroon
Online Systems Support Team Leader, Group IT
As Paul mentioned, we do not know what is causing the issue. It is unfortunately environmental. Doing Google searches of the error show that many people outside of Octopus get this error when trying to run PowerShell. You could try running Tentacle as a different user and seeing if this helps with the error and may allow you to track it down. http://docs.octopusdeploy.com/display/OD/Running+Tentacle+under+a+specific+user+account+for+use+in+Powershell
There is just no setting or change in Octopus that you can make to take away the error as it is with the server and its configuration.
To answer your question, when we run the powershell scripts we recreate them under the user to run them and give them temporary names such as Bootstrap.29157d52-724e-454b-b818-40945
I have already tried running Octopus under domain user account (admin) and the execution policy on server is Unrestricted.
What I don’t understand is that why in the same Process step ‘Pre-Deployment’ scripts works just fine but ‘Post-Deployment’ scripts throws ‘AuthorizationManager Check Failed’ error. Can you please explain what is the difference between two?
Kind regards,
Rafid Haroon
Online Systems Support Team Leader, Group IT
Sorry for the delay in answering your question. Pre-deploy scripts run from the folder the package is extracted to. Post-deploy scripts run from the folder the files are moved to.
So they are running under different policies as one is from the file share in your case.
I think I understand why I am getting AuthorizationManager error, we are deploying our files on a network share and when Octopus run post deploy scripts it is running them from a share and it seems like is unable to connect to Tentacle from share.
I tried using to elevate powershell session by running
Start-Process powershell -Verb runAs Administrator
command but that didn’t worked and threw same error, probably because the script is generated on fly and encounters a problem before it could run my code.
Perhaps if you can add a feature in Octopus to run PS scripts (Pre-Deploy, Post-Deply etc) via custom account then we might be able to get rid of this error.
Kind regards,
Rafid Haroon
Online Systems Support Team Leader, Group IT
We allow you to change the user that Tentacle runs under, but it is unlikely we are going to allow individual user accounts for specific PowerShell scripts.
No Jaco I was not able to resolve it, however I have found a way around it which is bit long winded but works. It would be nice if Octopus can resolve this issue.
Kind regards,
Rafid Haroon
Online Systems Support Team Leader, Group IT
We ran into this issue (or a very similar one) when the powershell scripts were “blocked” by windows due to downloading them as part of a zip file from the internet. We fixed it by right clicking on the zip file, and picking “unblock”, and re-extracting.