Error installing Octopus Deploy Server using Active Directory authentication

ed_fitch · 22 February 2014 01:05

I get the following error when attempting to install Octopus Deploy Server with user authentication set to Active Directory. Note that the ‘admin_user’ account is valid in our Active Directory and was used to log onto the Windows Server 2008 R2 server to install Octopus.

A fatal exception occurred
System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
   at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
   at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
   at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
   at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
   at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
   at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
   at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
   at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
   at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
   at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetOrCreateUser(String username, Boolean& wasCreated) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 90
   at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetOrCreateUser(String username) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 79
   at Octopus.Server.Commands.AdminCommand.Start() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Commands\AdminCommand.cs:line 77
   at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36
-------------------------------------------------------------------------------
Error: The previous command returned a non-zero exit code of: 100
Error: The command that failed was: "C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" admin --instance="OctopusServer" --username="admin_user" --wait="5000"
Deleted instance: OctopusServer

Paul_Stovell · 25 February 2014 07:13

Hi Ed,

I’m not sure why this happened. We use the following method to try and find information about the user account:

http://msdn.microsoft.com/en-us/library/bb383475(v=vs.110).aspx

Is it possible that admin_user isn’t in the default users container, i.e., CN=Users? We don’t specify a particular domain context to search so this could be why it fails.

Paul

Werner · 28 June 2014 20:51

Hi,

getting the same error. After a lot of reading it seems to be due to access rights. We are on very elaborate and locked down enterprise network. I wrote a little sample app and I cant even do “UserPrincipal.Current” without getting the same error.

As detailed in the article below we need the ability to specify the AD domain and containers since we will never have read access to enable the query to walk the full AD tree to find the user we are interested in.

Vanessa_Love · 30 June 2014 04:46

Hi Werner,

Thanks for the reply.

I have created an issue in GitHub, you can track it here: https://github.com/OctopusDeploy/Issues/issues/1030
We will try to make some improvements and get this resolved for you and people in the same situation.

Vanessa

jammer · 3 July 2014 16:33

Yeah I’m seeing this as well. Any work around yet? I’m stuffed with no deployments without this!

Vanessa_Love · 4 July 2014 00:55

Hi James,

Unfortunately there is no work around for this at the moment.
It is also not going to be a quick fix on our end as it’s quite complicated.

Sorry for the crappy news,
Vanessa

jammer · 4 July 2014 08:21

Yeah, I ended up going with a username password combination. From my own work with AD it’s far from straightforward!

joakim_westin · 17 December 2014 14:19

Add me to the list of users who wish there will be a fix for this!

Mark_McDowell · 23 January 2015 12:15

Same for use, would be much nicer to be able to use AD.

joakim_westin · 23 January 2015 16:22

After some more digging around I found this gem:

Octopus.exe configure --activeDirectoryContainer "CN=Users,DC=GPN,DC=COM"

This seems as if this simple command will give you the possibility of using another default container from Active Directory to validate users.

I have tested this only briefly but I was able to login with AD credentials in a non standard container.

So probably this is something that should be added to the installation documentation and then this thread could be closed?

Mark_McDowell · 27 January 2015 14:42

Yep that did it, along with getting our user permissions to query active directory.