Failed deployments - permission denied error

Hi

We have started getting a lot of failed deployments to our dev web servers. The logs indicate a permissions issue, see below:

I’ve got our server guys to add in an exclusion to the C:\Octopus\Work folder for Sophos so that it doesn’t monitor it. Thought that would fix it but not. My next thought was has recent windows updates caused this. I don’t know. I’ve got the guys to rollback the most recent set of updates on a couple of our web server to see if things improve but they haven’t.

Wondering if anyone else is experiencing this problem and, if they have, have they found a solution. We’re using version 2019.9.10.

Thanks

Gavin

Hi Gavin,

Thanks for getting in touch!

My initial thoughts on this would be either anti-virus or an issue with the user that the tentacle service runs under.

Whilst not a solution, it would be useful if the anti-virus could be disabled entirely on one of the servers whilst you run one of these deployments to see if it makes any difference. If the error still occurs whilst the AV is completely disabled, it would be safe to rule that out.

The other option to try would be to check what user the tentacle runs under, and perhaps try changing it one with elevated permissions to see if the issue is located there. This page covers the steps involved for this: https://octopus.com/docs/infrastructure/deployment-targets/windows-targets/running-tentacle-under-a-specific-user-account

I hope this helps narrow down the issue.

Best regards,
Paul

Hi Paul,

Thanks for your reply. Apologies for my delay in replying, only just back in work after the holidays.

I’ve had to raise a change request to get the AV uninstalled on one of the dev web servers. Will be chasing this up today. in the meantime I have changed the account that the tentacle runs under to a domain account that has domain admin rights. I will keep an eye on today’s deployments to see if that makes a difference.

Regards,

Gavin

1 Like

Hello, we have been running into this exact issue frequently lately (Access Denied when trying to run Powershell scripts). We are running Octopus v2019.12.7 LTS. We also use Sophos and believe it to be a problem there. Our latest deployment attempt failed 6 times with this error until it finally succeeded on the 7th attempt - I am not sure why it sometimes fails and sometimes works.

Does anyone have experience configuring Sophos to avoid this error? Otherwise, are the only suggestions to disable anti-virus or to run the Tentacle with elevated permissions?

Thanks,
Ryan

Hi Ryan,

Thanks for getting in touch!

I’ve had users try various combinations of folder exclusions to try and resolve this with limited success. Most have had to resort to elevated permissions or, as a last resort, disabling the AV.

It would be worth contacting Sophos directly as they may be able to provide a different solution.

Regards,
Paul

Hi,

I’ve checked with the guys who look after Sophos and this is what they came back to me with:


There were a number of things we did.

The main one I believe was this:

  1. Disable “Detect Malicious Behavior Policy”, the steps to disable this setting in Sophos Enterprise Console is outlined in the following article in step 6:

https://docs.sophos.com/esg/enterprise-console/5-5/help/en-us/esg/Enterprise-Console/tasks/Detect_malicious_behavior.html

The other thing we did was this:

Octopus Policy to be created: (3145214-Octopus)
Folder: C:\Octopus
Folder: C:\Windows\System32\WindowsPowerShell
Process: powershell.exe


Hope that helps you get a resolution.

Regards,

Gavin

Hi Gavin,

That’s great, thanks for checking and sharing the details.

Regards,
Paul