Getting Powershell and UNC home dir working

Clay_Lenhart · 13 February 2019 17:31

Posting this in case others run into problems using UNC path to store octopus’s home directory on a UNC path.

O: drive, for me, is mapped to an Azure File storage, like “mystorageaccount.file.core.windows.net”. (Which I wouldn’t use drive letters – doesn’t seem to survive reboots)

I got the error below (key part is “AuthorizationManager check failed”)

15:41:48 Verbose | Starting C:\windows\system32\WindowsPowershell\v1.0\PowerShell.exe in working directory ‘O:\Octopus\Work\20190213154147-167-2’ using ‘OEM United States’ encoding running as ‘NT AUTHORITY\SYSTEM’ with the same environment variables as the launching process
15:41:48 Error | . : AuthorizationManager check failed.
15:41:48 Error | At line:1 char:39
15:41:48 Error | + … Stop’; . {. ‘O:\Octopus\Work\20190213154147-167-2\Bootstrap.ps1’ -var …
15:41:48 Error | + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 15:41:48 Error | + CategoryInfo : SecurityError: ( [], ParentContainsErrorRecord 15:41:48 Error | Exception
15:41:48 Error | + FullyQualifiedErrorId : UnauthorizedAccess
15:41:48 Verbose | Process C:\windows\system32\WindowsPowershell\v1.0\PowerShell.exe in O:\Octopus\Work\20190213154147-167-2 exited with code 1
15:41:48 Verbose | Updating manifest with output variables
15:41:48 Verbose | Updating manifest with action evaluated variables
15:41:48 Fatal | The remote script failed with exit code 1
15:41:48 Fatal | The action test on the Octopus Server failed

To fix this, put the UNC on “Intranet” settings, described here:
https://social.technet.microsoft.com/Forums/office/en-US/341f542d-1527-47f6-9964-7b8aadc79d0d/quotopen-file-security-warningquot-on-domainbased-dfs-namespacehosted-shares?forum=winserverfiles
It says to open the Group Policy Editor and go to “User Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List”, then under “Site to Zone Assignment List” add a mapping from the network share “mystorageaccount.file.core.windows.net” to “1”.
Do this for both the Computer and User settings.

Alex.Rolley · 14 February 2019 05:12

Hi Clay,

Thanks for providing this information, hopefully it will be useful!

Regards,
Alex

Raymond · 16 July 2021 12:06

Hello Clay_Lenhart, my friend,

You just saved my day! I’ve been trying al kinds of possible solutions (from this forum and beyond) to get my websites to successfully deploy to shared storage (in my case it was a storage device in my network).

The only thing that worked on my WS2016 Tentacle machine was your solution, to add the machine name to both group policy settings you mentioned.

Big thank you!

Cheers,
Raymond