Getting Powershell and UNC home dir working


(Clay Lenhart) #1

Posting this in case others run into problems using UNC path to store octopus’s home directory on a UNC path.

O: drive, for me, is mapped to an Azure File storage, like “mystorageaccount.file.core.windows.net”. (Which I wouldn’t use drive letters – doesn’t seem to survive reboots)

I got the error below (key part is “AuthorizationManager check failed”)

15:41:48 Verbose | Starting C:\windows\system32\WindowsPowershell\v1.0\PowerShell.exe in working directory ‘O:\Octopus\Work\20190213154147-167-2’ using ‘OEM United States’ encoding running as ‘NT AUTHORITY\SYSTEM’ with the same environment variables as the launching process
15:41:48 Error | . : AuthorizationManager check failed.
15:41:48 Error | At line:1 char:39
15:41:48 Error | + … Stop’; . {. ‘O:\Octopus\Work\20190213154147-167-2\Bootstrap.ps1’ -var …
15:41:48 Error | + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 15:41:48 Error | + CategoryInfo : SecurityError: (:slight_smile: [], ParentContainsErrorRecord 15:41:48 Error | Exception
15:41:48 Error | + FullyQualifiedErrorId : UnauthorizedAccess
15:41:48 Verbose | Process C:\windows\system32\WindowsPowershell\v1.0\PowerShell.exe in O:\Octopus\Work\20190213154147-167-2 exited with code 1
15:41:48 Verbose | Updating manifest with output variables
15:41:48 Verbose | Updating manifest with action evaluated variables
15:41:48 Fatal | The remote script failed with exit code 1
15:41:48 Fatal | The action test on the Octopus Server failed

To fix this, put the UNC on “Intranet” settings, described here:
https://social.technet.microsoft.com/Forums/office/en-US/341f542d-1527-47f6-9964-7b8aadc79d0d/quotopen-file-security-warningquot-on-domainbased-dfs-namespacehosted-shares?forum=winserverfiles
It says to open the Group Policy Editor and go to “User Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List”, then under “Site to Zone Assignment List” add a mapping from the network share “mystorageaccount.file.core.windows.net” to “1”.
Do this for both the Computer and User settings.


#3

Hi Clay,

Thanks for providing this information, hopefully it will be useful!

Regards,
Alex