Installation Error while registering admin user with domain account

(Emil) #1

Installation failed with following errors. For authentication mode I selected Active Directory -> Select User -> selecte my domain account from the pop-up dialog.


UPDATE: Actually, by going back in the setup wizard and selecting “Username/password stored in Octopus” produces identical error. I wonder if this is related to Active Directoty related components expected to be on the machine?
I am trying to install it on Windows Server 2012R2 version.

Updating config for OctopusIDConfiguration, with id authentication-octopusid
Creating or modifying administrator 'MyUser@corp.domain.net'
Error: ===============================================================================
Error: The specified directory service attribute or value does not exist.
Error: 
Error: System.Runtime.InteropServices.COMException
Error:    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
Error:    at System.DirectoryServices.DirectoryEntry.Bind()
Error:    at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
Error:    at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
Error:    at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
Error:    at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
Error:    at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
Error:    at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
Error:    at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
Error:    at System.DirectoryServices.AccountManagement.PrincipalContext.ContextForType(Type t)
Error:    at System.DirectoryServices.AccountManagement.Principal.set_UserPrincipalName(String value)
Error:    at Octopus.Server.Extensibility.Authentication.DirectoryServices.DirectoryServices.UserMatcher.Match(String name, CancellationToken cancellationToken)
Error:    at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
Error:    at System.Linq.Enumerable.FirstOrDefault[TSource](IEnumerable`1 source, Func`2 predicate)
Error:    at Octopus.Server.Commands.AdminCommand.AddAdminUser(IRelationalTransaction transaction, Mode mode, CancellationToken cancellationToken) in AdminCommand.cs:line 205
Error:    at Octopus.Server.Commands.AdminCommand.Start() in AdminCommand.cs:line 109
Error:    at Octopus.Shared.Startup.AbstractCommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions)
Error:    at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown)
Error:    at Octopus.Shared.Startup.OctopusProgram.RunHost(ICommandHost host)
Error:    at Octopus.Shared.Startup.OctopusProgram.Run()
Error: -------------------------------------------------------------------------------
Error: Terminating process with exit code 100
Error: Full error details are available in the log files at:
Error: C:\Users\MyUser\AppData\Local\Octopus\Logs
Error: D:\Octopus\Logs
Error: If you need help, please send these log files to https://octopus.com/support
Error: -------------------------------------------------------------------------------
Error: 
Error: The previous command returned a non-zero exit code of: 100
Error: The command that failed was: "D:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" admin --instance "OctopusServer" --username "MyUser@corp.domain.net" --email "user.name@corp.com"
Deregistered OctopusServer from the database.
Deleted instance: OctopusServer

Many Thanks,
Emil

(Shannon Lewis) #3

Hi Emil,

Thanks for getting in touch and sorry to hear you’re having trouble with the install. Best I can tell at the moment that error is coming from this line, and seems to be indicating that the AD doesn’t have UPN configured in the schema, which seems very odd. Two things I can think of at this point, firstly could you double check that there are UPNs in AD? (given the username format I’d be surprised if there isn’t, but lets be certain). Second, I think this can happen if the user this code is running as doesn’t have permission into AD, I assume the server is domain joined? Are you logged in to it as a local user or your domain user?

When the admin command runs via the wizard it runs as the interactive user, not the one the Octopus server service necessarily ends up running under so this could be playing in to it.

Also, when you switched back to username/password, the AD (DirectoryServices) Authentication provider would still remain enabled (it isn’t a toggle like in early versions of Octopus, they can both be enabled at once).

If you were to run octopus.server.exe config --activeDirectoryIsEnabled=false then the check that’s causing the error would not run. You could then login with U/P and enable AD again and connect your AD Login to your account.

Hope that helps and please let me know how you go.

Regards
Shannon

(Emil) #4

Hi Shannon,

thank you for your response.

I am logged on as a domain user indeed, the eror is certainly caused by luck of AD read permissions. The domain is part of large corporate environment and my account does not have any AD permissions. I guess this is something the installation code could handle gracefully…?

On another note restarting the wizard requires the master key and your help page does not cover situation where the Octopus Manager can not be used to view the key (since install has not finished) and the command line option does not work because there is no existing instance :slight_smile:
My workaround was to delete the database!

It would be nice if I could modify the installation script inside the setup wizard in the pop-up window after clicking “Show Script”. This is where I wanted to add the suggested argument --activeDirectoryIsEnabled "False" on the line with the octopus.server.exe configure command in order to bypass the code that causes the error. I had to copy the script, modify it and run it outside the wizard as I couldn’t modify it in place. The installation run without error this time :joy:

Yet again, thank you for your help!
Emil

(Shannon Lewis) #5

Glad to hear you got it working. A long time ago the auth modes toggled in the wizard, if you selected U/P then AD wouldn’t be enabled. While server itself can have both enabled at once now we may be better to have the wizard disable AD again if you go back and select U/P.

I’ll feed that back to the team.

Regards
Shannon