Missing permission: EnvironmentView

Hi OctoPeps,
i have created Octodeploy using Active Directory. i logged onto the server with a service account with admin rights to create the Octo instance. When i logged in to the application from the very start, i dont see any administrative options. if i click Configure Dashboard, i get the error “You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: EnvironmentView”

this is the following log detail in the OctopusServer.txt file
2016-12-20 11:28:04.9011 1 INFO ==== Configure command starting ====
2016-12-20 11:28:04.9231 1 INFO Home directory set to: E:\Octopus Deploy\Data
2016-12-20 11:28:04.9381 1 INFO Storage connection string set to: Data Source=SQL-OctoDeploy-Sys;Initial Catalog=OctoDeploySys;Integrated Security=True
2016-12-20 11:28:05.0062 1 INFO Allow checking for upgrades: False
2016-12-20 11:28:05.0062 1 INFO Include usage statistics: False
2016-12-20 11:28:05.0342 1 INFO Web force SSL: False
2016-12-20 11:28:05.0342 1 INFO Web listen prefixes: http://localhost:80/
2016-12-20 11:28:05.0342 1 INFO Comms listen port: 10943
2016-12-20 11:28:05.0502 1 INFO Server Node name set to: APP82SC0N0W
2016-12-20 11:28:05.0502 1 INFO Master key set
2016-12-20 11:28:05.4706 1 INFO Beginning database upgrade
2016-12-20 11:28:05.4706 1 INFO Fetching list of already executed scripts.
2016-12-20 11:28:05.4946 1 INFO No new scripts need to be executed - completing.
2016-12-20 11:28:05.4946 1 INFO Beginning database upgrade
2016-12-20 11:28:05.5216 1 INFO Executing SQL Server script ‘Octopus.Core.UpgradeScriptsRepeatable.Script0000 - Refresh Views.sql’
2016-12-20 11:28:05.5686 1 INFO Upgrade successful
2016-12-20 11:28:05.9560 1 INFO Updating config for UsernamePasswordConfiguration, with id authentication-usernamepassword
2016-12-20 11:28:05.9560 1 INFO Octopus username/password authentication IsEnabled set, based on webAuthenticationMode=Domain, to: False
2016-12-20 11:28:05.9770 1 INFO Updating config for GoogleAppsConfiguration, with id authentication-googleapps
2016-12-20 11:28:05.9860 1 INFO Octopus googleApps authentication IsEnabled set to false, based on webAuthenticationMode=Domain
2016-12-20 11:28:05.9860 1 INFO Updating config for DirectoryServicesConfiguration, with id authentication-directoryservices
2016-12-20 11:28:06.0040 1 INFO Active directory IsEnabled set, based on webAuthenticationMode=Domain, to: True
2016-12-20 11:28:06.0170 1 INFO Updating config for AzureADConfiguration, with id authentication-aad
2016-12-20 11:28:06.0170 1 INFO Octopus azureAD authentication IsEnabled set to false, based on webAuthenticationMode=Domain
2016-12-20 11:28:06.0500 1 INFO ==== Configure command completed ====
2016-12-20 11:28:08.6871 1 INFO Database already exists
2016-12-20 11:28:11.2321 1 INFO Beginning database upgrade
2016-12-20 11:28:11.2321 1 INFO Fetching list of already executed scripts.
2016-12-20 11:28:11.2571 1 INFO No new scripts need to be executed - completing.
2016-12-20 11:28:11.2571 1 INFO Beginning database upgrade
2016-12-20 11:28:11.2802 1 INFO Executing SQL Server script ‘Octopus.Core.UpgradeScriptsRepeatable.Script0000 - Refresh Views.sql’
2016-12-20 11:28:11.3272 1 INFO Upgrade successful
2016-12-20 11:28:11.9747 1 INFO Done.
2016-12-20 11:28:14.9901 1 INFO Beginning database upgrade
2016-12-20 11:28:14.9951 1 INFO Fetching list of already executed scripts.
2016-12-20 11:28:15.0141 1 INFO No new scripts need to be executed - completing.
2016-12-20 11:28:15.0141 1 INFO Beginning database upgrade
2016-12-20 11:28:15.0381 1 INFO Executing SQL Server script ‘Octopus.Core.UpgradeScriptsRepeatable.Script0000 - Refresh Views.sql’
2016-12-20 11:28:15.0882 1 INFO Upgrade successful
2016-12-20 11:28:15.7937 1 ERROR The license is not compatible with this version of Octopus deploy. Visit http://g.octopushq.com/LicenseUpgrade to check your eligibility for an automatic license upgrade.
2016-12-20 11:28:18.4038 1 INFO Service installed
2016-12-20 11:28:18.4258 1 INFO Service reconfigured
2016-12-20 11:28:18.4258 1 INFO Granting log on as a service right to xxxxx\svcOctoDeplyWinTst
2016-12-20 11:28:18.4529 1 INFO Service credentials set
2016-12-20 11:28:19.2835 1 INFO Waiting for service to start. Current status: StartPending
2016-12-20 11:28:19.5878 1 INFO Waiting for service to start. Current status: Running
2016-12-20 11:28:19.8920 1 INFO Service started
2016-12-20 11:28:21.2050 7 INFO Listening for HTTP requests on:
http://localhost:80/
2016-12-20 11:28:21.2050 7 INFO The Octopus server is starting: Initializing database and performing migrations…
2016-12-20 11:28:21.2521 7 INFO Beginning database upgrade
2016-12-20 11:28:21.2521 7 INFO Fetching list of already executed scripts.
2016-12-20 11:28:21.2741 7 INFO No new scripts need to be executed - completing.
2016-12-20 11:28:21.2781 7 INFO Beginning database upgrade
2016-12-20 11:28:21.2961 7 INFO Executing SQL Server script ‘Octopus.Core.UpgradeScriptsRepeatable.Script0000 - Refresh Views.sql’
2016-12-20 11:28:21.3431 7 INFO Upgrade successful
2016-12-20 11:28:21.7495 7 INFO The Octopus server is starting: initializing extensions…
2016-12-20 11:28:21.7805 7 INFO Authentication provider Active Directory is enabled
2016-12-20 11:28:21.8025 7 INFO The Octopus server is starting: Starting message distributor…
2016-12-20 11:28:21.8926 7 INFO listen://[::]:10943/ 7 Listener started
2016-12-20 11:28:21.9046 7 INFO The Octopus server is starting: Starting task scheduler…
2016-12-20 11:28:22.2198 7 INFO The Octopus server is starting: Starting task queue…
2016-12-20 11:28:22.2509 7 INFO Web server is ready to process requests
2016-12-20 11:28:22.2639 7 INFO The Windows Service has started
2016-12-20 11:28:25.1061 3 INFO Request took 1546ms: GET http://app82sc0n0w/api/serverstatus
2016-12-20 11:28:56.8513 13 WARN You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: EnvironmentView (svcOctoDeplyWinTst@ad.xxxxx.com.au requesting http://localhost/api/environments/all)
2016-12-20 11:29:22.5116 18 INFO Running System Integrity Check
2016-12-20 11:29:22.6878 18 INFO Completed System Integrity Check. Overall Result: Passed
2016-12-20 11:31:12.4107 4 WARN You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: EnvironmentView (svcOctoDeplyWinTst@xxxxx.com.au requesting http://localhost/api/environments/all)
2016-12-20 11:33:00.7523 6 INFO External groups invalidated for user: svcOctoDeplyWinTst@xxxxx.com.au
2016-12-20 11:33:16.4533 6 INFO External groups invalidated for user: admin
2016-12-20 11:33:41.8594 6 WARN Principal ‘svcOctoDeplyWinTst@xxxxx.com.au’ (Domain: ‘’) could not be logged on via WIN32: 0x0000052E.
System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect
2016-12-20 11:34:06.5193 4 WARN You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: EnvironmentView (svcOctoDeplyWinTst@xxxxx.com.au requesting http://app82sc0n0w/api/environments/all)
2016-12-20 11:38:18.4658 19 WARN You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: EnvironmentView (svcOctoDeplyWinTst@xxxxx.com.au requesting http://localhost/api/environments/all)

any assistance would be greatly appreciated.

octodeply_Environmentview_missing_permission.png1615×295 13.5 KB

Hi there,

Thanks for getting in touch!

I’m guessing that the account you’ve logged in with is not an administrator.

Unfortunately, I dont have a domain handy that I can test with, but you should just be able to make the user an administrator via:

Octopus.Server.exe service --stop
Octopus.Server.exe admin --username=YOURUSERNAME
Octopus.Server.exe service --start

and then you’ll be able to use that to setup permissions for other users. For more information, you can read about it here

Hope that helps!

Matt

Thanks for your hastey response Matt,

The account i have created was an administrator account. i tried following your instructions by making it administrator however it didnt do anything. i also tried to set other accounts as administrator too and it also failed to do the trick.

if i try logging in by entering the service account user name and password, i get the following error.

if i click on sign in with a domain account i still get the enviromentview missing permission error.

octodeply_service_account2.png1648×1004 21.8 KB

Hi there,

Just to confirm, this is using a system service account, not an Octopus service account?

Looking at the log below, I’m seeing:

Principal 'svcOctoDeplyWinTst@xxxxx.com.au' (Domain: '') could not be logged on via WIN32: 0x0000052E.
System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect

Was this a case of a mistyped password?

Can you let me know what version of Octopus you are using? We’ve made a lot of improvements around authentication recently, so there’s a good chance that error message has been improved.

To get you up and going, can you try enabling internal username/password login, and create yourself a new temporary admin user:

Octopus.Server.exe service --stop
Octopus.Server.exe configure --usernamePasswordIsEnabled=true
Octopus.Server.exe admin --username=XXX --password=YYY
Octopus.Server.exe service --start

(Create a new user here, not one with the same name as a domain user)

This should get you to login, and you’ll be able to grant appropriate permissions to other accounts.

Let me know how you go with that.

Regards,
Matt

Hi Matt, thanks for your reply.
i have set it up as system service account. i confirmed with the guys who set up the service account and they have advised the account does have admin to run this. password is correct as i have uninstalled it and reinstalled it few times and still comes up with the same errors.

the version i currently have installed is 3.5.2.

Looks like that creating admin account seemed to have worked. i had troubles understanding how it linked to AD. Clicking on the Sign on using domain account automatically created an account, and using the internal admin account i was able to assign users as administrators.
thanks for your help matt

Hi there

Glad to hear that its worked. I’d highly recommend upgrading to the latest, as we have fixed a lot of bugs around authentication since 3.5.2 was released.

Also, if you haven’t already done it, you should probably disable the username/password authentication:

Octopus.Server.exe service --stop
Octopus.Server.exe configure --usernamePasswordIsEnabled=false
Octopus.Server.exe service --start

and delete/disable the temporary admin user you created as well.

Glad we got there in the end!

Happy deployments!

Matt

Hi,
We had this same issue when we did a clean install of Octopus Deply latest version 3.11.10 with AD Authentication.
This tric solved it for us too.
So maybe there still is some issue in the authentication corner?
regards, Stefan

Hi Stefan,

Thanks for getting in touch. Sorry for not getting back to you, I didn’t see your comment on this ticket.

There was an unspoken assumption that people should setup a normal admin user first, before configuring AD authentication, which in hindsight wasn’t obvious. We’ve updated the documentation - https://octopus.com/docs/administration/authentication-providers/azure-ad-authentication#getting-permissions - to make this clearer.

Happy deployments!

Regards,
Matt