Octopus Deploy to GAC

I am running a Tentacle in an on-prem server under a service account that has local admin rights.

When the deployment executes a Powershell script to install to the GAC, an error is thrown: " Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))."

I am not able to uninstall stale assemblies from the GAC and I am not able to add new ones because of the security exception.

I’ve tried adding the Tentacle user to C:\windows\assembly with full rights but get an “access denied” exception.

The Powershell script runs fine when run from the prompt.

The GAC is a horrible idea that causes more problems than it solves, but I’ve to use it because of a constraint.

Anyone have ideas for solving the permissions issue?

Hi @iancwright,

Thank you for contacting Octopus Support. I’m sorry you are having this issue.

I hope you don’t mind, I have a few clarifying questions:

  • Are you able to run the Powershell script, outside of Octopus, successfully on that machine under the same account?
  • What version of Octopus are you running?
  • What Tentacle version?
  • Is the working directory for the Tentacle white-listed in your anti-virus?

One other thing you can try is to run Process Monitor on the Tentacle’s machine and watch that while attempting to deploy. It may be helpful to do this while running the script both from the Octopus deployment as well as running it manually on the Tentacle’s machine.

I look forward to hearing back from you.

Regards,
Donny

I cannot verify with the service account. It doesn’t have RDP rights and I don’t manage it.

Other Powershell scripts work fine though. Ex:

New-Item -Path ‘C:\temp\octotest’ -ItemType Directory;

This creates the test folder in the process.

It’s just that any attempts to modify the assembly folder via the Gac Powershell module doesn’t work. Ditto for the vanilla system assembly used to deploy to servers (not using Gac module); this approach doesn’t blow up anything but it doesn’t work either. Silently fails.

Octopus version: 2019.9.10 LTS
Tentacle is 5.0.12.0

Thanks.

Hi @iancwright,

Thank you for getting back to me.

Silent fails are often indicative of anti-virus getting in the way. I would recommend coordinating access to this machine to verify if that is the case or not.

Let me know if anything comes up once you get a chance to test.

Regards,
Donny

Le sigh. Did you ready anything I typed?

Hi @iancwright,

Thank you for getting back to me. I apologize for the frustration this issue is giving you.

I understand that you do not currently have access to the target machine. Without access to the local machine where the Powershell scripts are being executed, our path for troubleshooting is cut off. I hope you are able to gain access, test the script locally, and make sure that the Tentacle working folders are white-listed in the anti-virus.

If you have any additional questions about this or anything else, please let us know.

Regards,
Donny