Hi,
I’ve just done a fresh install of 2020.1.15 onto Windows Server 2016. I created a new local account (with no additional permissions) to run the Octopus Server service. I followed the first 3 instructions from https://octopus.com/docs/installation/permissions-for-the-octopus-windows-service and set the account as sysadmin in the database server.
I could not find out how to set the remaining permissions using sc and netsh.
With these set the service will start and then immediately crash with this exception trace:
Microsoft.AspNetCore.Server.HttpSys.HttpSysException (5): Access is denied.
at Microsoft.AspNetCore.Server.HttpSys.UrlGroup.RegisterPrefix(String uriPrefix, Int32 contextId)
at Microsoft.AspNetCore.Server.HttpSys.UrlPrefixCollection.RegisterAllPrefixes(UrlGroup urlGroup)
at Microsoft.AspNetCore.Server.HttpSys.HttpSysListener.Start()
at Microsoft.AspNetCore.Server.HttpSys.MessagePump.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.WebHost.StartAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.WebHost.Start()
at Octopus.Server.Web.WebServerInitializer.Start() in C:\buildAgent\work\47b5b27d3625d6ca\source\Octopus.Server\Web\WebServerInitializer.cs:line 61
at Octopus.Server.OctopusServerEngine.Start() in C:\buildAgent\work\47b5b27d3625d6ca\source\Octopus.Server\OctopusServerEngine.cs:line 69
at Octopus.Server.Commands.RunCommand.Start() in C:\buildAgent\work\47b5b27d3625d6ca\source\Octopus.Server\Commands\RunCommand.cs:line 79
at Octopus.Shared.Startup.AbstractCommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions)
at Octopus.Shared.Startup.OctopusProgram.Start(ICommandRuntime commandRuntime)
at Octopus.Shared.Startup.WindowsServiceHost.<>c__DisplayClass1_0.<Run>b__0()
at Octopus.Shared.Startup.WindowsServiceAdapter.RunService()
Making the new account a member of the local Administrators group clears the issue but I would ideally like to restrict the access of this account.