Possible Tentacle / powershell elevation issue

(skmcfadden) #1

Using Octopus tentacle 5.0.6.0 to deploy windows service app to Windows Server 2019 datacenter. After deploying the tentacle runs a powershell script that calls .NET regasm (32 bit version) to register a .NET assembly with COM. This cmd encounters a powershell remote exception because it can’t update the windows registry. The interesting thing is that if I manually run this script on the remote machine with elevation it runs fine but if I manually run this script on the remote machine without elevation it fails.
The tentacle service user is a local admin on the remote machine. How can I force the tentacle to run the powershell script with elevation?

(Matt Richardson) #3

Hi @skmcfadden

Thanks for getting in touch! Sorry to see you’re having issues getting the regasm comamnd to run.

Can you give me some more information about the user that you’re running the Tentacle service as? Is it “the local administrator”? A specific service account? Or is it “local system”?

Also, when you say the user “is a local admin”, do you mean that it’s a member of the “local administrators” group?

Can you share the error you are receiving?

A potential approach that might help work around the issue you are facing is to use the special variables Octopus.Action.PowerShell.UserName and Octopus.Action.PowerShell.Password, which you can use to specify the account it should run the step against. This isn’t really solving the issue you’re facing, but it might help unblock.

Look forward to getting to the bottom of this.

Regards,
Matt

(skmcfadden) #4

Hi Matt, the octopus tentacle service is running as a domain user. That domain user is a member of the local administrators group. Here is raw log output for regasm piece:

Register our connector with COM. Must use 32bit regasm as our connector is currently 32 bit!

13:22:59 Info | Microsoft .NET Framework Assembly Registration Utility version 4.7.3190.0
13:22:59 Info | for Microsoft .NET Framework version 4.7.3190.0
13:22:59 Info | Copyright © Microsoft Corporation. All rights reserved.
13:23:00 Error | Calamari.exe : regasm.exe : RegAsm : warning RA0000 : Registering an unsigned assembly with /codebase can cause your
13:23:00 Error | assembly to
13:23:00 Error | At C:\Octopus\Tentacle\Work\20200103192253-107689-5\Bootstrap.ps1:27 char:1
13:23:00 Error | + & “${env:TentacleHome}\Calamari\4.8.3\Calamari.exe” run-script -sens …
13:23:00 Error | + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13:23:00 Error | + CategoryInfo : NotSpecified: (regasm.exe : Re…ur assembly to :String) [], RemoteException
13:23:00 Error | + FullyQualifiedErrorId : NativeCommandError
13:23:00 Verbose | Process C:\windows\system32\WindowsPowershell\v1.0\PowerShell.exe in C:\Octopus\Tentacle\Work\20200103192253-107689-5 exited with code 1
13:23:00 Verbose | Updating manifest with output variables
13:23:00 Verbose | Updating manifest with action evaluated variables
13:23:00 Fatal | The remote script failed with exit code 1
13:23:00 Fatal | The action Setup Delivery Connector on foowebencls001 failed
|

(Matt Richardson) #5

Hi there

A couple of ideas spring to mind.

Firstly, try redirecting stderr to stdout for your command:

regasm.exe /param1:value > 2>&1

That might help.

Other than that, I would recommend checking out powershell debugging to see if you can get a closer hint of whats going wrong.

Let me know how you go with that.

Cheers,
Matt