Start-Process with Credentials gives 'non-zero exit code: -1073741502'

I am trying to use the suggested DbUp solution to deploy some database scripts but I need the DbUp exe to run as a different user. For corporate reasons I cannot give the tentacle permissions to write to a production database so I have to do some impersonation in script.

Below is the PowerShell script I am trying to run. I can successfully run it when I log onto the tentacle machine, open a PS console as my tentancle user account, and run it by typing in “.\Octopus.Action.CustomScripts.Deploy.ps1”. However when I let Octopus run it as a Deploy script I am returned: Script ‘E:\Octopus\Applications\QA\Database\16.3.74525-test\Octopus.Action.CustomScripts.Deploy.ps1’ returned non-zero exit code: -1073741502

Is there are a reason that Start-Process would work when run manually as the tentacle user on the tentacle machine but not when run from by the tentacle? I have tried gutting this script down to bare bones by removing things like the '-RedirectStandardOutput ’ with no luck. The tentacle is version 3.3.12.

Thank you,

$user = $OctopusParameters['Administrator AD Account']
$password = $OctopusParameters['Administrator AD Password']

$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user, $securePassword

$exe = $OctopusParameters['Octopus.Action[Database Scripts].Output.Package.InstallationDirectoryPath'] + '\AJG.BSD.Pate.Database.exe'

$process = Start-Process $exe -Credential $credential -Wait -NoNewWindow -PassThru -LoadUserProfile -RedirectStandardOutput $env:windir\temp\databaseupdatestandard.log

Get-Content -Path $env:windir\temp\databaseupdatestandard.log

exit $process.ExitCode

I think this might have something to do with it.

I am running my tentacle as a service account (not as Local System) so that the tentacle can have access to other systems. I then need to run the DB upgrade as a second user but via the tentacle. That SO article indicates that a service account cannot run a process as another user.

While this doesn’t appear to be any sort of issue with Octopus itself, do you guys have any experience with a situation like this? My specific example is trying to run a DbUp executable as AdminA while the tentacle service is running as ServiceAccountA.

Thank you

Hi Kevin,

I believe your diagnosis is correct.

I think you have a couple of options:

  • Run the Tentacle as a different account. Rather than trying to execute the DbUp process as a different account, run the whole Tentacle under an account with appropriate access. You could even create a dedicated Tentacle for running your DbUp scripts, which runs as an account with SQL Server rights.

  • Instead of using Windows authentication, use SQL Server authentication and supply the credentials in the database connection string. You can obviously managed these credentials using Octopus variables. I understand some environments won’t allow SQL authorization.

  • I think customers in the past have had success using WinRM to achieve this (example). Though I can’t personally confirm this works.

Could any of these options work for you?


MS hotfix seems to have solved a similar problem for me: