We are trying to deploy a website in IIS, but is failing with the below error. However, websites is started and application is working as expected. Only error is deployment fails with below error. Any solution for below would be highly appreciated.
Hi @DevopsBeginner,
Thanks for getting in touch!
This is usually caused by the service account that the tentacle uses not having sufficient permissions to access the certificate store.
It would be worth confirming that the account has full rights on this folder: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
Regards,
Paul
Hi Paul,
Thanks for the response!!
Indeed, service account has full permissions on MachineKeys and also part of admin group. I also granted access to certificate in the Manage Private Keys.
Regards,
DB
Hi @DevopsBeginner,
We have seen problems previously when a certificate has been installed before the deployment and by a different user. So, if this was the case you could try uninstalling the certificate and re-running the deployment.
Also, does the certificate that has been added to Octopus include the private key?
Regards,
Paul
Hi Paul,
Yes, certificate is added to Octopus but still deployment fails with cert error.
Finally, we are able to narrow down the issue to McAfee. It is blocking access to MachineKeys. We need to check internally within the organization to see how it can be excluded.
NT AUTHORITY\SYSTEM ran path:\Calamari.exe, which tried to access C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\filename, violating the rule “Malware Behavior : Windows EFS abuse”, and was blocked. For information about how to respond to this event, see KB85494.
Thanks & Regards,
BD
Hi @DevopsBeginner,
Out of curiosity, has this deployment been working fine previously and just recently started encountering this issue?
I’ve seen several people encounter this same error within the last couple days so I’m wondering if it could be a recent change/update in McAfee.
Regards,
Paul
Hi Paul,
Yes, it was working fine earlier without any issues and started only from couple of days. It could be due to recent McAfee release in Jan 2020.
Regards,
BD
That’s great, thanks for confirming that.
Regards,
Paul
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.