Reputation: 1
Deployment agent connection error in release management :Received Exception : System.UnauthorizedAccessException
I am trying to connect my Deployment agent to RM client from different domain. I created a shadow account and all other .Still it is not working. I am able to connect with same domain. My RM client and server is in same machine (VM). and my deployment agent is in different workgroup domain.(everything is in VM's) I am getting below error from the log file.
Created Nt account for user RM.user1
Found Sid S-1-5-21-2704102820-366803756-3152234569-1011 for user RM.user1
Is RM.user1 network service account? False
Created Nt account for user RM.user1
Found Sid S-1-5-21-2704102820-366803756-3152234569-1011 for user RM.user1
Is RM.user1 local system account? False
Domain:
Final UserName: SVWP500\RM.user1.
Loading account details for SVWP500\RM.user1
Is SVWP500\RM.user1 local machine account? True
Normalized account is SVWP500\RM.user1 and Sid is S-1-5-21-2704102820-366803756-3152234569-1011
Validating account to use as identity for Release Management Services...
IsAdminAccount : Trying to determine if the account : SVWP500\RM.user1 is an admin on the local machine
IsAdminAccount : Trying to determine if the account : SVWP500\RM.user1 is an admin on the local machine
User SVWP500\RM.user1 is system, Admin
Validated account to use as identity for Release Management Services.
Validating Release Management Server for Team Foundation Server 2013....
ServiceUserIsServiceUser="1" InstallerUserIsReleaseManager="1" />, Release Management Server for Team Foundation Server 2013 validation succeeded.
Received Exception : System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at System.Security.Cryptography.Utils.SetKeySetSecurityInfo(SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at Microsoft.TeamFoundation.Release.CommonConfiguration.Helpers.CryptoHelper.<.ctor>b__2(CspParameters container)
at Microsoft.TeamFoundation.Release.CommonConfiguration.Helpers.CryptoHelper.ConfigureDeployerCryptoKey(String userName)
at Microsoft.TeamFoundation.Release.CommonConfiguration.DeployerConfigurationManager.Configure()
at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
Work completed for GetConfiguration() call : got out of turn error
Please help on this.
Upvotes: 0
Views: 1141
Answers (1)
Reputation: 121
Looks like the account you are using to register the deployment agent hasn't got the permission to access to release management. Because next step after Team Foundation Validation is updating deployment configuration.
I, 2015/02/13, 08:25:54.156, Release Management Server for Team Foundation Server 2013 validation succeeded.
I, 2015/02/13, 08:25:54.236, Updating Microsoft Deployment Agent 2013 configuration settings...
V, 2015/02/13, 08:25:54.238, Successfully read Release Management deployer registry key, installation path is C:\Program Files (x86)\Microsoft Visual Studio 12.0\Release Management\
V, 2015/02/13, 08:25:54.251, Opening configuration file C:\Program Files (x86)\Microsoft Visual Studio 12.0\Release Management\bin\Microsoft.TeamFoundation.Release.Data.dll.config
I have a similar step up and below are the steps I did to make it work in my environment
Create a local user (RMServer) on both DomainA\RMServer & DomainB\DeploymentAgentServer machines. Add the users to administrators group
Create a local user (DeployAgent) on both DomainA\RMServer & DomainB\DeploymentAgentServer machines. Add the users to administrators group
From Release Management client add .\RMServer account and grant both "Service User" and "Release Manager"permissions (please note on windows account test box don't use machinename\user, just add .\user)
From Release Management client add .\DeployAgent account and grant "Service User" (please note on windows account text box don't use machinename\user, just add .\user)
Install the Deployment Agent on DomainB\DeploymentAgentServer as DeployAgent user (created in step 2)
I was using the Microsoft & Wouter de Kort blog
Upvotes: 2
Related Questions
- Communication with the deployer was lost during the deployment
- Deployment to Server fails with local Administrator
- "System.ComponentModel.Win32Exception: Access is denied" error in Release Management client
- Can not connect release management client to visual studio team services
- VSTS Release Management deployment failing due to security issues
- Failed to configure Release Management service user. Error: The remote server returned an error: (401) Unauthorized
- Error when deploying web application using TFS Release Managment
- The account running the TFS build service (NT AUTHORITY\NETWORK SERVICE) needs to be added as a system user in the Release Management Server
- ERROR: The account running the TFS build service (***\TFSBuildServices) needs to be added as a system user in the Release Management Server
- Deployer user does not have Access to the file