I have a python script that execute an automation script on remote SUT. and given that the script is working when execute locally with user tester and password xxx.
when I build the DevOps Azure pipeline I have checkout from GIT the project into the agent and then try to execute the code from the command line .
cd .\MatrixPro\TestFramework
python .\main.py -t profaund_tests.matrix_pro_rf_energy_across_impedances
this code gave me an error
E PermissionError: [WinError 5] Access is denied:
'//192.168.1.100\c$\'
seems that this script try to create report file on the SUT and doesn't have permission.
more over that the azure user agent have admin permission but I suspect that I need to change into the local user before execute the command.
note: I'm working on windows 10 .
what is the right method to solve this issue ? how can I figure out way this error occur ?
is their a simple way to change the pipeline permmision to work on local agent with local user and password?
When you run the build pipeline on Azure DevOps.
It's actually the build service account which is running the script. You should make sure the build service account have sufficient permission to Access: '//192.168.1.100\c$\'
To change the identity of the build agent, just go into Windows Services and change the identity of related Build service (service name is " Azure Pipelines Agent").
In the Services pane, right-click Azure Pipelines Agent.
Under Service Status, click Stop.
Click the Log On tab.
Specify the account you want to use for the service in the This
account text box.
Type the new password in the Password text box, and then type the
new password again in the Confirm password text box.
Under Service Status, click Start.
You should use a user to remote to that the server hold build agent and manually run the script to perform the deploy process. If that user is able to deploy succeed without any permission issue. Simply use this user as your build service account of Azure DevOps agent.
Hope this helps.
Related
I have a Windows 10 Enterprise VM running an Azure Devops Agent in Interactive mode. The agent runs using the only user the machine has, and it is an Administrator with UAC disabled. However, when executing tasks that require an elevated command prompt, as registering dlls, the command fails with the following error message:
##[error]Cmd.exe exited with code '5'.
And this message is when I'm trying to COPY files into Windows\SysWow64
##[error]Error: Failed cp: cp: copyFileSync: could not write to dest file (code=EPERM):C:\windows\SysWow64\test.txt
My testes also fail with the following error message:
Test method TestesRegressaoPGB.Autenticacao.AutenticarNoPGBL02 threw exception:
System.AggregateException: One or more errors occurred. (The requested operation requires elevation.) ---> System.ComponentModel.Win32Exception: The requested operation requires elevation.
TestCleanup method TestesRegressaoPGB.Autenticacao.Cleanup threw exception. System.NullReferenceException: System.NullReferenceException: Object reference not set to an instance of an object..
How do I run all commands while elevated?
In the Azure DevOps, If you want to access local file in the azure devops pipeline via self-hosted agent, It accesses the file via service account instead of Personal account.
Workaround
We could open check the file permission and configure the service account permission. service account format User/Administrator/Administrators({Agent.ComputerName}\User/Administrator/Administrators)
Also, we could change the agent service account to your owner account.
Steps: Open service on the agent machine and search the agent service account, check the pic below, just change the account name and password to yours, then It will use this account to perform the operation.
I just added permissions on each and every folder the pipeline agent needed to open. As I said to Vito, the agent was not running using a service account.
I am trying to create RamDisk in DevOps agent servers using PowerShell task from Pipeline. The script can create the Ramdisk rive but unable to format and mount it. Its giving error that it needs elevated prompt.
How I can run PowerShell task with admin privileges in Azure DevOps pipeline
Since you add azure-devops-self-hosted-agent tag, I assume you are using a self-hosted build agent for build. Then you can try to update the build agent to run with an administrator account.
If you configured the agent to run as a service, it starts
automatically. You can view and control the agent running status from
the services snap-in. Run services.msc and look for the agent. If
you need to change the agent's logon account, don't do it from the
Services snap-in. Instead, try to re-configure the agent and run it
with an administrator account.
I would like to use a .MDF SQL Server database file on which my unit tests are performed during a Visual Studio Test when deploying via a DevOps pipeline.
I added the .MDF and .LDF files to the unit test project and I am able to execute locally. I have confirmed that the files are properly deployed to the pipeline using a PowerShell script that lists the folder contents. I have also confirmed case-sensitivity by ensuring everything is upper-case.
When adding a Visual Studio Test step to an existing working pipeline, I initially received this error when attempting to save to the database during test initialization:
Microsoft.Data.SqlClient.SqlException: Failed to update database "D:\A\1\S\APPCORETESTS\BIN\RELEASE\NETCOREAPP3.1\MYTESTDATABASE.MDF" because the database is read-only
I added the following call during test initialize:
ALTER DATABASE [MYTESTDATABASE.MDF] SET READ_WRITE
and am now getting the following error:
Unable to open the physical file "D:\a\1\s\AppCoreTests\bin\Release\netcoreapp3.1\MYTESTDATABASE.mdf". Operating system error 5: "5(Access is denied.)"
Unable to open the physical file "D:\a\1\s\AppCoreTests\bin\Release\netcoreapp3.1\myTestDatabase_log.ldf". Operating system error 5: "5(Access is denied.)".
I am able to open a connection to the .MDF file using the following connection string (from a config, hence the two backslash "\"):
"Server=(LocalDB)\\MSSQLLocalDB;AttachDbFileName='|DataDirectory|\\MYTESTDATABASE.MDF'"
and I am able to run a query that returns several databases including mine (as well as tempdb, master, etc):
select name from sys.databases
If this error was occurring locally, I would set the folder permissions for the folder in which the .MDF / .LDF reside, but do not know if that is possible in a DevOps pipeline or if it is the correct approach to solving this problem.
Which agent are you using, hosted agent or self hosted agent?
Azure DevOps Pipeline accesses file via service account, we should check the service account permission and ensure it has enough permission.
If you are using hosted agent, it access the file via this account test Build Service(Org name), we need open project settings->Repositories->select the repo and check the service account test Build Service ({Org name}) permission, and also check the Pipeline->Settings
If you are using self-hosted agent and access local file, you should check the file permission. Steps: Select the local->Properties->Security, the service account name should be Administrators(Agent service name\Administrators) or Users(Agent service name\Users).
By the way, we can change the agent service account to your owner account.
Steps: Open service on the agent machine and search the agent service account, check the pic below, just change the account name and password to yours, then It will use this account to perform the operation.
I'm trying to remove a VSTS agent from a system, but I no longer possess the Personal Access Token (PAT) originally used during setup. An answer on this thread states that I can just delete the agent from the VSTS web UI, but I don't see that option besides nuking the entire agent pool (which is not a great option for us).
When I try to run config.cmd remove, these are my results:
PS C:\agent> .\config.cmd remove
Removing agent from the server
Enter authentication type (press enter for PAT) >
Enter personal access token >
Enter personal access token > Exiting...
First, it’s better to remove VSTS agent through config.cmd remove command and the PAT is required, you don’t need to use original PAT, you can apply a new PAT with Agent Pools (read, manage) scope and use it to remove agent.
Secondly, without PAT:
Deleting agent from server:
Deleting agent service in local system through sc command if it is running as service: sc delete [service name].
After that, you can delete the agent files.
Dears, I've another use case; I've been using Azure DevOps on-prem server.
I deleted the agent from the devops server 'Website,' However this's wont help me out when I tried to reinstall the agent it tells me:
Cannot configure the agent because it is already configured. To
reconfigure the agent, run 'config.cmd remove' or './config.sh remove'
first.
However, I've solve it when typing the below:
resolved
In VSTS I have a release definition, which needs to run a PowerShell script as administrator.
The release agent is configured to run as an account, which is a local administrator and has the required permissions, but UAC is restricting those permissions, unless PowerShell is executed "as administrator".
Can I run PS as admin from VSTS without disabling UAC completely on the server?
I don't think there is a way to do that using PS task. Can you try "Run PS on target servers" and provide admin creds. You will need to provide the machine name of the agent (so this is not ideal) as an input to the task. That might not require UAC. We will file this as a feature request.
I ran into this same problem. To fix it I did this (YMMV):
I uninstalled the Azure DevOps agent
Verified that the agent user was an admin
Reinstalled the Azure DevOps agent
When I originally installed the agent, the user the agent was running as was not an admin (I added that user to the Builtin\Administrators group after I installed the agent). I'm not sure if that caused a problem, but uninstalling/reinstalling solved it for me.
I do not think that the Inline or Path options are the issue. Maybe installing an Agent in the Deployment Environment Machine, assigning in the installation process the credentials of a user you are sure has administrative privileges on the SharePoint farm could help you. Then in VSTS verify that the agent is Online and working in the Deployment Group Section.
We got around not being able to use elevated Powershell commands by creating a light .Netcore Worker service with http request capability running in an elevated service privilege state. You can send a Invoke-RestMethod command from a regular Powershell YML task and it will trigger your custom logic on the other end of the ASP controller. We use it to remove Appx packages before re-installing for our Unit tests. The repo is located at, AzureAdmin