0

I am experiencing a problem similar to the one described here:

Import-AzurePublishSettingsFile throws CryptographicException

We are calling Powershell from IIS to programmatically deploy VMs. Part of this process involves loading new Publish Settings Files in for new customers. We are getting the following error when attempting to do so:

Import-AzurePublishSettingsFile : An internal error occurred.

At C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps1:152 char:2
+     Import-AzurePublishSettingsFile ($outputDir + "\" + $azSettingsFile) 
-ErrorActi ...
+    
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) 
[Import-AzurePublishSettingsFile], CryptographicException
    + FullyQualifiedErrorId : 
Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand

I have a hunch this has something to do with the user space, as if I run exactly the same script from an interactive PS session, on the same server, it works fine.

Any ideas on how to troubleshoot this?

Edit: Stack trace from Powershell:

PSMessageDetails      : 
Exception             : System.Security.Cryptography.CryptographicException: An internal error occurred.

                           at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
                           at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
                           at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
                           at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
                           at Microsoft.WindowsAzure.Commands.Utilities.Common.PublishSettingsImporter.PublishSubscriptionToAzureSubscription(PublishDataPublishProfile profile, PublishDataPublishProfileSubscription s) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\PublishSettingsImporter.cs:line 56
                           at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
                           at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
                           at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
                           at Microsoft.WindowsAzure.Commands.Utilities.Common.WindowsAzureProfile.ImportPublishSettings(String fileName) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\WindowsAzureProfile.cs:line 293
                           at Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand.ImportFile(String fileName) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands\Subscription\ImportAzurePublishSettings.cs:line 95
                           at Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand.ExecuteCmdlet() in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands\Subscription\ImportAzurePublishSettings.cs:line 46
                           at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletBase.ProcessRecord() in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\CmdletBase.cs:line 96
TargetObject          : 
CategoryInfo          : CloseError: (:) [Import-AzurePublishSettingsFile], 
                        CryptographicException
FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand
ErrorDetails          : 
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at <ScriptBlock>, C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps1: line 163
PipelineIterationInfo : {}





MyCommand             : Import-AzurePublishSettingsFile
BoundParameters       : {}
UnboundArguments      : {}
ScriptLineNumber      : 163
OffsetInLine          : 2
HistoryId             : 1
ScriptName            : C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps1
Line                  :     Import-AzurePublishSettingsFile ($outputDir + "\" + 
                        $azSettingsFile) -ErrorAction Stop

PositionMessage       : At C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps
                        1:163 char:2
                        +     Import-AzurePublishSettingsFile ($outputDir + "\" 
                        + $azSettingsFile) -ErrorActi ...
                        +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PSScriptRoot          : C:\WebApps\Provisioning\PowerShellScripts
PSCommandPath         : C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps1
InvocationName        : Import-AzurePublishSettingsFile
PipelineLength        : 0
PipelinePosition      : 0
ExpectingInput        : False
CommandOrigin         : Internal
DisplayScriptPosition : 



00000000000000000000000000000000000000000000000000000000000000000000000000000000


Message        : An internal error occurred.

Data           : {}
InnerException : 
TargetSite     : Void ThrowCryptographicException(Int32)
StackTrace     :    at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
                    at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle&pCertCtx)
                    at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
                    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.PublishSettingsImporter.PublishSubscriptionToAzureSubscription(PublishDataPublishProfile profile, PublishDataPublishProfileSubscription s) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\PublishSettingsImporter.cs:line 56
                    at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
                    at System.Collections.Generic.List`1..ctor(IEnumerable`1collection)
                    at System.Linq.Enumerable.ToList[TSource](IEnumerable`1source)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.WindowsAzureProfile.ImportPublishSettings(String fileName) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\WindowsAzureProfile.cs:line 293
                    at Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand.ImportFile(String fileName) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands\Subscription\ImportAzurePublishSettings.cs:line 95
                    at Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand.ExecuteCmdlet() in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands\Subscription\ImportAzurePublishSettings.cs:line 46
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletBase.ProcessRecord() in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\CmdletBase.cs:line 96
HelpLink       : 
Source         : mscorlib
HResult        : -2146893792
4

3 回答 3

0

回答:

我们将 IIS 应用程序池的用户上下文更改为本地管理员,这解决了问题。这表明问题在于从先前的上下文中访问加密存储。然而,错误和堆栈跟踪太模糊,无法证实这一假设。

于 2014-01-24T17:59:29.450 回答
0

使用 WAML 库进行计算,我可以部署 - 但是,我必须使用稍微不同的凭据加载:

X509Certificate2 certificate = new X509Certificate2( Convert.FromBase64String(encodedCertificate), "MyPrivateKey", X509KeyStorageFlags.MachineKeySet);

基本上我需要告诉系统从机器密钥集加载(即使我的证书是本地的),然后 CryptographicException 消失。

我猜这可能有点相似——即使您使用的是 PowerShell,它也是建立在 WAML 预览之上的。

于 2014-01-25T02:45:58.850 回答
0

我们让构建代理在 Azure VM 上运行,它一直运行良好,但有一天突然停止工作,显然没有任何原因出现上述错误。

登录到 VM 并Import-AzurePublishSettingsFile "FileName"手动运行将完美运行。

我们发现我们的构建代理设置不正确,并且在 MSDN 凭据已更改的用户帐户下运行。

我们首先通过重新启动虚拟机解决了这个问题——这将杀死在其他用户帐户下运行的任何构建代理进程(在我们的例子中,它阻止了我们运行下面的下一步)

接下来,最好通过运行脚本(以管理员身份)将构建代理安装为服务 <agent home>/bin/service.install.bat file

您可以通过检查名为“Team City Agent”的服务(或正在运行的类似服务)的对话框来检查该服务是否已安装Computer Management -> Services,假设其他一切都已设置好,您的构建应该开始工作(或至少通过上面的加密错误:) )

更多信息可以在这里找到:https ://confluence.jetbrains.com/display/TCD8/Setting+up+and+Running+Additional+Build+Agents

于 2016-10-09T22:49:14.360 回答