powershellazureazure-devopswinrmazure-vm-role

VSTS AzureFileCopy Permission denied while trying to connect to the target machine


Trying to setup a simple AzureVMFileCopy task from the VSTS Release. I have already done the following steps:

  1. Execucted Enable-PSRemoting
  2. Setup the WinRM listener with self signed certificate and opened the Port 5986 over HTTPS for WInRM
  3. Configured the Inbound firewall rule to allow traffic on port 5986 and 5985 as well.
  4. In the VSTS task, tried giving the username using different conventions - Domain/username, .\username, username
  5. In VSTS task, enabled copy prerequisites.
  6. Configured the VSTS Agent on the VM to run in "interactive mode" and used the administrator user account. Have tried to configure using Service Account as well with the same administrator account.
  7. Interesting thing is that the files are copied in the VSTS Agent _work folder but the final copy to target folder gives "Access is Denied".
  8. Have tried verifying the connection using Enter-PSSession but that also gives the same error. enter image description here

Here is the exception I get:

System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server devocxdbvm.westeurope.cloudapp.azure.com failed with the following error message : Access is denied

Any basic element I may be missing ?

Screenshot of the Azure File Copy Task enter image description here


Solution

  • I experienced this same issue setting up a build machine for VSTS, fix for me was Method 2 here: https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate

    which is to add the following registry key:
    In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    Right-click Lsa, point to New, and then click DWORD Value.
    Type DisableLoopbackCheck, and then press ENTER.
    Right-click DisableLoopbackCheck, and then click Modify.
    In the Value data box, type 1, and then click OK.

    Restart the VM

    I believe (can't find where I read this now) that this was introduced by a security update to windows so may change again in future.