从IIS调用时,Import-AzurePublishSettingsFile会引发CryptographicException,Internal Error

时间:2014-01-23 19:28:35

标签: azure azure-powershell

我遇到的问题类似于此处描述的问题:

Import-AzurePublishSettingsFile throws CryptographicException

我们从IIS调用Powershell以编程方式部署VM。此过程的一部分涉及为新客户加载新的发布设置文件。尝试这样做时,我们收到以下错误:

Import-AzurePublishSettingsFile : An internal error occurred.

At C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps1:152 char:2
+     Import-AzurePublishSettingsFile ($outputDir + "\" + $azSettingsFile) 
-ErrorActi ...
+    
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) 
[Import-AzurePublishSettingsFile], CryptographicException
    + FullyQualifiedErrorId : 
Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand

我预感这与用户空间有关,就好像我从交互式PS会话中运行完全相同的脚本,在同一台服务器上,它工作正常。

有关如何解决此问题的任何想法?

编辑:来自Powershell的堆栈跟踪:

PSMessageDetails      : 
Exception             : System.Security.Cryptography.CryptographicException: An internal error occurred.

                           at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
                           at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
                           at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
                           at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
                           at Microsoft.WindowsAzure.Commands.Utilities.Common.PublishSettingsImporter.PublishSubscriptionToAzureSubscription(PublishDataPublishProfile profile, PublishDataPublishProfileSubscription s) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\PublishSettingsImporter.cs:line 56
                           at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
                           at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
                           at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
                           at Microsoft.WindowsAzure.Commands.Utilities.Common.WindowsAzureProfile.ImportPublishSettings(String fileName) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\WindowsAzureProfile.cs:line 293
                           at Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand.ImportFile(String fileName) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands\Subscription\ImportAzurePublishSettings.cs:line 95
                           at Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand.ExecuteCmdlet() in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands\Subscription\ImportAzurePublishSettings.cs:line 46
                           at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletBase.ProcessRecord() in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\CmdletBase.cs:line 96
TargetObject          : 
CategoryInfo          : CloseError: (:) [Import-AzurePublishSettingsFile], 
                        CryptographicException
FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand
ErrorDetails          : 
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at <ScriptBlock>, C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps1: line 163
PipelineIterationInfo : {}





MyCommand             : Import-AzurePublishSettingsFile
BoundParameters       : {}
UnboundArguments      : {}
ScriptLineNumber      : 163
OffsetInLine          : 2
HistoryId             : 1
ScriptName            : C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps1
Line                  :     Import-AzurePublishSettingsFile ($outputDir + "\" + 
                        $azSettingsFile) -ErrorAction Stop

PositionMessage       : At C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps
                        1:163 char:2
                        +     Import-AzurePublishSettingsFile ($outputDir + "\" 
                        + $azSettingsFile) -ErrorActi ...
                        +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PSScriptRoot          : C:\WebApps\Provisioning\PowerShellScripts
PSCommandPath         : C:\WebApps\Provisioning\PowerShellScripts\vmDeploy.ps1
InvocationName        : Import-AzurePublishSettingsFile
PipelineLength        : 0
PipelinePosition      : 0
ExpectingInput        : False
CommandOrigin         : Internal
DisplayScriptPosition : 



00000000000000000000000000000000000000000000000000000000000000000000000000000000


Message        : An internal error occurred.

Data           : {}
InnerException : 
TargetSite     : Void ThrowCryptographicException(Int32)
StackTrace     :    at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
                    at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle&pCertCtx)
                    at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
                    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.PublishSettingsImporter.PublishSubscriptionToAzureSubscription(PublishDataPublishProfile profile, PublishDataPublishProfileSubscription s) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\PublishSettingsImporter.cs:line 56
                    at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
                    at System.Collections.Generic.List`1..ctor(IEnumerable`1collection)
                    at System.Linq.Enumerable.ToList[TSource](IEnumerable`1source)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.WindowsAzureProfile.ImportPublishSettings(String fileName) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\WindowsAzureProfile.cs:line 293
                    at Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand.ImportFile(String fileName) in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands\Subscription\ImportAzurePublishSettings.cs:line 95
                    at Microsoft.WindowsAzure.Commands.Subscription.ImportAzurePublishSettingsCommand.ExecuteCmdlet() in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands\Subscription\ImportAzurePublishSettings.cs:line 46
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletBase.ProcessRecord() in c:\workspace\workspace\build-azure-sdk-tools-msi\WindowsAzurePowershell\src\Commands.Utilities\Common\CmdletBase.cs:line 96
HelpLink       : 
Source         : mscorlib
HResult        : -2146893792

3 个答案:

答案 0 :(得分:0)

答案:

我们将IIS应用程序池的用户上下文更改为本地管理员,这解决了该问题。这表明问题是从先前的上下文访问加密存储。然而,错误和堆栈跟踪太模糊,无法证实这一假设。

答案 1 :(得分:0)

使用WAML库进行计算,我可以部署 - 但是,我必须使用稍微不同的凭据加载:

X509Certificate2 certificate = new X509Certificate2( Convert.FromBase64String(encodedCertificate), "MyPrivateKey", X509KeyStorageFlags.MachineKeySet);

基本上我需要告诉系统从机器密钥集加载(即使我的证书是本地的),然后CryptographicException就会消失。

我猜这可能有些相似 - 即使您使用的是PowerShell,它也是建立在WAML预览之上的。

答案 2 :(得分:0)

我们的构建代理在Azure VM上运行,它一直工作正常但突然停止工作一天,显然没有任何理由上述错误。

登录到VM并手动运行Import-AzurePublishSettingsFile "FileName"将完美运行。

我们发现我们的构建代理设置不正确,并且在用户帐户下运行,其MSDN凭据已更改。

我们首先通过重新启动VM来解决问题 - 这会终止在其他用户帐户下运行的任何构建代理进程(在我们的例子中有一个,它阻止我们运行下面的下一步)

接下来,如果您通过运行脚本(作为管理员)将构建代理安装为服务,那么它是最好的 <agent home>/bin/service.install.bat file

您可以通过检查服务名为&#34; Team City Agent&#34;的Computer Management -> Services对话框来检查服务是否已安装。 (或类似的东西正在运行),假设其他所有设置都正常你的构建应该开始工作(或至少通过上面的加密错误:))

可以在此处找到更多信息:https://confluence.jetbrains.com/display/TCD8/Setting+up+and+Running+Additional+Build+Agents