Amazon EC2: Getting Access Denied trying to use Windows DPAPI
7 views
Skip to first unread message
Carel Combrink
Jun 10, 2020, 9:32:54 AM6/10/20
to jenkins...@googlegroups.com
Hi,
We are using an AWS EC2 Windows AMI to do our builds from a Jenkins job using the ec2-plugin.
We are using an AWS EC2 Windows AMI to do our builds from a Jenkins job using the ec2-plugin.
Our libraries use the Windows Cryptography API: Next Generation (NG) (DPAPI) to protect sensitive data from C# and C++ components.
Our builds succeed without any issue, but our unit test trying to use this API in the AMI instance keeps on failing. On the C# side we get the following exception (almost the same on C++ side):
Access is denied.
Source: System.Security
HRESULT: -2147024891
Stack:
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
We could get the Unit Tests passing with PsExec, but the output is lost and the step that normally takes about 20 minutes now takes more than 4 hours.
From some reading up it seems like the WinRM connection is the cause of the issue, the PsExec seems to verify that.
Is there a way to configure or set up the AMI + plugin to allow us to use the DPAPI inside the AMI for the unit tests (Without having to use an external tool like PsExec)?
Regards,
Carel
Our builds succeed without any issue, but our unit test trying to use this API in the AMI instance keeps on failing. On the C# side we get the following exception (almost the same on C++ side):
Access is denied.
Source: System.Security
HRESULT: -2147024891
Stack:
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
We could get the Unit Tests passing with PsExec, but the output is lost and the step that normally takes about 20 minutes now takes more than 4 hours.
From some reading up it seems like the WinRM connection is the cause of the issue, the PsExec seems to verify that.
Is there a way to configure or set up the AMI + plugin to allow us to use the DPAPI inside the AMI for the unit tests (Without having to use an external tool like PsExec)?
Regards,
Carel
Reply all
Reply to author
Forward
0 new messages