Appologies this might be a longwinded one,
So i have been trying for a good few hours to configure a self-hosted azure build agent to no success. I have been trying to run the following command generated by the azure devops ui.
Powershell script:
$ErrorActionPreference="Stop";If(-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent() ).IsInRole( [Security.Principal.WindowsBuiltInRole] "Administrator")){ throw "Run command in an administrator PowerShell prompt"};If($PSVersionTable.PSVersion -lt (New-Object System.Version("3.0"))){ throw "The minimum version of Windows PowerShell that is required by the script (3.0) does not match the currently running version of Windows PowerShell." };If(-NOT (Test-Path $env:SystemDrive\'azagent')){mkdir $env:SystemDrive\'azagent'}; cd $env:SystemDrive\'azagent'; for($i=1; $i -lt 100; $i++){$destFolder="A"+$i.ToString();if(-NOT (Test-Path ($destFolder))){mkdir $destFolder;cd $destFolder;break;}}; $agentZip="$PWD\agent.zip";$DefaultProxy=[System.Net.WebRequest]::DefaultWebProxy;$securityProtocol=@();$securityProtocol+=[Net.ServicePointManager]::SecurityProtocol;$securityProtocol+=[Net.SecurityProtocolType]::Tls12;[Net.ServicePointManager]::SecurityProtocol=$securityProtocol;$WebClient=New-Object Net.WebClient; $Uri='https://vstsagentpackage.azureedge.net/agent/3.227.1/vsts-agent-win-x64-3.227.1.zip';if($DefaultProxy -and (-not $DefaultProxy.IsBypassed($Uri))){$WebClient.Proxy= New-Object Net.WebProxy($DefaultProxy.GetProxy($Uri).OriginalString, $True);}; $WebClient.DownloadFile($Uri, $agentZip);Add-Type -AssemblyName System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory( $agentZip, "$PWD");.\config.cmd --environment --environmentname "-------------" --agent $env:COMPUTERNAME --runasservice --work '_work' --url '----------' --projectname '------------' --auth PAT --token --------------; Remove-Item $agentZip;
When run it starts configuring the agent until it gets to the question
>> Connect:
Connecting to server ...
>> Register Agent:
Scanning for tool capabilities.
Connecting to the server.
Pool already contains an agent with name DESKTOP-8HHF3U6.
Enter replace? (Y/N) (press enter for N) > Y
Enter Environment Virtual Machine resource tags? (Y/N) (press enter for N) >
Successfully replaced the agent
Testing agent connection.
2023-10-10 19:28:28Z: Settings Saved.
Enter enable SERVICE_SID_TYPE_UNRESTRICTED for agent service (Y/N) (press enter for N) >
Enter User account to use for the service (press enter for NT AUTHORITY\SYSTEM) >
Error reported in diagnostic logs. Please examine the log for more details.
- C:\azagent\A2\_diag\Agent_20231010-192501-utc.log
This access control list is not in canonical form and therefore cannot be modified.
I have tried a few things from trying to set-acl on the microsoft appdata dir and also the same for the agent folder but nothing seems to work
Any ideas?
Please try the single line PowerShell script in PowerShell.