Amazon EC2: Getting Access Denied trying to use Windows DPAPI

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Amazon EC2: Getting Access Denied trying to use Windows DPAPI

Carel Combrink

We are using an AWS EC2 Windows AMI to do our builds from a Jenkins job using the ec2-plugin.
Our libraries use the Windows Cryptography API: Next Generation (NG) (DPAPI) to protect sensitive data from C# and C++ components.

Our builds succeed without any issue, but our unit test trying to use this API in the AMI instance keeps on failing. On the C# side we get the following exception (almost the same on C++ side):

Access is denied.
Source: System.Security
HRESULT: -2147024891
   at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)

We could get the Unit Tests passing with PsExec, but the output is lost and the step that normally takes about 20 minutes now takes more than 4 hours.

From some reading up it seems like the WinRM connection is the cause of the issue, the PsExec seems to verify that.

Is there a way to configure or set up the AMI + plugin to allow us to use the DPAPI inside the AMI for the unit tests (Without having to use an external tool like PsExec)?


You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit