Permissions for Tentical

We are changing the service to run as a domain account. We gave the account full access to all octopus directories and registry key but we can’t push upgrades to the system. What other rights does the account need in order to be able to perform an upgrade? Can it be done with out being a local admin?

Hi Jim,

You can get the list of the minimum required permissions from https://octopus.com/docs/installation/installing-tentacles#InstallingTentacles-Permissions

Cheers
John

I have done everything except •Rights to view X.509 certificates in the local machine context how do I set this?

and what 509 cert does it need to view for windows 2016?

Running Tentacle version 3.13.8

June 2nd 2017 09:25:18

Info
Beginning upgrade

June 2nd 2017 09:25:22

Info
Waiting for the upgrade to complete

June 2nd 2017 09:25:27

error I get

Warning
The remote script failed with exit code -1
Octopus.Shared.Tasks.ActivityFailedException
at Octopus.Worker.Scripting.ScriptResult.EnsureSuccessful()
at Octopus.Worker.Tentacles.TentacleUpgradeMediator.BeginUpgradeAndWaitForExitCode(String installId, TargetManifest targetManifest)

Hi Jim,

Sorry for the confusion, the first set of rights are to run a tentacle, to upgrade a tentacle you need different rights, you need an account with enough rights to install it, see https://octopus.com/docs/key-concepts/environments/machine-policies#MachinePolicies-TentacleUpdateAccount

Hope this helps!

Cheers
John

Hi Jim,

We have updated the doco regarding the 509 cert, hopefully it makes sense now.

Cheers
John