Azure functions not executing. Access Denied everytime - azure

Can anyone help as I am unable to execute the azure functions and getting this error message everytime.

Indeed, this is an antivirus policy issue. One can confirm this by going to your antivirus logs. I was using Symantec.
Steps to view logs in Symantec -
Open Symantec>View Logs>Client Management>View Logs.
The logs will contain an entry with keyword "BLOCK" with the path of blocked exe (as in snapshot attached in question).
1/27/2020 4:04:05 PM User Event 10 Block [AC1-1.1] List all applications you want to block below, by clicking the Add button. - Target MD5=d028f52957a8759ccbe6845e79090898 - Target Arguments="host start --port 7071 --pause-on-error" Create Process 0 1/27/2020 4:03:04 PM 1/27/2020 4:03:04 PM Block applications from running | [AC1-1.1] Block these applications 10.202.100.23 16776 C:\Users\<username>\AppData\Local\AzureFunctionsTools\Releases\2.43.0\cli_x64\func.exe 200704 Bytes Alert
Once my security team updated the policy, the azure function ran perfectly!

Finally after two days of struggle I got the answer. The Azure core Tools emulator "func.exe" is located in AzureFunctionstools folder which is located in appdata.
Appdata folder is the place for all the applications to install their configrations and helping component like .dlls or so. And, thus Appdata is an important folder which is hidden by default.
In many case changing the visibility of appdata folder from hidden to visible resolves the problem.
I tried to execute a sample exe from inside and outside of appdata folder and the sample exe was not accessible when it was inside appdata. Same scenario happens with "func.exe", it was executing outside of appdata folder. It was a clear indication that something is restricting access. and only an antivirus would do that.
I make changes in the antivirus policy (added the path in Exception) and it started working.
Here are the screenshots for reference:
As a solution: you can perform the following:
Make the appdata visibility from hidden to visible. or,
Right click on the folder, PRoperties > Security and provide the full access rights to the user. or,
Disable the antivirus and retry, it should work. If it is then add the folder path or the application name "func.exe" as an Exception.
One more solution that I figured out today especially when the antivirus is in client mode and linked with its server for policy.
4. You need to whitelist the path in the server policy and after 5 minutes say, Update the Antivirus, restart the Visual Studio and its done.

Same error I also faced due to anti-virus but can't modify anti-virus since it can be changed by IT Security/networking team and process is time-taking & long process. Another workaround is :
Install azure-functions-core-tools via npm
npm install -g azure-functions-core-tools#3
Change Executable & Working Directory in Debug settings for azure Project settings
Working Directory : C:\<Project path>\bin\Debug\netcoreapp3.1
Executable : C:\Users\<username>\AppData\Roaming\npm\node_modules\azure-functions-core-tools\bin\func.exe

Related

Error loading extension with localization

My nw.js app suddenly stopped working on Windows 10 with the following error;
Failed to load extension from {path}. Default locale is defined but default data couldn't be loaded.
Structure & manifest
_locales
en
js/i18n.js
Manifest
"default_language": "en"
I don't know what windows has changed recently but it has been working solidly on previous versions of Windows for years. I've updated the country tag as per available language packs for windows here and chromium tags but still no luck.
According to this thread :
"I use Chrome and stopped updating it once they made tabbed-options
mandatory. I also keep my User Data folder in a non-default location.
When this bug started, I used the --single-process trick for a while
but as mwalsher said, it stopped working when they messed with the Web
Store. I used but hate the manual method outlined above, so what I did
was to simply move my User Data folder to a FAT32 partition. Problem
solved; now I can successfully install packed extensions from an older
version of Chromium, running in normal mode, to a non-default User
Data folder. Even better, thanks to a system I set up
(http://superuser.com/questions/196886/how-to-relocate-chrome-profile-but-also-make-new-links-open-with-the-relocated-p/257706#257706),
it was /extremely/ easy to change it (I had only to change a single
byte and reboot)."
..
"Change the security permissions of the temp directory might fix this
problem. On my computer, the temp directory only has 3 full control
user (My Account, System, Administrators) at beginning. I manually
give everyone full control to this folder (maybe adding list
permission only also works). However it doesn't work immediately,
until next day I restart the computer with great surprise.
..
As a workaround, --no-sandbox might work. Note that this is just as
unsafe as --single-process, so be careful when using it.
..
..
perform a "chrome://restart
Try this first:
..I restarted Chrome and tried to install it again, and now it
installed cleanly..

deployR cannot open the connection

I have set up deployR on an Azure VM, and have logged in as the testuser which comes as default with the installation.
Upon running the ccFraudScore.R model, I get the following error:
> if(!exists('fraudModel')){load('fraudModel.rData')}
Console Error cannot open the connection
API Error cannot open the connection
I also get the same error on my own scripts when trying to load or read.csv data, either from the same folder as the script, or using the deployrExternal() function, with a file to read in the appropriate folder in here: C:\Program Files\Microsoft\DeployR-<version>\deployr\external.
I have set all the inbound Windows Firewall rules to "public" and enabled them, as described in the install documentation.
Please could anyone point me in the direction of where to look next?
Update
Thanks to #warmoverflow, I looked at the diagnostics and the app logs, and it appears everything is configured correctly, and the updated Microsoft installation guide.
If I log in to <IP Address>:<Port>/deployr/landing as administrator, then go to Administration Console > The Grid, I can edit the External directory configuration Storage Context, which by default is /deployr/external/data, as expected from the installation guide.
However, the problem persists.
Temporary Fix
As a temporary fix, I use a full file path to reference any other scripts or data files I need to use, and this works, as follows:
> if(!exists('fraudModel')){load('C:\\Program Files\\Microsoft\\DeployR-8.0.5\\deployr\\external\\repository\\testuser\\example-fraud-score\\fraudModel.rData')}
Note that I have not edited the above file path from installation.

Unable to update my App programmatically in Win8 - mfc

I am trying to update my App from the sysMenu.
And by doing click on Update App.. in the SysMenu, Updates automatically started.
Its working fine with XP and Win 7,
But when I trying to do the same thing in Win 8 then Its not working.
It gives alert message that "You do not have sufficient rights to run this App".
even if I am logged with Administrator user.
Hint: If I manually run that Updates.exe with run as Administrator then its also working.
I have attached the screen shot. I don't know why this happen with Win 8 only.
Edit
I have also refer these articles.
https://learn.microsoft.com/en-us/previous-versions/bb756929(v=msdn.10)
http://www.developerfusion.com/code/7987/making-a-net-app-run-on-vista-with-administrator-priviledges/
I am definitely sure that there is something wrong with your manifest file. Please embed the manifest with
<requestedExecutionLevel level="requireAdministrator" uiAccess="false">
with your Updates.exe.
Though even you have tried it, please try it one more time.
The error dialog seen in snapshot is look like its from your app. So there may be some check in your app, which is showing this dialog.
You didn't mention if this is your app or not. I assume it's your app, which you have build using the given manifest setting.
You can use Process Explorer to check if it is running with Elevated user permissions or not (check when this dialog comes up). It may be some build issue, you are setting this UAC setting for different project/build, and attempting to run different executable.
Other thing might be with specific user rights in Local Security Policy (I don't know which policy may allow/prevent updates). Or may be with the thread security rights, which is attempting to launch updates.

What is this vague error with 'redirection.config' while building a Web Deploy package?

I'm trying to build a Web Deploy package via msbuild on a new machine and it's not working. It builds fine on other machines, but here I get the following vague error:
...\Microsoft.Web.Publishing.targets(2767,5): error : Filename: redirection.config
...\Microsoft.Web.Publishing.targets(2767,5): error : Error: Cannot read configuration file
...\Microsoft.Web.Publishing.targets(2767,5): error :
...\Microsoft.Web.Publishing.targets(2767,5): error : Unknown error (0x80005000)
I'm not sure what 'redirection.config' is, and the line reference to the .targets file doesn't help at all.
How can I fix this?
redirection.config is a file that lives in the IIS configuration directory, typically %SystemRoot%\System32\inetsrv\config. Here are two possibilities:
The account building your project doesn't have access to the IIS config dir. This might happen if you have an automated build identity with special permissions, or you if you need to start Visual Studio as an administrator.
You don't have IIS installed at all on the new machine. Check to be sure the IIS config directory, and redirection.config in particular, even exist. If not, you'll need to install IIS.
If you receive this error when deploying with Release Managment (via IISConfig.exe) be sure that the deployment agent service account is in the local Administrators group. You may need to restart the deployment agent service.
Similar Issue resolved below - Might help
Insufficient Permissions Problems with MSDeploy and TFS Build 2010
For me, simply running visual studio as admin gave it the elevated permissions it needed to operate against this folder.
May work for others.
I got this error when I tried to use a relative path for the contentPath setting. I fixed it by settings the contentPath to the full path of the folder. Without the full path, the contentPath provider thinks it is a site path or application path and looks for it in in the IIS configuration.
This error just appeared to me when my C# project was referencing the Microsoft.Web.Administration, Version=7.9.0.0 assembly. It looks like this assembly only works with IIS Express. For IIS, we must use Microsoft.Web.Administration, Version=7.0.0.0.
After hours of testing and troubleshooting this problem turned out to be an issue with the users profile.
This was found by logging in as myself and I didn't receive the same issue.
To fix this issue:
Log into the machine as an administrator and delete the contents of the corrupt profile from C:\Users (or rename the folder to username.OLD)
Open up the registry and navigate here – HKLM\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\ProfileList
Find the corrupt profile and rename this to .OLD or remove it.
You can read more about it at this article.
As this is high in search engines when looking for this error, I'll post my solution.
I used Azure Pipelines to release the app to IIS and had this error. My issue was that I mistakenly used Build Agent job instead of Deployment Group job when configuring the release pipeline.
On server 2012 this error can be caused by UAC which needs to be disabled via the registry.
This article explains why...
https://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
change DWORD "EnableLUA" from 1 to 0

Does process have permission to view files on azure?

I have recently deployed a fubu mvc application to windows azure. Everything works except when the pipeline tries to find the view to render. This all works correctly on my local machine.
So I am wondering: does the process on the Azure box have rights to read/scan files on disk?
Any suggestions to fix it are welcome though.
EDIT:
As part of the deployment there is a stage that azure goes through called "Preparing files for eployment". I checked on the log and my view was not in there
So I changed copy to output as true and it worked
It depends a bit on where you are trying to read and how you have configured your roles. By default, the code will run as a very low privilege user that only has R/W to the code directory (and any LocalResource(s) defined by the user). However, you can run your code as SYSTEM, in which case you can R/W anywhere (you might still have to take ownership, but you are all powerful as SYSTEM).
If your views are defined as part of your package and uploaded, the code should have permission to view it. I am curious as why you think this is a permission issue right now. Do you see an error that indicates that, or are you guessing it? If I had to guess, my first thought would be your views didn't get packaged correctly and are not on the VM. You can confirm they are there either by RDP or by cracking open the package and snooping around.

Resources