Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Windows runner loses identity after self-update

See original GitHub issue

Describe the bug

If the runner starts using impersonation (e.g. a scheduled task run under a logged out user) and the runner self-updates, the resulting process does not keep the full user profile loaded. Workflows using certain Windows cryptographic APIs will fail until the runner process is restarted.

To Reproduce

  1. Create a local user account (e.g. runneruser)
  2. Make sure that user is not logged in (so that their profile is not already loaded)
  3. Install a version of the Actions Runner that is at least one version older than the latest
  4. Configure the runner with using the config.cmd file
  5. Launch the runner with impersonation (for example using a Scheduled Task, passing in the user’s credentials)
  6. Run a workflow, which will cause the runner to self-update before execution
  7. Any workflows run after this point will fail if they need access to certain Windows cryptographic APIs
  8. Stop the currently executing runner process and launch it again using a scheduled task
  9. Run the same workflow again. Note that the workflow now runs fine.

Expected behavior

Workflows should not fail or exhibit different behavior after the runner updates

Runner Version and Platform

Windows runner 2.277.1 (updating to 2.278.0)

What’s not working?

The update completes successfully, but workflows using certain Windows cryptographic APIs will fail when run by the new runner process. For example, this line of PowerShell:

New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("key.pfx", "")

Will fail with:

Exception calling ".ctor" with "2" argument(s): "The specified network password is not correct."

This example workflow is a good demonstration of the issue.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:12 (6 by maintainers)

github_iconTop GitHub Comments

fhammerlcommented, Jul 22, 2021

Hi @MatisseHack, thank you for your patience on this one. I was hoping to get a response from the .NET team first, rather than a fix, but they’ve got their hands full just triaging issues. I merged your PR into the feature branch for now.

TingluoHuangcommented, Jun 5, 2021

🎉 we found a Windows bug.😂

Read more comments on GitHub >

github_iconTop Results From Across the Web

WSUS Messages and Troubleshooting Tips
This article contains information about the following WSUS messages: Computer hasn't reported status. Message ID 6703 - WSUS Synchronization ...
Read more >
Windows 10 broken updates almost made me lose my job...
Seriously, I have tried and tried again and again but I simply cannot stop windows 10 updates from going through, It would have...
Read more >
ADSelfService Plus product startup issues
If ADSelfService Plus is not accessible after rebooting the server, it could be because the product is running as an application and not...
Read more >
Newly-built replica WSUS server's clients can't find updates ...
I had a similar issue not to long ago when migrating to WSUS 3.0 SP2 on Windows Server 2008 R2. After quite a...
Read more >
Windows 7 SP1 not being offered on Windows Update
I installed it and after rebooting and searching for updates again SP1 was offered as it should. OP Update: This turns out to...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found