Blog

How to fix “Error: This access control list is not in canonical form and therefore cannot be modified. Error count: 1”

02 Nov, 2016
Xebia Background Header Wave

In my previous post about Deploying ASP.NET 4.5 to Docker on Windows I forgot to mention that you might run into an issue when running webdeploy.

Julian Perrott, commented on my post and asked if this is an issue. I think it is an issue and that the install does not complete correctly. But there is an easy fix for this as well. What you can do is add a small PowerShell script to your Docker image and run that after the first attempt to deploy the website. Then the next step is to run the script to fix the ACL’s and then again run web deploy. I have not yet tried this on the latest Windows server 2016 bits, but on the Technical preview 5 this worked like a charm.

You need the following script to fix the ACL’s:

$path = "C:inetpubwwwrootMvcMusicStore_deploy"
$acl = Get-Acl $path
Set-Acl $path $acl

This script doe nothing more then getting the ACL on the path and then re-apply it. this will make windows fix the ACL and make them in canonical form again.

You can add this to your dockerfile and make it part of your standard install of a website in your release pipeline.

FROM windowsserveriisaspnetwebdeploy
RUN mkdir c:webapplication
WORKDIR /webapplication
ADD fixAcls.ps1 /MvcMusicStore/fixAcls.ps1
ADD dockerdeploydemo.zip  /webapplication/dockerdeploydemo.zip
ADD dockerdeploydemo.deploy.cmd /webapplication/dockerdeploydemo.deploy.cmd
ADD dockerdeploydemo.SetParameters.xml /webapplication/dockerdeploydemo.SetParameters.xml
RUN dockerdeploydemo.deploy.cmd, /Y
RUN powershell.exe -executionpolicy bypass .fixAcls.ps1
RUN dockerdeploydemo.deploy.cmd, /Y

So this does nothing more then adding the little PowerShell script to the container and then using that in the step after deploying your website

Hope this helps!

Marcel de Vries
Marcel is a key figure in the technology sector, serving as the co-founder and Global MD & CTO of Xebia Microsoft Services. He is deeply involved in advancing organizational capabilities to deploy software swiftly and securely, emphasizing the importance of innovation and productivity while maintaining compliance. Marcel is passionate about technology and continuous learning, often sharing his insights at leading industry events and through online courses on Pluralsight. Recognized for his contributions, Marcel has been honored with the Microsoft MVP award for over 17 consecutive years and is a Microsoft Regional Director since 2008. His expertise spans across Cloud Adoption Strategies, DevOps, and various cloud computing frameworks, making him a respected voice in the tech community.
Questions?

Get in touch with us to learn more about the subject and related solutions

Explore related posts