How to fix “Error: This access control list is not in canonical form and therefore cannot be modified. Error count: 1”
This post was originally published on Marcel de Vries' blog at How to fix “Error: This access control list is not in canonical form and therefore cannot be modified. Error count: 1”.
In my previous post about Deploying ASP.NET 4.5 to Docker on Windows I forgot to mention that you might run into an issue when running webdeploy.
Julian Perrott, commented on my post and asked if this is an issue. I think it is an issue and that the install does not complete correctly. But there is an easy fix for this as well. What you can do is add a small PowerShell script to your Docker image and run that after the first attempt to deploy the website. Then the next step is to run the script to fix the ACL’s and then again run web deploy. I have not yet tried this on the latest Windows server 2016 bits, but on the Technical preview 5 this worked like a charm.
You need the following script to fix the ACL’s:
$path = "C:inetpubwwwrootMvcMusicStore_deploy" $acl = Get-Acl $path Set-Acl $path $acl
This script doe nothing more then getting the ACL on the path and then re-apply it. this will make windows fix the ACL and make them in canonical form again.
You can add this to your dockerfile and make it part of your standard install of a website in your release pipeline.
FROM windowsserveriisaspnetwebdeploy RUN mkdir c:webapplication WORKDIR /webapplication ADD fixAcls.ps1 /MvcMusicStore/fixAcls.ps1 ADD dockerdeploydemo.zip /webapplication/dockerdeploydemo.zip ADD dockerdeploydemo.deploy.cmd /webapplication/dockerdeploydemo.deploy.cmd ADD dockerdeploydemo.SetParameters.xml /webapplication/dockerdeploydemo.SetParameters.xml RUN dockerdeploydemo.deploy.cmd, /Y RUN powershell.exe -executionpolicy bypass .fixAcls.ps1 RUN dockerdeploydemo.deploy.cmd, /Y
So this does nothing more then adding the little PowerShell script to the container and then using that in the step after deploying your website
Hope this helps!