As I have blogged about previously, our source code is our lifeblood. We continue to rely on the exceptionally stable VisualSVN Server by VisualSVN. While the server itself has always been reliable, installation and upgrades have proven to be rather challenging. This has nothing to do with VisualSVN’s implementation, but rather the complexity of our internal network. In the spirit of saving others time, I am going to review our latest installation experience.
But first, a little about our network….
Our VisualSVN Server is located on an externally facing edge server which allows access to our SVN server from both sides of the corporate firewall. The repositories themselves are stored on a NAS file server which is located internal to our network and provides a high level of security and recoverability. From a security standpoint, the repository’s file share is locked down to a dedicated SVN active directory account as well as the customary administrative accounts.
Now on with the story: Upgrading to VisualSVN Server 2.1.1
Our first attempt to install using the default upgrade settings failed with the following error:
Custom action ConfigureSecurityExecute failed: Cannot retrieve security information for ‘\Our NAS storage path’: Access is denied. (0x80070005)
The installer promptly rolled back. At least we know the installer works smoothly! After a little bit of digging, it appears the installer is attempting to modify the security settings on the repository files. This failed because we have explicitly disallowed modifications unless you are the SVN domain account or an administrator… the installer was neither!
FIX#1
Ignore the network share during installation. This is accomplished by changing the Repositories: path in the custom setup wizard to a local path such as C:TempSVN. See the image below for the field that needs to be changed.
That corrected the installer error issue and we are now upgraded to 2.1.1. But, we are not done just yet. There are a couple of more steps we have to complete before the developers can access the updated server.
Network Configuration Steps
We have to perform two additional steps:
- Reconfigure the service to logon as the active directory domain account
This is required to allow the service to access the file share on the NAS - Reconfigure SVN from our temporary local path from FIX#1 to the actual network path on the NAS
For step #1 above: Open services from administrative tools, right click to show properties for VisualSVN Server, and change the LogOn information to your SVN specific domain account credentials.
Step #2 requires you to launch the VisualSVN Server Manager and display the server properties. On the General tab, set your Repositories Root to your file share path and uncheck the Automatically adjust permissions check box. See the image below for the fields that need to be changed.
We restarted the VisualSVN Server and immediately received an error:
Cannot start VisualSVN Server. Service returned specific error 0x1
Helpful (NOT!). Reviewing the VisualSVN Server error log revealed two separate errors
Syntax error in httpd.conf line 103
-AND-
Unable to open C:Program Files (x86)VisualSVN Servercertsserver.pem. The file does not exist or is empty.
Line 103 of the httpd.conf file was nothing more than the path to the certificate file certs/server.pem. A quick check of the file proved it not only existed, but it had a valid certificate. Wanna bet we have a security error?
FIX#2
Set the security on the certificates directory to include the active domain account the service logs on as. Basically, the account we used in the Network Configuration sets for the VisualSVN Server needs to have modify rights on C:Program Files (x86)VisualSVN Servercerts
We restarted the SVN server and all was well in the world once again.
(I’m hungry, lunch time!)