When I first tried this, I got an 0x80070002 error (that’s the COM error for Win32’s file not found) when the azure deployment mechanism tries to execute the script.
If I Remote Desktop into the instance and run the script where it is, it works fine, so I’d guess it’s a current directory issue. (I have all my startup scripts and associated files in a subfolder – I guess that Azure sets the current directory for startup tasks to be the app root bin folder itself, and not the folder containing the task script.)
I found that using %~dp0LeastPrivilegeCA.cer as the path fixes it. (In a .cmd file, %~dp0 expands to the full path of the folder containing the script, including a trailing “\”.) That way, the script does not depend at all on the current directory. I also qualify the command as %windir%\system32\certutil.exe – not sure if that’s necessary, but it’s what I tried, and it worked.
When I first tried this, I got an 0x80070002 error during Azure deployment. (That’s COM’s version of the Win32 error for file not found.)
I suspect this is a current directory issue. I put my startup scripts in a subfolder of my role. If you’re finding that your example works, I’m guessing that perhaps you’ve got your certificate file in the root of your role?
I modified the argument to %~dp0LeastPrivilegeCA.cer – in a .cmd file, %~dp0 expands to the full path of the folder containing the script including a trailing “\”. This means the script no longer cares what the current directory is. (I also qualify certutil as %windir%\system32\certutil.exe – not sure if that matters, but it’s what I use, and it worked.)
When I first tried this, I got an 0x80070002 error (that’s the COM error for Win32’s file not found) when the azure deployment mechanism tries to execute the script.
If I Remote Desktop into the instance and run the script where it is, it works fine, so I’d guess it’s a current directory issue. (I have all my startup scripts and associated files in a subfolder – I guess that Azure sets the current directory for startup tasks to be the app root bin folder itself, and not the folder containing the task script.)
I found that using %~dp0LeastPrivilegeCA.cer as the path fixes it. (In a .cmd file, %~dp0 expands to the full path of the folder containing the script, including a trailing “\”.) That way, the script does not depend at all on the current directory. I also qualify the command as %windir%\system32\certutil.exe – not sure if that’s necessary, but it’s what I tried, and it worked.
When I first tried this, I got an 0x80070002 error during Azure deployment. (That’s COM’s version of the Win32 error for file not found.)
I suspect this is a current directory issue. I put my startup scripts in a subfolder of my role. If you’re finding that your example works, I’m guessing that perhaps you’ve got your certificate file in the root of your role?
I modified the argument to %~dp0LeastPrivilegeCA.cer – in a .cmd file, %~dp0 expands to the full path of the folder containing the script including a trailing “\”. This means the script no longer cares what the current directory is. (I also qualify certutil as %windir%\system32\certutil.exe – not sure if that matters, but it’s what I use, and it worked.)