CreateDirectory Failed -2147467259 Publishing Error

CreateDirectory Failed -2147467259 Publishing Error

Symptoms:

'CreateDirectory Failed' -2147467259 Publishing Error received during publishing package from Software Vulnerability Manager could have multiple root causes as described in article https://community.flexera.com/t5/Software-Vulnerability-Manager/CreateDirectory-Failed-2147467259-Pu...

Additionally to above article issue with "CreateDirectory Failed" could be caused by missing or corrupt certificate pair keys for computer or users located in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys or permission issues for user configured in IIS Application Pools - "WsusPool"

Required machine keys in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

-IISConfigurationKey - 6de9cb26d2b98c01ec4e9e8b34824aa2      
-NetFrameworkConfigurationKey - d6d986f09a1ee04e24c949879fdb506c      
-IISWASKey - 76944fb33636aeddb9590521c2e8815a        

Publishing package from Software Vulnerability Manager will use WSUS Administration website available in Internet Information Services (IIS) on your WSUS server. Part of this website is "Content" which needs to have correct permission configured for successful package publishing. 

Diagnosis:

To investigate if error 'CreateDirectory Failed' -2147467259 Publishing Error is caused by content location permission it is required to test settings for "Content" page on WSUS Administration website. 

1. Open Internet Information Services Manager

2. Expand your server name - Sites and then highlight "Content"

3. In top right corner click on "Basic Settings". New window "Edit Virtual Directory" will be shown

4. Click on Test Settings

 

 IIS error.jpg

5. Make sure that Authorization test is successful. If failed then investigate cause of failure. WSUSPoll user in Application Pools needs to have access to your physical content folder or Machine Keys in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys are missing, corrupt or have permission issues. 

Solution:

To resolve issue please make sure that below permission are set for physical WSUS content folder and for shared folders:

Physical Content folder
SETTING PERMISSION
NT AUTHORITY\SYSTEM Full Control
NT AUTHORITY\NETWORK SERVICE

Write

Read

Synchronize

Builtin\administrators Full Control
Hostname\Wsus Administrators FullControl
 
Share permission for WSUSContent and UpdateServicesPackages are set as below

SETTING PERMISSION
Builtin\Administrators Full
Everyone Read
NT Authority\Network Service Full
Hostname\WSUS Administrators Full

 

If issue is caused by missing/corrupt Machine Keys then restore your previous keys on this machine from a backup, Export/Import Keys from another server in the farm, or reinstall IIS to create new keys.

Was this article helpful? Yes No
No ratings
Version history
Revision #:
1 of 1
Last update:
‎Sep 03, 2020 06:40 AM
Updated by:
 
Contributors