I'm integrating MSDeploy into my build process, and having problems authenticating. The following command works fine:
msdeploy -verb:sync -source:appHostConfig="KitchenPC",computerName=192.168.0.3,userName=Administrator,password=secret -dest:package=c:\DeployTest\KPC.zip
However, this does NOT work:
msdeploy -verb:sync -source:appHostConfig="KitchenPC",computerName=192.168.0.3,userName=kpcpublish,password=secret -dest:package=c:\DeployTest\KPC.zip
And yields the error:
Error Code: ERROR_USER_NOT_ADMIN
More Information: Connected to '192.168.0.11' using the Web Deployment Agent Service, but could not authorize. Make sure you are an administ
rator on '192.168.0.11'. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_NOT_ADMIN.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.
I've followed the instructions in the link above, and any other docs I could find, which pretty much all say the same thing:
I created an account called kpcpublish
I added this account to a group called MSDepSvcUsers - Heck, I even added the account to Administrators
I right clicked on the site and selected Deploy->Configure Web Deploy Publishing and added kpcpublish to the list. It says the following:
.
Publish enabled for 'SERVER\kpcpublish' Granted 'SERVER\kpcpublish'
full control on 'C:\Website' Successfully created settings file
'C:\Users\Administrator\Desktop\SERVER_kpcpublish_KitchenPC.PublishSettings'
There must be some step I'm missing, but I just can't figure out what could be.
UPDATE:
Using the full HTTP path for the computerName property, I get the error:
Error Code: ERROR_DESTINATION_NOT_REACHABLE More Information: Could
not connect to the remote computer ("192.168.0.3"). On the remote
computer, make sure that Web Deploy is installed and that the required
process ("Web Management Service") is started. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DES
TINATION_NOT_REACHABLE. Error: Unable to connect to the remote server
Error: A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection fa
iled because connected host has failed to respond 192.168.0.3:8192
Error count: 1.
I've checked and the Web Management Service is indeed running.
Another Update:
I've completely paved the system and set it up again from scratch. I've done nothing out of the ordinary, just installed the IIS role and made sure to check "Management Service" under Management Tools, which is required for WMSVC to run. I then installed Web PI, and installed "Recommended Configuration for Hosting Providers", which will install Web Deploy 3.0. However, I did notice there was an error while installing this (I believe I got this error the last time as well). It looks like:
I've also attached the log files here.
I then tried to install Web Deploy 3.0 manually, however it says it's already installed. Next, I downloaded the MSI directly from http://www.iis.net/download/webdeploy and ran it in "Repair" mode. That seems to have worked. I also noticed that the WMSVC service is up and running. So this looks good.
Still, MSDeploy will not connect. I thought it might be some sort of firewall issue, so I ran it locally. I've tried using both HTTPS and HTTP to connect. HTTPS gives me an error, HTTP just times out after 2-3 minutes.
HTTPS:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=https://STAGING:8172/msdeploy.axd,userName=Administrator,password=Khorf123 -dest:package=c:\DeleteMe.zip
Info: Using ID 'f3a54096-adc4-4f54-9e4f-ad8fde12edb6' for connections to the remote server.
Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED
More Information: Connected to the remote computer ("staging") using the specified process ("Web Management Service"), but could not verify the server's certifi
cate. If you trust the server, connect again and allow untrusted certificates.
Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.
Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Error: The remote certificate is invalid according to the validation procedure.
Error count: 1.
HTTP:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=http://STAGING:8172/msdeploy.axd,userName=Administrator,password=Khorf123 -dest:package=c:\DeleteMe.zip
Info: Using ID 'ebee66f0-08e5-4d9d-98ea-0c2e59784895' for connections to the remote server.
Error: Could not complete the request to remote agent URL 'http://staging:8172/msdeploy.axd'.
Error: The operation has timed out
Error count: 1.
(Updated 2016-03-07 - NOTE: non-Administrator deployments also require ?site=IIS_SITE_NAME after msdeploy.axd, otherwise the connection is treated as global and requires Administrator access)
Not sure how missed this originally, but your problem is the computerName parameter. Non-administrator deployments are only supported when using WMSVC, for which you need to specify the full URL.
Try the following
msdeploy -verb:sync ^
-source:appHostConfig="KitchenPC",computerName=https://192.168.0.3:8172/MsDeploy.axd,userName=kpcpublish,password=secret,authType=Basic ^
-dest:package=c:\DeployTest\KPC.zip
From the docs:
The computer name will be translated to the default Web Deploy URL. For example, computerName=Server1 will become http://Server1/MsDeployAgentService. If the remote service is running with a custom port or URL, you must specify the full URL
And from the install instructions:
The MSI will not install the Web Management Service handler component if the Web Management Service is not installed; the handler component is necessary for non-administrator deployments
(I couldn't find a more explicit canonical source that describes WMSVC as a requirement for non-admin deployments)
Figured It Out!
So, it seems that (at least by default), WMSVC only listens on HTTPS, and HTTP will just time out. However, since my certificate was self-signed, I had to use the -allowUntrusted command line option.
That was almost enough. I also had to specify authType=Basic like Richard originally suggested. So, to put it all together, this is the MSDeploy command line that will actually work:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=https://192.168.0.3:8172/msdeploy.axd,authType=Basic,userName=Publish,password=secret -dest:package=c:\DeployTest\KPC.zip -allowUntrusted
After configuring Web Deploy my server as follows. I continued to get HTTP 404 connection failures. In may what worked for me was the following additional efforts...
Uninstall all previous version of Web Deploy that existed. I was not even aware they existed; however, previous versions appear to conflict with completing a connection to the latest Web Deploy service. Newer version don't uninstall their predecessors. In the last part, I was getting HTTP 401.7 - File Extension Denied.
For good measure, performed a repair of the current version of Web Deploy, currently Microsoft Web Deploy 3.6
For good measure, recreate and import my Visual Studio 2013 deployment profile...
recreate the publish settings file using the Configure Web Deploy Publishing dialogue available from the Deploy context menu option of the target website in IIS Manager's Connections panel. (Note, the publish settings file will be recreated when you press Setup as the file whose full path is specified in the dialogue entry, Specify a location to save the publish settings file)
Copy or otherwise make the publish settings file available to Visual Studio and selecting Publish from your project's context menu, create a Visual Studio publish profile by importing the publish settings file.
Try restarting the wmsvc service on the target machine
As alluded to above, make sure that you are connecting over HTTPS. If you are attempting to connect as Admin, but not using SSL, you get the following error:
Error Code: ERROR_USER_NOT_ADMIN
More Information: Connected to 'host' using the Web Deployment Agent Service, but could not authorize. Make sure you are an administrator on 'host'.
(Where 'host' is your server name)
For me the problem was that my password expired... I've noticed it when loging out and then tried to login back trhough remote desktop.
Related
I'm running the latest version of Visual Studio 2019 on a Windows 2019 Datacenter in Azure. I have two IIS web sites, development and production, in C#, which are currently identical on that server and both reside on the d: drive in different folders under inetpub. Both use the same wildcard certificate and force https.
I have been able to debug both in the past but for some reason I cannot debug dev now. Trying to start in debug mode, it says "Unable to start debugging on the web server. The remote server returned an error: (403) Forbidden". I'm not aware that I've changed anything on the server/IIS.
I can debug the production web, same server, same source code, same VS. I just change Properties -> Web -> Project Url from dev.domain.com to prod.domain.com.
So, I created a third web site, pointed it to the same physical location as dev and it gives me the same error as the original dev site. I would think this would mean there is something in that path or configuration somewhere that's off. I don't know where to look to check.
Often, this error occurs because an error or configuration change has occurred that requires an update to your Application Pools, an IIS reset, or both. You can reset IIS by opening an elevated command prompt and typing iisreset.
More infor about how to troubleshoot this error you can refer to this link: Error: Unable to Start Debugging on the Web Server.
In Visual Studio 2012 RC when I try to validate a Web Deploy connection I get this error message:
ERROR_DESTINATION_NOT_REACHABLE
The required Web Management Service is started on the server and Web Deploy 3.0 RC is installed.
Then using Remote Desktop Connection I log on the server and go check IIS logs located at C:\inetpub\logs\LogFiles\W3SVC1. There I can see my attempts to validate the connection because they contain my IP address:
2012-07-13 20:58:49 185.201.117.17 HEAD /msdeploy.axd site=Default%20Web%20Site 8172 - 189.10.32.194 - 404 0 2 78
It's giving me a 404.
After trying to get this working for almost 6 hours now (reading a lot of material including this great Troubleshooting guide by IIS team titled Troubleshooting Web Deploy problems with Visual Studio and this related question Visual Studio 2010 Web deployment task failed) I decided to ask for help here and see if anyone has a clue about what can be the problem... Do you know what's causing this 404 error?
If you need any more info, just ask me and I'll provide it... :)
Edit 1
Yesterday I also tried the following msdeploy command on my local machine to list the the contents of a folder called test on the server [ and it worked as expected ]:
C:\Program Files\IIS\Microsoft Web Deploy V3>msdeploy -verb:dump -source:content
path=c:\test,computerName=xxxxxxxxxx.publiccloud.com.br,username=User,password=Password
Info: Using ID 'a246a13c-7777-4226-964c-fe9934c60b77' for connections to the rem
ote server.
MSDeploy.contentPath
c:\test
c:\test
c:\test\test.txt
Edit 2
After a lot of install/reinstall operations I finally got to a point where Windows Server 2008 is returning a 503 HTTP error when I try to publish the web site using VS 2012 RC or even msdeploy in the command line.
Looks like the best thing to do now is to do a clean install of Windows Server 2008 since I got a messed up VM server image to work with. Hope it'll do the trick.
Just for the record, this is the msdeploy command VS 2012 tries to execute. I did a copy/paste and tried it with msdeploy in the command line:
C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe -source:manifest='E:\SISPEC\SISPEC\obj\Release\Package\SISPEC.SourceManifest.xml' -dest:auto,ComputerName="https://xxxxxxxxxx.publiccloud.com.br:8172/msdeploy.axd?site=Default%20Web%20Site",UserName='UserName',Password='Password',IncludeAcls='False',AuthType='Basic' -verb:sync -enableRule:DoNotDeleteRule -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"E:\SISPEC\SISPEC\obj\Release\Package\SISPEC.Publish.Parameters.xml" -retryAttempts=2
just to get the same 503 Server Unavailable message.
Edit 3
This question was cross-posted at the IIS Web Deployment Tool (MS Deploy) forum here.
Fyi - I too was getting the 404 errors. It turned out that I had to download the full package and install everything.
http://www.iis.net/downloads/microsoft/web-deploy#additionalDownloads
I had this same error (ERROR_DESTINATION_NOT_REACHABLE). I was able to fix the issue by opening port 8172.
I then ran into the error: ERR_COULD_NOT_CONNECT_TO_REMOVESVC which I was able to resolve by installing every component of Web Deploy 3.0. It was trying to hit /MSDEPLOYAGENTSERVICE which by default isn't installed by the Web Deploy 3.0 installer.
I had to manually add the Deployment Handler. In IIS Manager, with the server selected, choose "IIS|Handler Mappings|Add Managed Handler...".
Request path: msdeploy.axd
Type: Microsoft.Web.Deployment.DeploymentAgentHandler,..., Version=9...
Name: Web Deploy Whatever
In my case, the default certificate issued for WMSVC was not issued for the machine-name. My Solution was to:
Issue a certificate for the machine name from my domain CA. This could be self-signed if you're willing to trust the certificate.
Install that certificate under the Personal certificate store
stop the web management service
change the certificate to my properly issued certificate
restart the service.
Did you check your handlers? You can test this by creating an HTML page on the same folder and trying to access that HTML. If you can, then go check that your site has the necessary handlers. Also, make sure your DNS record are pointing to the correct IP address.
First I tried just Repair install of Web Deploy 3.0 and not worked. Removing and installing solved my issue.
In my case I had both Web Deploy 2.0 and 3.0 on server machine.
Removing both and installing just 3.0 solved my issue.
Ensure Web Management Service is started.
I deleted SSL certificate and the service stopped working.
If all previous indications fail, and if you are using an Azure virtual machine, where the endpoint for 8172 is open, I have solved it deleting the endpoint and opening it again. I believe the first time I have selected using Floating IP Enabled, and that did not work. Just create the endpoint again, select disable floating ip and done!
I moved my site off of a 2k3 server over to a 2k8 server. The site has a virtual directory pointed to a network share which has different credentials than the one used by the site. I set the virtual directory to use the correct credentials and it can browse the share fine through explorer, but when I try to load files (images, etc) through a browser I get the following asp.net error:
Server Error in '/' Application.
Configuration Error Description: An error occurred during the
processing of a configuration file required to service this request.
Please review the specific error details below and modify your
configuration file appropriately.
Parser Error Message: An error occurred loading a configuration file:
Failed to start monitoring changes to '\\networkshare'.
Source Error:
[No relevant source lines]
Source File: \\networkshare\web.config Line: 0
Version Information: Microsoft .NET Framework Version:2.0.50727.5456;
ASP.NET Version:2.0.50727.5456
The network share does not have a web.config.
I tried the solution provided here, but that did not solve the issue and this site isn't using impersonation. Do I need to enable impersonation? This was working correctly on win2k3.
OK, so based on our comments it sounds like this is either a share permissions problem or an NTFS permissions problem (same resolution, different dialog).
In IIS6 you typically had the worker process running as NETWORK SERVICE and that's what you would give permissions to to access shares and files on the network.
In IIS7.5 the application pools now run under an AppPool identity, one specific to the application pool that the website is running under. This link should be helpful: http://learn.iis.net/page.aspx/624/application-pool-identities/
As a quick fix (although I recommend reading up on it) though, you can go into the application pool, go to advanced properties, and set the identity back to NETWORK SERVICE.
I have set up a Continuous Integration build with TeamCity and MSBuild. I am using the MSBuild Extension Pack, primarily for its IIS7AppPool Task. My goal is to stop an IIS app pool before the build script does a deployment step and start the app pool afterwards. The IIS app pool is on a different server from the build agent.
I have used the following MS Build code to stop IIS:
<MSBuild.ExtensionPack.Web.Iis7AppPool TaskAction="Stop" MachineName="$(DeploymentServerName)" Name="$(WebAppPoolName)" Username="$(DeploymentServerUsername)" UserPassword="$(DeploymentServerUserPassword)" />
I have set up a local admin user account on the web server, and used its username and password above as $(DeploymentServerUsername) and $(DeploymentServerPassword).
The error I am receiving is:
[MSBuild.ExtensionPack.Web.Iis7AppPool]
E:\TeamCity\BuildAgent\work\1a1dc058c29f0f12\BuildAndDeployment\Build_DevCI.proj(153,
5): UnauthorizedAccessException: Retrieving the COM class factory for
remote component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344}
from machine DEPLOYMENTSERVERMACHINENAME failed due to the following
error: 80070005 DEPLOYMENTSERVERMACHINENAME.
I have asked our network guys to take down any firewalls between the two machines, but I still get the same error.
Can anyone see anything wrong with my syntax or offer any advice on how to get this to work?
I can get the task to stop an IIS app pool on my local machine ok, so my syntax should be right.
I have looked at this post, but I don't think it's the same problem:
MSBuild remoting to server throws COMException error
I am new to Azure Accelerator for web roles I have performed each step on the guidance from the net but I am getting an error when I try to deploy my website.Everything is rechecked by me WMSvc is running and is set to auto and username and password is correct but I dont understand where is the problem.
Error 1 Web deployment task failed.(Remote agent (URL http://2f96c9ab6cda4281bcf25a899d66955d.cloudapp.net/MSDEPLOYAGENTSERVICE) could not be contacted. Make sure the remote agent service is installed and started on the target computer.) Make sure the site name, user name, and password are correct. If the issue is not resolved, please contact your local or server administrator. Error details: Remote agent (URL http://2f96c9ab6cda4281bcf25a899d66955d.cloudapp.net/MSDEPLOYAGENTSERVICE) could not be contacted. Make sure the remote agent service is installed and started on the target computer. An unsupported response was received. The response header 'MSDeploy.Response' was '' but 'v1' was expected. The remote server returned an error: (401) Unauthorized. 0 0 QuickMVCdep
Please help me to find the solution so that I can deliver my project to Client.
I have run into the same issue.
It appears that the Publish action from the VS Azure tools will set up the MSDeploy correctly as part of the deployment process, but creating a package from VS and then upgrading the server using the Azure portal will not. Which is a bummer since the VS Publish action deletes the deployment and then recreates it, which will reassign your VIP address.
I haven't been able to pinpoint the difference, but one thing I've noticed is that if you do a Publish from VS, MS Web Deploy 2.0 will be installed for you, whereas I don't believe it is when you run an Upgrade. That said, I've never managed to manually install/configure the right bits on an Azure server to enable MSDeploy (I suspect that there is some LB/firewall configuration that happens outside of the host to allow traffic to 8172).
All in all, MSDeploy is useful enough during development that I prefer that pain (which requires me to change my A record in my DNS every time I do a major upgrade) over the alternative (Upgrade using the portal and lose the ability to use MSDeploy).
I would love to learn of a solution where we can have our cake and eat it too (an upgrade package that allows MSDeploy'ing a web role).