MSBuild Extension Pack IIS7 task on remote server error - iis-7

I have set up a Continuous Integration build with TeamCity and MSBuild. I am using the MSBuild Extension Pack, primarily for its IIS7AppPool Task. My goal is to stop an IIS app pool before the build script does a deployment step and start the app pool afterwards. The IIS app pool is on a different server from the build agent.
I have used the following MS Build code to stop IIS:
<MSBuild.ExtensionPack.Web.Iis7AppPool TaskAction="Stop" MachineName="$(DeploymentServerName)" Name="$(WebAppPoolName)" Username="$(DeploymentServerUsername)" UserPassword="$(DeploymentServerUserPassword)" />
I have set up a local admin user account on the web server, and used its username and password above as $(DeploymentServerUsername) and $(DeploymentServerPassword).
The error I am receiving is:
[MSBuild.ExtensionPack.Web.Iis7AppPool]
E:\TeamCity\BuildAgent\work\1a1dc058c29f0f12\BuildAndDeployment\Build_DevCI.proj(153,
5): UnauthorizedAccessException: Retrieving the COM class factory for
remote component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344}
from machine DEPLOYMENTSERVERMACHINENAME failed due to the following
error: 80070005 DEPLOYMENTSERVERMACHINENAME.
I have asked our network guys to take down any firewalls between the two machines, but I still get the same error.
Can anyone see anything wrong with my syntax or offer any advice on how to get this to work?
I can get the task to stop an IIS app pool on my local machine ok, so my syntax should be right.
I have looked at this post, but I don't think it's the same problem:
MSBuild remoting to server throws COMException error

Related

Deploying to our test server from a dev machine doesn't work

We have 2 dev machines (dev1 and dev2) and we are trying to change the way we deploy. Until now we used to deploy to the local biztalk admin console, then create an MSI and instal that to the live server.
Now, we want to directly deploy to a test server (bztest-03) and once testing is done, create an msi on that machine. This works for the dev2 mavhine, but the dev1 machine gives the below error. the machine gives this error even when the same user as on dev2 is logged on and the rights on the database look the same (and on user roles)
What could cause these errors? The analytics_PortTrackingInfo isn't something we made and i find little hits on google about it and biztalk.
Severity Code Description Project File Line Suppression State
Error Deployment cannot initialize the connection to the database
"BizTalkMgmtDb" on server "BZTEST-03\DTA". Verify that you have the
required security permissions and that communication between
Distributed Transaction Coordinator services on the machines involved
is not prevented by current DTC security, firewall or authentication
settings. Invalid object name 'analytics_PortTrackingInfo'. 0
That error notwithstanding, you can't Deploy to a remote machine from Visual Studio. That has always been the case.
If you're looking to improve your Deploy process, the 'correct' way would be to add BTDF to your Solutions.
Deployment Framework for BizTalk

MSDeploy.exe can connect as Administrator, but not any other Windows account

I'm integrating MSDeploy into my build process, and having problems authenticating. The following command works fine:
msdeploy -verb:sync -source:appHostConfig="KitchenPC",computerName=192.168.0.3,userName=Administrator,password=secret -dest:package=c:\DeployTest\KPC.zip
However, this does NOT work:
msdeploy -verb:sync -source:appHostConfig="KitchenPC",computerName=192.168.0.3,userName=kpcpublish,password=secret -dest:package=c:\DeployTest\KPC.zip
And yields the error:
Error Code: ERROR_USER_NOT_ADMIN
More Information: Connected to '192.168.0.11' using the Web Deployment Agent Service, but could not authorize. Make sure you are an administ
rator on '192.168.0.11'. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_NOT_ADMIN.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.
I've followed the instructions in the link above, and any other docs I could find, which pretty much all say the same thing:
I created an account called kpcpublish
I added this account to a group called MSDepSvcUsers - Heck, I even added the account to Administrators
I right clicked on the site and selected Deploy->Configure Web Deploy Publishing and added kpcpublish to the list. It says the following:
.
Publish enabled for 'SERVER\kpcpublish' Granted 'SERVER\kpcpublish'
full control on 'C:\Website' Successfully created settings file
'C:\Users\Administrator\Desktop\SERVER_kpcpublish_KitchenPC.PublishSettings'
There must be some step I'm missing, but I just can't figure out what could be.
UPDATE:
Using the full HTTP path for the computerName property, I get the error:
Error Code: ERROR_DESTINATION_NOT_REACHABLE More Information: Could
not connect to the remote computer ("192.168.0.3"). On the remote
computer, make sure that Web Deploy is installed and that the required
process ("Web Management Service") is started. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DES
TINATION_NOT_REACHABLE. Error: Unable to connect to the remote server
Error: A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection fa
iled because connected host has failed to respond 192.168.0.3:8192
Error count: 1.
I've checked and the Web Management Service is indeed running.
Another Update:
I've completely paved the system and set it up again from scratch. I've done nothing out of the ordinary, just installed the IIS role and made sure to check "Management Service" under Management Tools, which is required for WMSVC to run. I then installed Web PI, and installed "Recommended Configuration for Hosting Providers", which will install Web Deploy 3.0. However, I did notice there was an error while installing this (I believe I got this error the last time as well). It looks like:
I've also attached the log files here.
I then tried to install Web Deploy 3.0 manually, however it says it's already installed. Next, I downloaded the MSI directly from http://www.iis.net/download/webdeploy and ran it in "Repair" mode. That seems to have worked. I also noticed that the WMSVC service is up and running. So this looks good.
Still, MSDeploy will not connect. I thought it might be some sort of firewall issue, so I ran it locally. I've tried using both HTTPS and HTTP to connect. HTTPS gives me an error, HTTP just times out after 2-3 minutes.
HTTPS:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=https://STAGING:8172/msdeploy.axd,userName=Administrator,password=Khorf123 -dest:package=c:\DeleteMe.zip
Info: Using ID 'f3a54096-adc4-4f54-9e4f-ad8fde12edb6' for connections to the remote server.
Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED
More Information: Connected to the remote computer ("staging") using the specified process ("Web Management Service"), but could not verify the server's certifi
cate. If you trust the server, connect again and allow untrusted certificates.
Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.
Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Error: The remote certificate is invalid according to the validation procedure.
Error count: 1.
HTTP:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=http://STAGING:8172/msdeploy.axd,userName=Administrator,password=Khorf123 -dest:package=c:\DeleteMe.zip
Info: Using ID 'ebee66f0-08e5-4d9d-98ea-0c2e59784895' for connections to the remote server.
Error: Could not complete the request to remote agent URL 'http://staging:8172/msdeploy.axd'.
Error: The operation has timed out
Error count: 1.
(Updated 2016-03-07 - NOTE: non-Administrator deployments also require ?site=IIS_SITE_NAME after msdeploy.axd, otherwise the connection is treated as global and requires Administrator access)
Not sure how missed this originally, but your problem is the computerName parameter. Non-administrator deployments are only supported when using WMSVC, for which you need to specify the full URL.
Try the following
msdeploy -verb:sync ^
-source:appHostConfig="KitchenPC",computerName=https://192.168.0.3:8172/MsDeploy.axd,userName=kpcpublish,password=secret,authType=Basic ^
-dest:package=c:\DeployTest\KPC.zip
From the docs:
The computer name will be translated to the default Web Deploy URL. For example, computerName=Server1 will become http://Server1/MsDeployAgentService. If the remote service is running with a custom port or URL, you must specify the full URL
And from the install instructions:
The MSI will not install the Web Management Service handler component if the Web Management Service is not installed; the handler component is necessary for non-administrator deployments
(I couldn't find a more explicit canonical source that describes WMSVC as a requirement for non-admin deployments)
Figured It Out!
So, it seems that (at least by default), WMSVC only listens on HTTPS, and HTTP will just time out. However, since my certificate was self-signed, I had to use the -allowUntrusted command line option.
That was almost enough. I also had to specify authType=Basic like Richard originally suggested. So, to put it all together, this is the MSDeploy command line that will actually work:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=https://192.168.0.3:8172/msdeploy.axd,authType=Basic,userName=Publish,password=secret -dest:package=c:\DeployTest\KPC.zip -allowUntrusted
After configuring Web Deploy my server as follows. I continued to get HTTP 404 connection failures. In may what worked for me was the following additional efforts...
Uninstall all previous version of Web Deploy that existed. I was not even aware they existed; however, previous versions appear to conflict with completing a connection to the latest Web Deploy service. Newer version don't uninstall their predecessors. In the last part, I was getting HTTP 401.7 - File Extension Denied.
For good measure, performed a repair of the current version of Web Deploy, currently Microsoft Web Deploy 3.6
For good measure, recreate and import my Visual Studio 2013 deployment profile...
recreate the publish settings file using the Configure Web Deploy Publishing dialogue available from the Deploy context menu option of the target website in IIS Manager's Connections panel. (Note, the publish settings file will be recreated when you press Setup as the file whose full path is specified in the dialogue entry, Specify a location to save the publish settings file)
Copy or otherwise make the publish settings file available to Visual Studio and selecting Publish from your project's context menu, create a Visual Studio publish profile by importing the publish settings file.
Try restarting the wmsvc service on the target machine
As alluded to above, make sure that you are connecting over HTTPS. If you are attempting to connect as Admin, but not using SSL, you get the following error:
Error Code: ERROR_USER_NOT_ADMIN
More Information: Connected to 'host' using the Web Deployment Agent Service, but could not authorize. Make sure you are an administrator on 'host'.
(Where 'host' is your server name)
For me the problem was that my password expired... I've noticed it when loging out and then tried to login back trhough remote desktop.

An unexpected DCOM error occurred while trying to automatically attach to the remote web server

I've two web sites running on my IIS 7.5. Both on port 80. Since they are both on the same port, I have to stop one to start the other. I am not using the inbuilt cassini server. Debugging works fine when using cassini.
The problem I am facing is that when I try to debug my mvc application (which was created under the second website) I get the error:
Unable to start debugging on the web server. An unexpected DCOM error
occurred while trying to automatically attach to the remote web
server. Try manually attaching to the remote web server using the
'Attach To Process' dialog.
The web application has windows authentication enabled. Any ideas?
Additional details : I'm able to do a "attach to process" and debug it. But cannot debug using F5
Although I was trying to remotely debug a simple *.exe application running on a different machine but I was getting very similar error mentioned by the OP.
Unable to attach to the process. A DCOM error occurred trying to
contact the remote computer. Access is denied.
It may be possible to avoid this error by changing your settings to
debug only native code or only managed code.
I followed this Microsoft documentation and following below step helped resolve my error:
Turn off Native Compatibility Mode and Managed Compatibility Mode.
You can follow below screen shot to achieve the same:
I didn't require to reboot the machine. You can also try that way and if it doesn't work then go ahead the reboot the machine.
Set the Connect as property of the website to Application user.

Visual Studio Web Deployment project breaks ASPNET account permissions

I have built an ASP.NET web application with Visual Studio 2008 and target framework version 2.0. I have created a Web Setup project to deploy this at multiple target OSes.
For the setup project, I have written a custom action which gets executed on "OnCommitting" event. This custom action adds wildcard script mapping for routing all requests through ASP.NET engine.
FileMon suggests that an error occurs while creating a file in the following directory:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
The user account which was attempting this action was IWAM_<host name>.
The problem is after running this setup, if I try to access any url on the newly installed site, I received the error message:
Server Error in '/myapp' Application.
Failed to access IIS metabase.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.Hosting.HostingEnvironmentException: Failed to access IIS metabase.
The process account used to run ASP.NET must have read access to the IIS metabase (e.g. IIS://servername/W3SVC). For information on modifying metabase permissions, please see http://support.microsoft.com/?kbid=267904.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
I have already tried these options after 2 days of googling:
Run aspnet_regiis -i
Run aspnet_regiis -ga \ASPNET
Run aspnet_regiis -u and then aspnet_regiis -i
Option 3 has worked for me as of now, but, I want avoid using this, since, my web app will be deployed on a machine which might already be hosting some other app on IIS and I do not want to disturb these apps.
Can anyone suggest me a workaround for this?
B.T.W. my current system has .Net framework 3.5 and VS2008 installed on Win XP SP3 and IIS 5.1.
Thanks,
Vamyip
Your best bet is a custom bit of script in the installer package that checks permissions and then runs the command based on that information.
On a server OS this shouldn't be necessary since the default user for the application group will be in the IIS_WPG and have permissions to the temp directories. Windows XP has a bugged up version of IIS that is non-standard and doesn't follow all the rules. If your expected deployment environment is Windows Server 2003 or better then your installer should work as-is.

ASP.NET Application Goes to 500.21 ... until IIS Reset + Clear Tempoary ASP.NET Cache

We're seeing an odd pattern in our QA Lab. We have two ASP.NET applications, each deployed on the same Windows 2008 SP2+ box. We have our App Pool running in a Domain Account, and set to never re-cycle. The same 1 App Pool is used by both applications.
After several hours of running fine, new users surfing to a page in our application get the IIS7 Error Page, with a 500.21 error.
If we do nothing but:
1) IISRESET
2) Change folder to c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files and "rd" the 2 applications.
And then surf to our web applications, all is fine.
Then several hours later, however, the 500.21 errors return.
What strikes me as odd is the seeming relationship between clearing the "Temporary ASP.NET Files" folders and the problem going away. I've a practice of clearing the "Temporary ASP.NET Files" folders when installing a new version of our application(s), but not otherwise.
Does this relationship ring familiar to anyone? Is there some new-ish IIS7 feature at work here?
Text of Error:
Server Error in Application "DEFAULT WEB SITE/PAIS"
Internet Information Services 7.0
Error Summary
HTTP Error 500.21 - Internal Server Error
Handler "PageHandlerFactory-Integrated" has a bad module "ManagedPipelineHandler" in its module list
Detailed Error Information
Module IIS Web Core
Notification ExecuteRequestHandler
Handler PageHandlerFactory-Integrated
Error Code 0x8007000d
Requested URL http://localhost:80/PAIS/Admin.aspx
Physical Path C:\0_Georgia\GA_IS_100142\PortfolioArchiveImageServer\Admin.aspx
Logon Method Anonymous
Logon User Anonymous
Most likely causes:
• ASP.NET is not installed or incompletely installed.
• A configuration typographical error occured.
• Unfavourable pre-condition evaluation exists.
Things you can try:
• If ManagedPipelineHandler is missing, ensure that:
o ManagedEngine is in .
o ManagedPipelineHandler is in , with correct pre-conditions.
• Install ASP.NET.
• Ensure all system.webServer/handlers#modules are in system.webServer/modules#name.
• Review pre-conditions in the and sections.
Links and More Information IIS core does not recognize the module.
View more information »
Thanks in advance,
Howard Hoffman
Faced the same problem and the fix was easy.
1) Open visual studio 2010 command prompt.
2) Run the command aspnet_regiis.exe -i
We found the actual problem, with MS ASP.NET support's help. It's pretty subtle. I think MS has said they will fix the issue in a follow on to the App Fabric release (which is now RTM). Fingers crossed.
The problem consistently occurs in this scenario:
1) ASP.NET web application not yet running. It includes WCF Net.Pipe and / or Net.Tcp bindings. I think the same would occur for NetMsmq but did not try it.
2) An inbound NetPipe or NetTcp WCF Windows Activation Service request is the initial request that starts the App Domain.
3) Application uses an 'Integrated' IIS App Pool (IIS7 or IIS 7.5)
4) The application uses HttpServerUtility.Execute during that 1st request.
It turns out that our application was firing an ASP.NET Health Monitoring event during the very 1st WCF operation -- the very operation that caused Windows Activation Service (WAS) to start our application. Our Health Monitoring configuration includes the TemplatedMailWebEventProvider.
Our application is using an 'Integrated' IIS App Pool.
The TemplatedMailWebEventProvider is implemented to create an email message body as HTML. It uses the System.Web.HttpServerUtility.Execute(string, TextWriter, Boolean) overload.
For this use case that overload does the wrong thing -- it initializes a 'Classic' IIS App Pool based HTTP pipeline. Because that's the wrong pipeline for an 'Integrated' IIS App Pool the pipeline gets corrupted with the next HTTP request -- which is actually the first inbound HTTP request.
So you get the 500.21 error for all future HTTP requests until the application is re-cycled. You don't need to perform the relatively drastic steps of IISRESET, clearing Temporary ASP.NET cache to clear up the error -- just restart the app via saving web.config and avoid the particular startup path that causes the error.
MS suggested a workaround for us -- use the SimpleMailWebEventProvider instead of the TemplatedMailWebEventProvider. That does work, since it takes HttpServerUtility.Execute out of the code path for the first request.
I'd suggested that MS introduce a new web.config <system.web> boolean setting -- UseIntegrated -- that let's the application specify the typeof App Pool to initialize with. Evidently IIS does not forward the App Pool type to ASP.NET, so my sugggestion is a work-around to that.
The TemplatedMailWebEvent provider is much more user friendly than the SimpleMailWebEventProvider, and we do hope MS addresses the issue.
Thanks all for reading,
Howard Hoffman
1. IIS 7 throws an exception as shown in below
2. Open visual studio 2010 command prompt in Administrator mode and execute aspnet_regiis.exe -i
3. Problem fixed, as shown below ASP.Net Application and ASP.Net MCV Application are running smoothly.
The problem more likely is in the application code. The Temporary ASP.NET Files folder contains pre-compiled copies of your app and will be refreshed every time the applications files are accessed. You can pre-compile these files with aspnet_compiler.exe in the \Windows\Microsoft.NET\Framework\v2.0.50727\ folder. Use the -errorstack option allow for more information to be generated about the error you are getting. Long running applications that don't recycle will run into problems if they use a lot of memory or retain large amounts of data in an inproc session state. if your sessions contain large amounts of information, consider using a sqlserver-based session manager.

Resources