I have setup a build configuration in TFS2010 with MSBuild arguments to deploy using WebDeploy to a remote IIS6 webserver. I can deploy to this remote web server using WebDeploy manually from VS2010 without issue. But, when I kick off the TFS build it fails with a permission denied error when attempting to deploy to the remote box. I have added the user to the Administrator group on the webserver box.
I found in the security event log that the Domain wasn't set:
Logon Failure:
Reason: Unknown user name or bad password
User Name: tfssvcUser
Domain:
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: TFSServer
When I run it manually the Domain is set. tfssvcUser is a domain user is running as such on the build server.
I am running MSDeploy 1 right now.
Any ideas?
In the end the admin for the TFS box had misread the permissions on the build server and needed to add permissions to a temp folder or registry, not sure which.
Related
When I try to publish code using Web Deploy method I am getting the following error
ERROR_DESTINATION_NOT_REACHABLE: Web deployment task failed. (Could not connect to the remote computer ("xxxxx.xxxxxxx.xxx.xxxx"). On the remote computer, make sure that Web Deploy is installed and that the required process ("Web Management Service") is started
On my server,I have web deployer 3.5 install and web management service is also running.
There is no firewall issue also.
I have restarted the web management service still no luck
If you want to publish a site on a remote server you could follow the below steps:
Go to the Start menu and right-click the cmd.exe and then select Run as Administrator.
Enter the following in the command prompt:
winrm quickconfig
winrm set winrm/config/client #{TrustedHosts="*"}
On the target server, open a command prompt as an Administrator and
enter the following:
winrm quickconfig
winrm set winrm/config/client #{TrustedHosts="IP_ADDRESS"}
where IP address is the IP address of your remote server.
make sure you installed Management service.
-after doing all the above things open iis.
carete site with a blank folder at the destination (remote server)
go back to the server from which you want to publish a site and select Publish.
On the Publish page, click the icon labeled IIS, FTP, etc.
In the Publish Method list box, select Web Deploy:
or if you want to publish as an application under any site:
no need to create site at the destination server.
enter your site name in the site name and enter your application name after /.
Regards,
Jalpa
Deploying an asp.net project on local IIS server as a release version. Getting 401 unauthorized error on API call (allow anonymous enabled). Server runs with administrator user principal. This principal has all the permissions. And the project declared as application with correct .net library. The only thing I can't change is read only flag on the project directory. Anyone can help? Nothing in google resources worked...
Update: After a lot of searching and digging, I found a solution:
IIS Application basic settings - The default settings is to run application with Application pool user, which is usually limited with it's files access permissions. So the idea is to run application with administrator user.
Run as - enter administrator user name and password
Application pool type - The default application pool type is 2 and sometimes new .NET libraries are not accessible. So you have to add all the missing ASP.NET types to IIS.
Usually ASP.Net version suppose to be classic, in this case application works fast. Otherwise application refresh time may take long period.
Local folder permission - add local administrator, that you defined on IIS settings, and grand him all permissions to the folder recursively
SQL Server Management- the default server authentication is Windows Authentication, make it SQL Server and Windows Authentication mode
Add new user to the server and grand him all the permission to the database
Add this user to database Users and change the SQL connection string at the project accordingly. This way you prevent application pull trying to connect with database with it's user
Just posting this here as I went around in circles trying to diagnose an intermittent 401 error.
I had a virtual sub directory within the web application that referenced an external folder which was out of the directory tree so had different folder permissions.
Any scripts that referenced this folder failed - while others ran completely fine.
I'm integrating MSDeploy into my build process, and having problems authenticating. The following command works fine:
msdeploy -verb:sync -source:appHostConfig="KitchenPC",computerName=192.168.0.3,userName=Administrator,password=secret -dest:package=c:\DeployTest\KPC.zip
However, this does NOT work:
msdeploy -verb:sync -source:appHostConfig="KitchenPC",computerName=192.168.0.3,userName=kpcpublish,password=secret -dest:package=c:\DeployTest\KPC.zip
And yields the error:
Error Code: ERROR_USER_NOT_ADMIN
More Information: Connected to '192.168.0.11' using the Web Deployment Agent Service, but could not authorize. Make sure you are an administ
rator on '192.168.0.11'. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_NOT_ADMIN.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.
I've followed the instructions in the link above, and any other docs I could find, which pretty much all say the same thing:
I created an account called kpcpublish
I added this account to a group called MSDepSvcUsers - Heck, I even added the account to Administrators
I right clicked on the site and selected Deploy->Configure Web Deploy Publishing and added kpcpublish to the list. It says the following:
.
Publish enabled for 'SERVER\kpcpublish' Granted 'SERVER\kpcpublish'
full control on 'C:\Website' Successfully created settings file
'C:\Users\Administrator\Desktop\SERVER_kpcpublish_KitchenPC.PublishSettings'
There must be some step I'm missing, but I just can't figure out what could be.
UPDATE:
Using the full HTTP path for the computerName property, I get the error:
Error Code: ERROR_DESTINATION_NOT_REACHABLE More Information: Could
not connect to the remote computer ("192.168.0.3"). On the remote
computer, make sure that Web Deploy is installed and that the required
process ("Web Management Service") is started. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DES
TINATION_NOT_REACHABLE. Error: Unable to connect to the remote server
Error: A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection fa
iled because connected host has failed to respond 192.168.0.3:8192
Error count: 1.
I've checked and the Web Management Service is indeed running.
Another Update:
I've completely paved the system and set it up again from scratch. I've done nothing out of the ordinary, just installed the IIS role and made sure to check "Management Service" under Management Tools, which is required for WMSVC to run. I then installed Web PI, and installed "Recommended Configuration for Hosting Providers", which will install Web Deploy 3.0. However, I did notice there was an error while installing this (I believe I got this error the last time as well). It looks like:
I've also attached the log files here.
I then tried to install Web Deploy 3.0 manually, however it says it's already installed. Next, I downloaded the MSI directly from http://www.iis.net/download/webdeploy and ran it in "Repair" mode. That seems to have worked. I also noticed that the WMSVC service is up and running. So this looks good.
Still, MSDeploy will not connect. I thought it might be some sort of firewall issue, so I ran it locally. I've tried using both HTTPS and HTTP to connect. HTTPS gives me an error, HTTP just times out after 2-3 minutes.
HTTPS:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=https://STAGING:8172/msdeploy.axd,userName=Administrator,password=Khorf123 -dest:package=c:\DeleteMe.zip
Info: Using ID 'f3a54096-adc4-4f54-9e4f-ad8fde12edb6' for connections to the remote server.
Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED
More Information: Connected to the remote computer ("staging") using the specified process ("Web Management Service"), but could not verify the server's certifi
cate. If you trust the server, connect again and allow untrusted certificates.
Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.
Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Error: The remote certificate is invalid according to the validation procedure.
Error count: 1.
HTTP:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=http://STAGING:8172/msdeploy.axd,userName=Administrator,password=Khorf123 -dest:package=c:\DeleteMe.zip
Info: Using ID 'ebee66f0-08e5-4d9d-98ea-0c2e59784895' for connections to the remote server.
Error: Could not complete the request to remote agent URL 'http://staging:8172/msdeploy.axd'.
Error: The operation has timed out
Error count: 1.
(Updated 2016-03-07 - NOTE: non-Administrator deployments also require ?site=IIS_SITE_NAME after msdeploy.axd, otherwise the connection is treated as global and requires Administrator access)
Not sure how missed this originally, but your problem is the computerName parameter. Non-administrator deployments are only supported when using WMSVC, for which you need to specify the full URL.
Try the following
msdeploy -verb:sync ^
-source:appHostConfig="KitchenPC",computerName=https://192.168.0.3:8172/MsDeploy.axd,userName=kpcpublish,password=secret,authType=Basic ^
-dest:package=c:\DeployTest\KPC.zip
From the docs:
The computer name will be translated to the default Web Deploy URL. For example, computerName=Server1 will become http://Server1/MsDeployAgentService. If the remote service is running with a custom port or URL, you must specify the full URL
And from the install instructions:
The MSI will not install the Web Management Service handler component if the Web Management Service is not installed; the handler component is necessary for non-administrator deployments
(I couldn't find a more explicit canonical source that describes WMSVC as a requirement for non-admin deployments)
Figured It Out!
So, it seems that (at least by default), WMSVC only listens on HTTPS, and HTTP will just time out. However, since my certificate was self-signed, I had to use the -allowUntrusted command line option.
That was almost enough. I also had to specify authType=Basic like Richard originally suggested. So, to put it all together, this is the MSDeploy command line that will actually work:
msdeploy -verb:sync -source:appHostConfig="Default Web Site",computerName=https://192.168.0.3:8172/msdeploy.axd,authType=Basic,userName=Publish,password=secret -dest:package=c:\DeployTest\KPC.zip -allowUntrusted
After configuring Web Deploy my server as follows. I continued to get HTTP 404 connection failures. In may what worked for me was the following additional efforts...
Uninstall all previous version of Web Deploy that existed. I was not even aware they existed; however, previous versions appear to conflict with completing a connection to the latest Web Deploy service. Newer version don't uninstall their predecessors. In the last part, I was getting HTTP 401.7 - File Extension Denied.
For good measure, performed a repair of the current version of Web Deploy, currently Microsoft Web Deploy 3.6
For good measure, recreate and import my Visual Studio 2013 deployment profile...
recreate the publish settings file using the Configure Web Deploy Publishing dialogue available from the Deploy context menu option of the target website in IIS Manager's Connections panel. (Note, the publish settings file will be recreated when you press Setup as the file whose full path is specified in the dialogue entry, Specify a location to save the publish settings file)
Copy or otherwise make the publish settings file available to Visual Studio and selecting Publish from your project's context menu, create a Visual Studio publish profile by importing the publish settings file.
Try restarting the wmsvc service on the target machine
As alluded to above, make sure that you are connecting over HTTPS. If you are attempting to connect as Admin, but not using SSL, you get the following error:
Error Code: ERROR_USER_NOT_ADMIN
More Information: Connected to 'host' using the Web Deployment Agent Service, but could not authorize. Make sure you are an administrator on 'host'.
(Where 'host' is your server name)
For me the problem was that my password expired... I've noticed it when loging out and then tried to login back trhough remote desktop.
We have 1 new DEV and 1 new QA server that I am configuring for automated deploys. I got the DEV deploys working. My problem is that the deploy to QA is giving me the below error.
Our build server contains the controller and drop folder. The error occurs when the Invoke deploy command is issued. I have ensured that the Web Management service is running on the web servers.
What could be causing the follow error message?
Error Code: ERROR_DESTINATION_NOT_REACHABLE
More Information: Could not connect to the destination computer ("myWebServer").
On the destination computer, make sure that Web Deploy is installed and that the
required process ("Web Deployment Agent Service") is started.
Error: The remote server returned an error: (404) Not Found.
Error count: 1.
Here is my deploy command:
\\myBuildServer\Builds\MyApp - Deploy to QA\myApp - Deploy to QA_20120827.1\_PublishedWebsites\AppName.UI.Web_Package\Appname.UI.Web.deploy.cmd /M:http://myWebAddress/MsDeployAgentService/ /U:myDomain\tfsUID /P:MyPassword "-setParam:name='IIS Web Application Name',value='MyWebAppName'" /Y
If you're on IIS 7, ensure that WMSvc is installed (add or turn on Windows features) running, that it is configured correctly and enabled in IIS Manager under "Management Service" and that port 8172 is open - try telnet-ing into it.
If IIS 6, install the Web Deploy agent.
For IIS 7 using WMSvc, you should use http://svr:8172/MsDeploy.axd and for MsDepSvc you are already using the right URL (see your /M param).
I've found the whole remote publishing to be a total ballache.
When you install Web Deploy, make sure to select Custom and check all components. This is what solved the issue for me.
Source: Could not reach the Web Deploy endpoint on the specified virtual machine
I have a web application and I am trying to deploy it on a webserver using MSDeploy.exe (Web Deploy 2)
I have tried 4 scenarios:
Through VS2010 Publish method with following settings:
Publish Method: Web Deploy
Service Url: https://MyServerName:8172/MsDeploy.axd
Site/application: MyWebSiteName
Allow untrusted: checked
Username: MyUsername
Password: MyPassword
This method works just fine.
On MyServerName machine I have Web Management Service running; I have a website MyWebSiteName, an application MyWebAppName and MyUserName is an IIS Manager for it.
Through VS2010 Publish method with following settings:
Publish Method: Web Deploy
Service Url: https://MyServerName:8172/MsDeploy.axd
Site/application: MyWebSiteName/MyWebAppName
Allow untrusted: checked
Username: MyUsername
Password: MyPassword
This method works just fine.
Through MSDeploy.exe command line (within a Powershell script)
$Source = "contentPath='...._PublishedWebsites\MyWebApp'"
$Destination = "contentPath=MyWebSiteName,computerName='https://fc-wapps-trial:8172/MsDeploy.axd?Site=WebSiteTest',Username=MyUsername,Password=MyPassword,AuthType=basic"
MSDeploy -verb:sync -source:$Source -dest:$Destination -allowUntrusted
This method also works fine.
Through MSDeploy.exe command line (within a Powershell script)
$Source = "contentPath='...._PublishedWebsites\MyWebApp'"
$Destination = "iisApp=MyWebSiteName/MyWebAppName,computerName='https://fc-wapps-trial:8172/MsDeploy.axd?Site=WebSiteTest/MyWebAppName',Username=MyUsername,Password=MyPassword,AuthType=basic"
MSDeploy -verb:sync -source:$Source -dest:$Destination -allowUntrusted
This method doesn't work. I am getting the following error.
Error Code: ERROR_USER_UNAUTHORIZED
More Information: Connected to the destination computer ("MyServerName") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site.
Error: The remote server returned an error: (401) Unauthorized.
I was looking at what is the actuall MSDeploy command that the method 2 uses and I got something like:
msdeploy.exe
-source:manifest='...\MyWebApp.SourceManifest.xml'
-dest:auto,ComputerName='https://MyServerName:8172/MsDeploy.axd?site=WebSiteTest',UserName='MyUsername',Password='MyPassword',IncludeAcls='False',AuthType='Basic'
-verb:sync
-disableLink:AppPoolExtension
-disableLink:ContentExtension
-disableLink:CertificateExtension
-skip:objectname='dirPath',absolutepath='...\App_Data$'
-setParam:kind='ProviderPath',scope='IisApp',match='^...\PackageTmp$',value=WebSiteTest/WebAppTest
-setParam:kind='ProviderPath',scope='setAcl',match='^..\PackageTmp$',value=WebSiteTest/WebAppTest
-allowUntrusted
-retryAttempts=2
Now this doesn't seem to be anything close to what I am using in method 4. I tried running it myself without success, but I assume I wasn't able to properly re-create all those parameters.
So my questions are:
- What I am doing wrong in method 4?
- How can I deploy a web application as a website application in IIS7 using MSDeploy.exe command
Thanks in advance for your help
Iulian
I ran into the same issue as you did. I solved it by only use site name in
https://computername:8172/msdeploy.axd?site={websitenameonly}. Then set your webapplication path in the parameter using -setParam IIS Web Application Name= {your web application name here} or use a parameter file. And everything deployed fine.
It seems that the site querystring value is required to authorize the request only. I haven't find any definitive documentation from MS on any other querystring parameters that might solve this. But I actually tested 2 cases. 1) Deploying to a web site in IIS 7.5, this parameter is required. 2) Deploying to a web application under a web site, this parameter is actually optional, but if you want to include it, then it has to be a root site.
You actually answered your own question here just probably didn't realize it.
Please check your Management Service Delegation (if you haven't already). Click on the main site in IIS Manager to bring up all Web Deploy options in the center panel. At the bottom (past ASP.NET, IIS, etc), under Management, you should see several options, including "Management Service Delegation".
Under this configuration is all the Provider contexts you might run into and the paths/types you might use them against (and under what usernames, etc... can get pretty granular).
Make very sure that the provider type you're trying to communicate under (iisApp, contentPath, etc) is not only listed, but has the path/scope you require and that you're operating under permissions that have been cleared.
Remember: you don't have to use an administrator-type user if delegation is set up correctly. AND you've gone to the applicable site's IIS Manager Permissions and added an Allowed User, like Domain\User, or even a custom IIS Manager User.