CC.Net Access Denied Error - iis-7

I have CruiseControl.Net setup as my continuous integration environment. I've been working on adding a Visual Studio 2008 Web Deployment Project to my solution but I'm getting a weird "access denied" error and I can't figure out why.
I have CC.Net running under its own account on my server which is a member of the administrators group, so the CC.Net service should have access to everything it needs. The problem is when I trigger a build from the web interface the build fails with the error:
C:\Program Files
(x86)\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(667,5):
error : Access is denied.
The particular task on that line is the "CreateVirtualDirectory" task to create an IIS virtual directory for my asp.net application.
What's weird is if I open a command prompt on my build server running as the exact same user account the CruiseControl service is running as and run my build script everything builds successfully - including the creation of the IIS virtual directory. It's only when a build is initiated through the web interface that it fails.
I don't understand what the difference is between the two since presumably they are both running as the same user with the same privileges.
Suggestions?

Is it possible that the virtual folder it is trying to create already exists? Another thought - when you run from a command line, it is possible you have different environment variables or drive mappings that CC.Net wouldn't have?

Related

Publishing in Azure

I am publishing my web app in Azure. The following Error appears:
Error 12 Web deployment task failed. (Could not complete an operation with the specified provider ("dbDacFx") when connecting using the Web Management Service. This can occur if the server administrator has not authorized the user for this operation. dbDacFx http://go.microsoft.com/fwlink/?LinkId=178034
I have tried to un-install all Web Deploy folders in my Program Files Folder but even with nothing opened, it is telling me it is in use and that I can't delete the folder. I have since installed the newest version of Web Deployment.
Any ideas would be greatly appreciated!
From the error message it can be several things. But I can suggest at first to check if you are creating or altering Database schema behind the application. If so that can be the issue. For instance the user executing the script has no enough rights to perform the desired task.
Please see Azure SQL docs to grant correct sql rights to the user.

Permissions needed to WebDeploy from TFS

I am using TFS to Build and Deploy using MSBuild Arguments. I have the following arguments
/P:AllowUntrustedCertificate=True
/p:DeployOnBuild=True
/p:DeployTarget=MsDeployPublish
/p:CreatePackageOnPublish=True
/p:MSDeployPublishMethod=WMSVC
/p:MSDeployServiceUrl=https://myserver.com
/p:DeployIisAppPath="Site1"
/p:UserName=domain\username
/p:Password=password
This works fine when I use my domain account (which is an Admin on the Destination Server), but I want to use a Service Account that has the barebones permissions to get this to work.
I have already setup IIS Manager Permissions for the site, gave Full Control to the folder that the application sits in, and created setAcl, createApp, and contentPath and iisApp Delegation rules for the user.
I have granted read rights to the inetsrv/config folder, and full control to the applicationHost.config file.
I am able to publish my site using the Visual Studio publish process with that user, but am unable to get the deployment to occur using a TFS Build. When I run the build, I get the following error.
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v11.0\Web\Microsoft.Web.Publishing.targets (4193): Web deployment task failed. (Connected to the remote computer ("myservercom") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
I have looked online and followed all the steps I have seen, but still have the issue. Please let me know if you have any questions.
Thank you in advance
Try changing your MsDeployServiceUrl to:
https://myserver.com:8172/msdeploy.axd
Failing that, take a look at the Microsoft Web Deploy event log (in Applications and Services Logs)

MSBuild Extension Pack IIS7 task on remote server error

I have set up a Continuous Integration build with TeamCity and MSBuild. I am using the MSBuild Extension Pack, primarily for its IIS7AppPool Task. My goal is to stop an IIS app pool before the build script does a deployment step and start the app pool afterwards. The IIS app pool is on a different server from the build agent.
I have used the following MS Build code to stop IIS:
<MSBuild.ExtensionPack.Web.Iis7AppPool TaskAction="Stop" MachineName="$(DeploymentServerName)" Name="$(WebAppPoolName)" Username="$(DeploymentServerUsername)" UserPassword="$(DeploymentServerUserPassword)" />
I have set up a local admin user account on the web server, and used its username and password above as $(DeploymentServerUsername) and $(DeploymentServerPassword).
The error I am receiving is:
[MSBuild.ExtensionPack.Web.Iis7AppPool]
E:\TeamCity\BuildAgent\work\1a1dc058c29f0f12\BuildAndDeployment\Build_DevCI.proj(153,
5): UnauthorizedAccessException: Retrieving the COM class factory for
remote component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344}
from machine DEPLOYMENTSERVERMACHINENAME failed due to the following
error: 80070005 DEPLOYMENTSERVERMACHINENAME.
I have asked our network guys to take down any firewalls between the two machines, but I still get the same error.
Can anyone see anything wrong with my syntax or offer any advice on how to get this to work?
I can get the task to stop an IIS app pool on my local machine ok, so my syntax should be right.
I have looked at this post, but I don't think it's the same problem:
MSBuild remoting to server throws COMException error

Visual Studio Web Deployment project breaks ASPNET account permissions

I have built an ASP.NET web application with Visual Studio 2008 and target framework version 2.0. I have created a Web Setup project to deploy this at multiple target OSes.
For the setup project, I have written a custom action which gets executed on "OnCommitting" event. This custom action adds wildcard script mapping for routing all requests through ASP.NET engine.
FileMon suggests that an error occurs while creating a file in the following directory:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
The user account which was attempting this action was IWAM_<host name>.
The problem is after running this setup, if I try to access any url on the newly installed site, I received the error message:
Server Error in '/myapp' Application.
Failed to access IIS metabase.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.Hosting.HostingEnvironmentException: Failed to access IIS metabase.
The process account used to run ASP.NET must have read access to the IIS metabase (e.g. IIS://servername/W3SVC). For information on modifying metabase permissions, please see http://support.microsoft.com/?kbid=267904.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
I have already tried these options after 2 days of googling:
Run aspnet_regiis -i
Run aspnet_regiis -ga \ASPNET
Run aspnet_regiis -u and then aspnet_regiis -i
Option 3 has worked for me as of now, but, I want avoid using this, since, my web app will be deployed on a machine which might already be hosting some other app on IIS and I do not want to disturb these apps.
Can anyone suggest me a workaround for this?
B.T.W. my current system has .Net framework 3.5 and VS2008 installed on Win XP SP3 and IIS 5.1.
Thanks,
Vamyip
Your best bet is a custom bit of script in the installer package that checks permissions and then runs the command based on that information.
On a server OS this shouldn't be necessary since the default user for the application group will be in the IIS_WPG and have permissions to the temp directories. Windows XP has a bugged up version of IIS that is non-standard and doesn't follow all the rules. If your expected deployment environment is Windows Server 2003 or better then your installer should work as-is.

Access denied when creating a virtual directory via Web Deployment Project

I’m trying to use a (VS 2008) Web Deployment project in a TFS solution to deploy the web site to the (TFS 2008) build server to run web based unit tests.
For some reason, that I can't yet figure out, it is failing to create the virtual directory:
Using "CreateVirtualDirectory" task from assembly "C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.Tasks.dll".
Task "CreateVirtualDirectory"
Initializing IIS Web Server...
C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(667,5): error : Access is denied.
C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(667,5): error :
Failed to create virtual directory 'abc'.
Done executing task "CreateVirtualDirectory" -- FAILED.
The TFSService user certainly is in the Administrators group on the TFS Build machine (which is running Windows Server 2008). I don’t know what else could be wrong. I’ve checked the event log an there’s no clues there. I am able to manually create the virtual directory on that machine through the IIS console with no problem.
Any ideas what could be the problem or suggestions for how to diagnose this further?
it has got to be permissions...did you try putting the TFSService in the same Groups you are in?
Is the TFS account running under the same privileges as the account that you use to connect to IIS? Do as Craig suggested and move the TFS account into the groups that you participate in.
You're sure that the build is running under the TFSService id and not under another id set up just for builds, and which may not be in the administrator's group? I haven't done more than just play with automated builds since I do mostly solo development, but I recall setting up a separate build id when I was looking at this.
I have seen this occur when the IIS server wasn't running on the default port. I'd recommend checking IIS to see if it's running on port 80 as a step to diagnose your issue further.
I eventually managed to get deployment working by calling the _CopyWebApplication build target of the web application from my TFS build script (after manually creating the IIS virtual directory).
I had to add an additional target though to get linked files in the project to be copied also as the built in _CopyWebApplication target doesn't include those.

Resources