I’m trying to use a (VS 2008) Web Deployment project in a TFS solution to deploy the web site to the (TFS 2008) build server to run web based unit tests.
For some reason, that I can't yet figure out, it is failing to create the virtual directory:
Using "CreateVirtualDirectory" task from assembly "C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.Tasks.dll".
Task "CreateVirtualDirectory"
Initializing IIS Web Server...
C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(667,5): error : Access is denied.
C:\Program Files\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(667,5): error :
Failed to create virtual directory 'abc'.
Done executing task "CreateVirtualDirectory" -- FAILED.
The TFSService user certainly is in the Administrators group on the TFS Build machine (which is running Windows Server 2008). I don’t know what else could be wrong. I’ve checked the event log an there’s no clues there. I am able to manually create the virtual directory on that machine through the IIS console with no problem.
Any ideas what could be the problem or suggestions for how to diagnose this further?
it has got to be permissions...did you try putting the TFSService in the same Groups you are in?
Is the TFS account running under the same privileges as the account that you use to connect to IIS? Do as Craig suggested and move the TFS account into the groups that you participate in.
You're sure that the build is running under the TFSService id and not under another id set up just for builds, and which may not be in the administrator's group? I haven't done more than just play with automated builds since I do mostly solo development, but I recall setting up a separate build id when I was looking at this.
I have seen this occur when the IIS server wasn't running on the default port. I'd recommend checking IIS to see if it's running on port 80 as a step to diagnose your issue further.
I eventually managed to get deployment working by calling the _CopyWebApplication build target of the web application from my TFS build script (after manually creating the IIS virtual directory).
I had to add an additional target though to get linked files in the project to be copied also as the built in _CopyWebApplication target doesn't include those.
Related
Currently we have following structure:
web
build0001
build0002
build0003
So, each time we deploy new version of web application, we create folder with build number and then change path in IIS to use that directory.
Now question is, can I do same thing with msbuild:
1) publish to web\buildxxxx
2) and update IIS setting to use web\buildxxxx for that site.
While currently I doing all this in same server, in the future I'll need to do this on remote servers also, meaning that I'll running msbuild from different server than IIS is.
So far I've came to this:
"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe"^
-verb:sync^
-source:contentPath="c:\stageDir"^
-dest:contentPath="c:\web\build0004",computername="https://remoteServer:8172/MsDeploy.axd?site=MySite",UserName="DeployUser",Password="xxx",authType=Basic^
-enableRule:DoNotDeleteRule^
-allowUntrusted^
-postSync:runCommand="C:\windows\system32\inetsrv\appcmd.exe set vdir MySite/ -physicalPath:c:\web\build0004"
Problem with this approach is, that is requires a lot of permissions, because of these things:
build0004 at the moment of syncing is out of current website's folder (say build0003), so it requires DeployUser to have administrative rights.
I need ability to use runCommand, which requires even more - allow WMSVC to run commands.
I am using TFS to Build and Deploy using MSBuild Arguments. I have the following arguments
/P:AllowUntrustedCertificate=True
/p:DeployOnBuild=True
/p:DeployTarget=MsDeployPublish
/p:CreatePackageOnPublish=True
/p:MSDeployPublishMethod=WMSVC
/p:MSDeployServiceUrl=https://myserver.com
/p:DeployIisAppPath="Site1"
/p:UserName=domain\username
/p:Password=password
This works fine when I use my domain account (which is an Admin on the Destination Server), but I want to use a Service Account that has the barebones permissions to get this to work.
I have already setup IIS Manager Permissions for the site, gave Full Control to the folder that the application sits in, and created setAcl, createApp, and contentPath and iisApp Delegation rules for the user.
I have granted read rights to the inetsrv/config folder, and full control to the applicationHost.config file.
I am able to publish my site using the Visual Studio publish process with that user, but am unable to get the deployment to occur using a TFS Build. When I run the build, I get the following error.
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v11.0\Web\Microsoft.Web.Publishing.targets (4193): Web deployment task failed. (Connected to the remote computer ("myservercom") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
I have looked online and followed all the steps I have seen, but still have the issue. Please let me know if you have any questions.
Thank you in advance
Try changing your MsDeployServiceUrl to:
https://myserver.com:8172/msdeploy.axd
Failing that, take a look at the Microsoft Web Deploy event log (in Applications and Services Logs)
I'm basically wondering what the best way to deploy an Asp.Net Web Site is, mostly from the point of view of security. Right now, I'm trying to publish the website using Visual Studio 2010. Could someone direct me to a good tutorial on how to do this securely? For example, can it be done over an encrypted connection via Visual Studio? Is it necessary to install any software on the server to do this? Should I use a different program to open up an SSL (TLS) connection first, and if so, which program (does it come standard with windows)?
The server is running Windows Server 2008. Development is on Vista.
Many thanks in advance for any direction in this matter!
Andrew
I would publish the site to your local machine and file copy the files across to your test/production environment. As a rule we don't publish sites straight from VS to test or production.
For example you don't want to accidentally push things straight from dev into a live environment do you?
As far as the file transfer security goes you could use SFTP.
Note: First thing is to check with the owner of the server, as they often will provide you an FTP connection and will take care of configuring IIS.
If you want to add security, make a keyfile and sign your assemblies and consider running Dotfuscator on your dlls, the community edition is included in Visual Studio. Here is an earlier question where I've put more info on Dotfuscator.
If you have to do the deployment yourself, here's a few things to consider.
XCopy (easy)
MSI (have to create a setup program, you can do this easily in Visual Studio)
There is no security advantage in deploying using Visual Studio, but you can use Visual Studio to create a small setup program. One thing you want to make sure for security is DO NOT deploy any .cs files. Prepare your files, you should compile in Release mode, make sure debug is not enabled in your config file, keep your bin and it's dll, also the aspx, asmx, ascx, svc, css, js, and config files.
XCopy: Install a small FTP server, or use one your company alreayd has, this will allow you to get your files once you are logged into the target machine. You should be able to get an administrator account for the target machine, just ask the sysadmin of the domain, then log on using remote desktop, got to your ftp site, and download your files. Open IIS on the target machine, create a virtual directory and a pool. Copy your files to the location, configure your connection string to your DB if you use one, then test your website.
MSI: same process as above, except the setup will create the virtual directory and pool for you.
Here is extra info on best practices from the official ASP.Net website.
If you have some control on the server (e.g. to configure IIS7), you might want to look into Microsoft Web Deploy (new product just been released):
http://weblogs.asp.net/scottgu/archive/2010/09/13/automating-deployment-with-microsoft-web-deploy.aspx
Haven't tried it myself, but looks quite slick and it apparently encrypts the data being copied up, so might suit you.
I have CruiseControl.Net setup as my continuous integration environment. I've been working on adding a Visual Studio 2008 Web Deployment Project to my solution but I'm getting a weird "access denied" error and I can't figure out why.
I have CC.Net running under its own account on my server which is a member of the administrators group, so the CC.Net service should have access to everything it needs. The problem is when I trigger a build from the web interface the build fails with the error:
C:\Program Files
(x86)\MSBuild\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets(667,5):
error : Access is denied.
The particular task on that line is the "CreateVirtualDirectory" task to create an IIS virtual directory for my asp.net application.
What's weird is if I open a command prompt on my build server running as the exact same user account the CruiseControl service is running as and run my build script everything builds successfully - including the creation of the IIS virtual directory. It's only when a build is initiated through the web interface that it fails.
I don't understand what the difference is between the two since presumably they are both running as the same user with the same privileges.
Suggestions?
Is it possible that the virtual folder it is trying to create already exists? Another thought - when you run from a command line, it is possible you have different environment variables or drive mappings that CC.Net wouldn't have?
I'm trying to use NAnt/NAntContrib build script to build a web application on Windows 2008 (IIS 7.0).
In the build file, there is mkiisdir task, which fails with:
[mkiisdir] The webservice at 'localhost' does not exist or is not reachable.
All the documents/posts I found so far (non for w2k8, only Vista) say to install IIS 6 Compatibility services (all of them, including scripting tools, etc.) So I did, but it still throws this error.
Any idea what else need to be changes, so NAnt be able to create/delete virtual directories on IIS 7.0?
EDIT: New data - when I log in as local administrator to this server, the nant task succeeds, but it fails when I log in as a domain admin. I have added the domain admins group in the local Administrators group, but it still fails. Any idea what other permissions I need to check/change in order to make my domain admin user to be able to execute this task? I can create manually virtual folders without any problems.
In order to get iis nantcontrib tasks to work you need to install IIS6 Management Compatibility Tools. Here is the blog describing how to do it in Vista:
http://thoughtworker.in/2008/01/15/nant-the-webservice-at-localhost-does-not-exist-or-is-not-reachable/
Here is a screenshot of how to do it in Windows Server 2008:
alt text http://img407.imageshack.us/img407/699/iis6tools.png
To answer my own question - I have isolated the part of the code in NantContrib which was causing the problem, and made a sample application to test.
I have posted this as a separate question here, and there is the solution as well.
Cheers