Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I deploy using MSDeploy in Team Build 2010 using the WMSVC service and NTLM authentication?

I am trying to deploy using Team Build 2010 to a Windows Server 2008 R2 web server. My build server agent is setup to run under a Windows domain account. I have successfully given this domain account permissions on my web server for the deployment using the IIS Manager permissions. This account is not an Administrator on the web server. I can get the build deploying just fine using the following parameters:

/p:DeployOnBuild=True  /p:DeployTarget=MsDeployPublish  /p:CreatePackageOnPublish=False  /p:MSDeployPublishMethod=WMSVC  /p:AllowUntrustedCertificate=True  /p:MSDeployServiceUrl=webservername /p:DeployIisAppPath="Web Site Name" /p:UserName=DOMAIN\BUILDID /p:Password=buildidpassword 

Because other developers are going to be setting up their builds, and I would rather not publish the password for the domain account, I need to use NTLM authentication to deploy. I would like to continue using the Web Management service method (WMSVC) for deployment so the BUILDID doesn't have to be an administrator.

I have dug deep into the "Microsoft.Web.Publishing.targets" and it appears that I should be able to pass an AuthType parameter to control the authorization type, but it appears to not have any effect. I have tried:

/p:DeployOnBuild=True  /p:DeployTarget=MsDeployPublish  /p:CreatePackageOnPublish=False  /p:MSDeployPublishMethod=WMSVC  /p:AllowUntrustedCertificate=True  /p:MSDeployServiceUrl=webservername /p:DeployIisAppPath="Web Site Name" /p:AuthType=NTLM 

And I have also tried putting a blank username (as seen elsewhere on StackOverflow), to no avail. I continue to get the error:

C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets(3847,5): error : Web deployment task failed.(Connected to the destination computer ("webservername") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site.)

I have also tried the UseMsdeployexe parameter as mentioned in the previous link, but I then get other errors related to the web.config transformation. It looks like the issue is already on Microsoft Connect and is listed as being fixed in the next issue.

like image 791
Michael McGuire Avatar asked Oct 03 '11 19:10

Michael McGuire


People also ask

How do I know if MSDeploy is installed?

Is Web Deploy installed? You can verify web deploy is installed by going to the "Programs and Features" control panel and looking for "Microsoft Web Deploy 2.0" in the list of installed programs. If it is not there, you can install it via the Web Platform Installer by going to the "Products" tab.

How do I get MSDeploy exe?

Go to C:\Windows\System32 and right click on CMD. EXE. Choose “Run as Administrator”. Once the command prompt is up, you will navigate to the folder level where MSDeploy.exe exists.


2 Answers

There is an additional step, which I never picked up on:

Source

You can optionally enable users to authenticate with the Web Management Service using NTLM. To do this, update the registry on the server by adding a DWORD key named "WindowsAuthenticationEnabled" under HKEY_LOCAL_MACHINE\Software\Microsoft\WebManagement\Server, and set it to 1. If the Web Management Service is already started, the setting will take effect after the service is restarted.

like image 150
Tom Crane Avatar answered Oct 10 '22 04:10

Tom Crane


If it is failing using NTLM then the team build service agent needs to be given permission to your site to allow non-administrators to connect to the site or application deployment server access. You can configure this under Management Service .

You might want to also take a look at configuring the web deployment provider settings. Web Deploy Provider Settings

If the wmsvc provider setting is specified, the default authentication type is Basic; otherwise, the default authentication type is NTLM.

You could also encrypted your password using the encryptPassword parameter and configuring the setup on the hosted server if you are wanted to use basic authentication type.

Hope this helps.

This error code can surface because of a number of different reasons. It typically indicates an authentication or authorization problem, and can happen because of any of hte following reasons:

If connecting using the Web Management Service:

  • Verify that the username and password are correct
  • Verify that the site exists
  • Verify that the user has IIS Manager Permissions to the site's scope

If connecting using the Remote Agent Service:

  • Verify that the username and password are correct
  • Verify that the user account you specified is a member of the Administrators group on the remote computer. NOTE: Because of a bug in Web Deploy 2.0, the user must be either the built-in Administrator or a member of the Domain Administrators security group. Attempts to sync with any other user account, even if it is an administrator, will see this error code. Verify that the site exists
like image 43
SoftwareCarpenter Avatar answered Oct 10 '22 03:10

SoftwareCarpenter