I'm getting an unauthorized error from MsDeploy using NTLM authentication when trying to remotely deploy an application using a windows user who is not a local admin on the destination server. I have setup rules in the Management Service Delegation on the destination box with all providers checked. Under this rule I have added 2 users with allow permissions ('*', and my windows user that is doing the remote deploy). Additionally, I have given the windows user permission on the site I'm trying to deploy. If I make the windows user a local admin on the destination box and set 'Allow administrators to bypass rules', the deploy works correctly. If the windows user is not a local administrator I get the following error:
Web deployment task failed.(Remote agent (URL http://xxxxxxxx/MSDEPLOYAGENTSERVICE) could not be contacted. Make sure the remote agent service is installed and started on the target computer.) Make sure the site name, user name, and password are correct. If the issue is not resolved, please contact your local or server administrator. Error details: Remote agent (URL http://xxxxx/MSDEPLOYAGENTSERVICE) could not be contacted. Make sure the remote agent service is installed and started on the target computer. An unsupported response was received. The response header 'MSDeploy.Response' was 'V1' but 'v1' was expected. The remote server returned an error: (401) Unauthorized. in Microsoft.Web.Publishing.targets(3588, 5)
401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.
Is Web Deploy installed? You can verify web deploy is installed by going to the "Programs and Features" control panel and looking for "Microsoft Web Deploy 2.0" in the list of installed programs. If it is not there, you can install it via the Web Platform Installer by going to the "Products" tab.
The Web Deploy is a tool for simplifying migration, management and deployment of Web applications, sites and servers. It can be used to package a Web site, automatically including content, configuration, certificates and databases. It can be used to synchronize between IIS 6.0, IIS 7.
If you configure delegation to "Allow administrators to bypass rules" and msdeploy command succeeds, then you are going through WMSvc and it is letting you through. Otherwise, from the response it seems that WMSvc is rejecting you and you are falling back to Web Deloy agent.
Set/add the following reg value to WMSvc reg key:
reg add HKLM\Software\Microsoft\WebManagement\Server /v WindowsAuthenticationEnabled /t REG_DWORD /d 1
Recycle WMSvc:
net stop wmsvc & net start wmsvc
Try again. If it doesn't succeed, can you post your msdeploy command line.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With