I am attempting to deploy a web application to IIS 10 on Windows Server 2019. I have a PowerShell script that executes the MsDeploy.exe command using basic authentication. The username and password is provided in the query string POSTed to the web server for the deployment. After a little playing around, I was able to replicate the problem using a simple command in the regular Windows command prompt:
"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -setParamFile:C:\...\Deploy.ContinuousIntegration.xml -source:package=C:\...\Web.zip -dest:auto,computerName=https://hostname:8172/msdeploy.axd?site=,username=DeployUser,password=DeployPassword,authtype=Basic,includeAcls=False -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -allowUntrusted -enableRule:AppOffline -enableRule:EncryptWebConfig
The same command formatted for better readability:
"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" ^
-setParamFile:C:\...\Deploy.ContinuousIntegration.xml ^
-source:package=C:\...\Web.zip ^
-dest:auto,computerName=https://hostname:8172/msdeploy.axd?site=,username=DeployUser,password=DeployPassword,authtype=Basic,includeAcls=False ^
-verb:sync ^
-disableLink:AppPoolExtension ^
-disableLink:ContentExtension ^
-disableLink:CertificateExtension ^
-allowUntrusted ^
-enableRule:AppOffline ^
-enableRule:EncryptWebConfig
Running the command above returns this response:
Error Code: ERROR_USER_UNAUTHORIZED
More Information: Connected to the remote computer ("hostname") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: https://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.\
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.
I attempted to use a non-administrative user created in IIS, not Windows.
Process Used to Create IIS User
Open Internet Information Services Manager
Chose the hostname for the server
Opened "Management Service"
Set "Identity Credentials" to "Windows credentials or IIS Manager credentials"
Left everything else as the default value and started the Web Deploy service (which started successfully)
Opened "IIS Manager Users" under the same hostname.
Added a new user with a password (the password only contains letters and numbers).
Opened "IIS Manager Permissions" under "Default Web Site" for the same hostname
Allowed the user I previously created in "IIS Manager Users" (Level: Site)
I used a parameter file for MsDeploy, the contents of which are below:
<parameters>
<setParameter name="IIS Web Application Name" value="Default Web Site/Folder" />
</parameters>
I even tried changing the computerName parameter to wmsvc as suggested in this answer, but I still got the same error.
Any idea how to fix the "unauthorized" error?
Related
I've got a 2012R2 Continuous Integration Server with TeamCity installed on it and WebDeploy 3.5. I'm trying to deploy a build to a site which is hosted on another Server2012R2 using IIS 8.5 (it also has Web Deploy 3.5 installed) and I am getting this error message:
Error Code: ERROR_USER_NOT_ADMIN
[13:12:26][Step 3/3] More Information: Connected to 'myiisserver' using the Web Deployment Agent Service, but could not authorize. Make sure you are an administrator on 'myiisserver'. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_NOT_ADMIN.
[13:12:26][Step 3/3] Error: The remote server returned an error: (401) Unauthorized.
As you can see from the error message I can connect to the server but It can't authenticate with the credentials that I'm specifying. This is the command I am using:
msdeploy -source:package='%PackageFile%' -dest:auto,computerName='http://%WebServer%/MSDeployAgentService',username="myiisserver\blibli",password="password",authtype="Basic",includeAcls='False' -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"%ParamFile%" -setParam:"IIS Web Application Name"="%IisSiteName%" -enableRule:DoNotDelete
The username I'm using is an admin on both machines and I'm using also specifying the right password.
Could you please throw any light at this guys? I have already lost 3 hours trying to sort out this issue...
Many thanks
I sorted the issue just by removing the authtype="Basic" option out of the command.
Hope it helps someone else in the future.
I am using msdeploy to deploy codes to dev server. this morning it stops working. and I am getting ERROR_USER_NOT_ADMIN. nothing changed, at least not that I know of.
abc\jqin, this user is a domain account, its a local admin. why am I still getting ERROR_USER_NOT_ADMIN
Deploy: "C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe"
-verb:sync -source:package="C:\NetBuild\Packages\IRViewerSvc\IRViewerSvc.zip" -dest:iisApp=IRViewerSvc,computerName=tvw-irwebsvc,username="abc\jqin",password=********
Info: Using ID '51e98b9d-456e-4c7e-8f1a-c696c240f431' for
connections to the remote server. EXEC : error Code:
ERROR_USER_NOT_ADMIN [C:\NetBuild\BuildScript\IRViewerSvc.build]
More Information: Connected to 'tvw-irwebsvc' using the Web Deployment
Agent Service, but could not authorize. Make sure you are an
administrator on 'tvw-irwebsvc'. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_NOT_ADMIN.
Error : The remote server returned an error : (401) Unauthorized.
[C:\NetBuild\BuildScript\IRViewerSvc.build] EXEC : error count: 1.
[C:\NetBuild\BuildScript\IRViewerSvc.build]
C:\NetBuild\BuildScript\IRViewerSvc.build(71,5): error MSB3073: The
command ""C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe"
-verb:sync -source:package="C:\NetBuild\Packages\IRViewerSvc\IRViewerSvc.zip" -dest:iisApp=IRViewerSvc,computerName=tvw-irwebsvc,username="abc\jqin",password=********"
exited with code -1. Done Building Project
"C:\NetBuild\BuildScript\IRViewerSvc.build" (deploy target(s)) --
FAILED.
Try search mmc and run it click on File add or remove snap-ins, select Local Users and Groups hit ok.
Click on the User uncheck everything and check only Password never expires.
Now go to Groups add new group if it does not exists MSDepSvcUsers, Double click on it and add your User as a member.
Go to Services and restart the Web Deployment Agent Service.
Now try and run your MSDeploy.
I hope this was helpful.
Trosago
The NetLogon solution posted here didn't work on our AWS EC2 Windows Server 2019 instances because of the following:
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
The MSDepSvcUsers solution posted here didn't work completely either:
[16:19:20] Error: (2/10/2020 5:19:20 PM) An error occurred when the request was processed on the remote computer.
[16:19:20] Error: An error occurred when reading the IIS Configuration File 'MACHINE/REDIRECTION'. The identity performing the operation was 'EC2AMAZ-ABCDEFG\SomeUserName'.
[16:19:20] Error: Filename: \\?\C:\Windows\system32\inetsrv\config\redirection.config
[16:19:20] Error: Cannot read configuration file due to insufficient permissions
As noted here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/083efb2e-d087-4a03-9f6a-662a218cacf8/machineredirection-error?forum=tfsgeneral
Adding the Read & execute and Read access to the folder containing the redirection.config file for the user doing the deploy didn't fix the issue, but adding read permissions for the NETWORK SERVICE user on that same folder did.
I recently encountered an interment problem where builds were failing with ERROR_USER_NOT_ADMIN.
This was after an OS upgrade to Windows 2016.
The error from MsDeploy was not entirely correct in our situation and we noticed that if the deployment user was remoted onto the server the deploy would complete successfully.
Upon looking at the event log I noticed that there was an error stating that the deployment account failed to logon with a reason 'The NetLogon component is not active.'
Sure enough, the NetLogon service was stopped. Starting it meant the deployments worked again.
I'm using SharpDevelop and can test/see the app using "Use IIS Express Web Server" selected in the project property. But when I try to change to "Use local IIS Web Server" and hit "Create application/virtual directory", an error message show up that said:
Filename: redirection.config
Error: Cannot read configuration file due to insufficient permissions
At end, what I need is deploy MVC 2 app to a IIS Server, first to a local server and then to a remote server.
The problem can be solved running SharpDevelop as Admin.
I have a a web site on a IIS on a remote machine. I would like to sync the website on the remote server to a local IISExpress. Currently I do not have the site on my local IISExpress. I am using the following msdeploy.exe command line (Here I formatted it in several lines, but of course the actual command is a single line):
msdeploy.exe
-verb:sync
-source:webApp="mysubdomain.mydomain.com",computername=mycomputer,userName=myuser,password=mypassword
-dest:auto
-apphostconfigdir=C:\Users\steen\Documents\IISExpress\config
-webserverdir="c:\program files (x86)\IIS Express"
I get following error returned:
Error: Application Definition with path 'mysubdomain.mydomain.com' does not exist.
Am I doing it wrong?
Do I need to have the site on my local IISExpress before I can sync (is there any workaround if I must have it locally first?)?
In the -source argument, try using the name of the web application for webApp (e.g. webApp="wordpress") and specifying the URL for your server in the computername argument. I don't think you need to have the site locally to begin with, but of course you'll need to have whatever web application the site uses installed locally.
Links: webApp: Web Deploy webApp Provider; computername: Web Deploy Provider Settings.
I am trying to view the dependencies of my website on IIS 6.0 running on windows server 2003. When I type the following command,
msdeploy -verb:getDependencies -source:metakey=lm/w3svc/1
I got the following error:
C:\Program Files\IIS\Microsoft Web Deploy>msdeploy -verb:getDependencies -source
:metakey=lm/w3svc/1
Error: Object of type 'metaKey' and path 'lm/w3svc/1' cannot be created
Error: The metabase key '/lm/w3svc/1' could not be found.
Error: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Error count: 1
Can any one explain these to me?
check if a website with Site ID 1 exists (/lm/w3svc/1)
Click on Web Sites node in left pane and check identifier column in right pan (IIS 6)
usman has it... and no, logging in as administrator doesn't take care of running the console in administration mode. Even if you're logged in as an administrator (or THE administrator) you still have to run the console in administrator mode.