I'm trying to sync an app pool from my local machine to a remote server using IIS Credentials
this is the command I run
msdeploy.exe
-verb:sync
-source:appPoolConfig='MyAppPool'
-dest:appPoolConfig,
computerName='https://remoteserver.com:8172/MSDeploy.axd',
userName='WebDeploy',
password='Pa$$word',
authtype='Basic',
includeAcls='False'
-enableLink:AppPoolExtension
-disableLink:CertificateExtension
-allowUntrusted
but I keep getting
Error Code: ERROR_USER_UNAUTHORIZED
More Information: Connected to the remote computer ("dev.dash.exceptron.com") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.
I can sync existing sites just fine, but I can't create sites or app pools. I'm thinking it might have something to do with the fact that my user has a level of "Site", and app pool doesn't fit that level.
Found the problem, it seems like IIS credentials don't have permission do do many tasks, using authtype='NTLM' and a Windows username and password fixed the issue.
This link also seems useful,
http://blog.scnetstudio.com/post/2011/01/08/How-to-Configure-Windows-Server-2008-R2-to-support-Web-Deploy-(for-Web-Matrix).aspx
Related
I am trying to serve static files from a file server running Windows Server 2016. I would like to use a group managed service account for the connection.
I have attempted configuring IIS on Windows Server 2012 to use the gmsa. The Test-ADServiceAccount cmdlet returns True for the gmsa I am attempting to use on the IIS host. I have gone under the basic settings option of the IIS site configuration and used the "connect as" button and set it to the gmsa account with no password. The prompt then says "Connect as 'gmsa-foo$'". However, when I attempt to press "ok", I get an error that the specified password is invalid.
Can I use a gmsa to allow access to the remotely hosted static files that I want to serve? Do I need to use a particular version of Windows Server to do so?
Make sure you added the gMSA account in the application pool identity.
It should be noted that this account may show unexpected behavior in IIS manager. For example, if you click on “Basic Settings” for an application that uses this account for its application pool, “Test Settings” may give you an error indicating “the user name or password is incorrect”. Usually, this can be ignored. Browsing any page in the application would be a better test – as long as you don’t receive a 503 response, the application pool username/password is fine.
You could get more information from the below document:
Windows Server 2012: Group Managed Service Accounts
Here is the scenario:
A web server is running on IIS 8.5 using AppPoolIdendtity to pass through the credential to connect to Reporting Service which is remotely installed in a MSSQL Server.
The reporting service has added the machine account DOMAIN\MACHINENAME$ to the system role assignment from http://MSSSQLRS/ReportServer as System Administrator like this:
The permissions granted to user ' are insufficient for performing this operation. (rsAccessDenied)"}
Testing local MSSQL server is smooth with local access. However, whenever the connection is established from the IIS web server. The "rsAccessDenied" error came up as DOMAIN\MACHINENAME$ user.
Not sure what else is wrong either on the WEB IIS or MSSQL server....
Sounds like RS Windows NTLM is not configured correctly. See this article.
I have teamlab running very well on a godaddy virtual dedicated server and I am now moving to Azure VM server, I copied all teamlab files to this new server and ran the teamlab service, but when I open the website I get this error:
Security Exception
Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the
required permission please contact your system administrator or change
the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Invalid username
or password.
I compared all IIS config on both servers and they are both the same now, what should I check else to run this?
Note old server IIS7.5 new server IIS8
I have a .net 2.0 app being hosted on IIS, that connects to a Ingres DB. The connection uses iBatis with an ODBC driver to connect to an ingres database being protected behind an installation password.
For some reason, when I'm debugging my code, everything runs fine. It establishes the connection without any problems. However, when I try to host the site on my local IIS, ingres comes back with this error
ERROR [5000H] [CA][Ingres ODBC Driver][Ingres]User authorization check failed.
Your user identifier was not known to this installation.
Contact your system manager for further assistance.
ERROR [08S01] [CA][Ingres ODBC Driver][Ingres]The connection to the server has been aborted.
I'm wondering why the installation password would work fine against my debug session, and refuse to connect behind IIS? Does IIS use a different 'name' that isn't my computer name to establish a connection with the installation password?
The connection is being rejected because the target server is not aware of the user trying to connect or that user has not been added. Check to see if the process owner of your local IIS instance is a valid ingres user. IIRC the account name is normally something like IUSR_MACHINENAME, where MACHINENAME is the hostname of your IIS box. Add the user account using the following SQL on the server:
echo "create user IUSR_MACHINENAME\g" | sql iidbdb
I have recently had some problems that I think might be helped by debugging my ASP.NET MVC application in IIS instead of with the default ASP.NET Development Server. However, when I try this the application can't access the database server (MS SQL Server 2008 Express) - it works fine on the Development Server though.
The error I get is
Cannot open database 'myDbName' requested by the login. The login failed.
Login failed for user 'NT INSTANCE/NETWORK SERVICE'.
I assume it worked before because the development server accessed the database through my user account, and not via the network service like IIS.
I tried adding the user NETWORK SERVICE to the database, but it turns out I don't have the user privileges to do so - it doesn't matter that my Windows account that I log on to the server with is admin, or that I run the program in an administrator context. I just can't add another user to the DB.
How do I solve this problem?
You could change the user that IIS runs under: it's a setting in the properties for the ApplicationPool that your web site's running under.
We do this all the time as it gives us better control over user access - that NT INSTANCE/NETWORK SERVICE account's a bit too magic for my liking...
NETWORK SERVICE is a special account. If your database server is on another machine from your IIS server, you need to add the account:
\$ as a user for the database. So if you're on a IIS Server called LISA on the SPRINGFIELD network, you would need to grant access to SPRINGFIELD\LISA$ to your database. Note the dollar sign which denotes your user as a machine account and not an actual person.
If your database server and your IIS server are one and the same, grant access to the account "NT AUTHORITY\NETWORK SERVICE". That's the whole name of the account. And that should work.
Are you running a non-english Operation System?
For some reasons, the account name of "NT Authority\Network Service" has been localized in other languages.
Sadly, a lot of programs have the account name hard coded to the english name, and won't find the Network Service when running on foreign versions of Windows.