I'm trying to deploy from a teamcity server to my iis server but I get unauthorized when I use an IIS Manager user set up in IIS. If I use a Windows account it works just fine. Am I missing something?
I thought it was enough to create an IIS Manager User in ISS, or do I have to add that user to the domain or server I'm trying to deploy to?
In the Management Service Delegation I have added two rules, it could probably be combined into one. The first rule is for contentPath and iisApp and the second is for createApp. Both rules are run as an administrator user. I have added that all users (*) are allowed to execute the rule.
Is it something else I need to enable on the target server for it to work with IIS Manager Users?
I get the following message in my event viewer:
IISWMSVC_AUTHORIZATION_SERVER_NOT_ALLOWED
Only Windows Administrators are allowed to connect using a server connection.
Other users should use the 'Connect To Site or Application' task to be able to connect.
Process:WMSvc
Ok, I've been looking for an answer for some time and couldn't find it... but of course I figure it out myself as soon as I post the question here. The answer to my problem was that I have to add the IIS Manager User to the site which I want to deploy to. So if I selected the sites and then opened up the "IIS Manager Permissions" and added my user it all started working just as expected.
Related
I am trying to serve static files from a file server running Windows Server 2016. I would like to use a group managed service account for the connection.
I have attempted configuring IIS on Windows Server 2012 to use the gmsa. The Test-ADServiceAccount cmdlet returns True for the gmsa I am attempting to use on the IIS host. I have gone under the basic settings option of the IIS site configuration and used the "connect as" button and set it to the gmsa account with no password. The prompt then says "Connect as 'gmsa-foo$'". However, when I attempt to press "ok", I get an error that the specified password is invalid.
Can I use a gmsa to allow access to the remotely hosted static files that I want to serve? Do I need to use a particular version of Windows Server to do so?
Make sure you added the gMSA account in the application pool identity.
It should be noted that this account may show unexpected behavior in IIS manager. For example, if you click on “Basic Settings” for an application that uses this account for its application pool, “Test Settings” may give you an error indicating “the user name or password is incorrect”. Usually, this can be ignored. Browsing any page in the application would be a better test – as long as you don’t receive a 503 response, the application pool username/password is fine.
You could get more information from the below document:
Windows Server 2012: Group Managed Service Accounts
I am trying to learn how to setup Web Deploy functionality on both sides Server and host/client computer. Created a Windows Server 2012 Web Server in Hyper-V and able to access default web page in host/client computer. On server installed Web Maintenance Service, Web Deploy 3.5 and performed all the required steps e.g. "Configure Web Deploy Publishing" and added Administrator to IIS Manager Permission for the website in IIS. I disabled Firewall totally to make it work for the first time.
On client computer I created a dummy MVC Application in Visual Studio and trying to create publish profile for this app. As soon as I hit the Validate Connection I got the option to receive and save the security certificate from server but after that in gives me following warning (snapshot):
Tried doing all the steps all over but no luck.
I am open to all feedback. Thanks in advance.
Found the solution. Instead of adding publish information manually, I am suppose to use publishsetting file generated in server through "Configure Web Deploy Publishing" feature of IIS. Server address ends with file name which ends with .axd
What are the permissions needed for running delegated deployments, using MSDeploy, targeting a Windows 2003 Server / IIS 6.0 ?
EDIT: this is a duplicate of ... How to allow non-admin user to deploy web applications on IIS 6 using web deploy
IIS6 can't be published to directly via Web Deploy, so you will need to use Web Deployment Agent. Once you have setup the agent, the endpoint address should look something like this:
http://myserver/MsDeployAgentService
Note this is not an HTTPS address and does not explicitly specify a port. Also, the account publishing to this endpoint must have admin rights on the server (nasty, but necessary). Finally, make sure the "Web Deployment Agent Service" is actually running because it's not set to start automatically by default.
I use windows xp and IIS 5 for web development. For database connection the credentials are set up as Integrated Security. It works fine our our DEV server (IIS 6) where they have configured the App Pool to run under the context of a domain account which has dbo access on the database. I myself also have dbo access in the database.
But when I run from my localhost the database connection failed (under Integrated Security=true) saying user '' has no previleged. So its passing a blank string as user instead of my logged in domain accountj ("domainname\myname"). How do I configure my localhost IIS so that it passed my logged in domain account as a user to the sql server? Basically I'm trying to silumate the apppool on IIS-5in my local machine.
I tried changing the "Log on as" on World wide web services & IIS Admin on my local machine services console, restarted it and did an IISRESET. Nothing seems to fix the problem.
Also I tried putting my domain user name (domainname\username) and password in the connection string by removing integreated security=true. Still that also not works
I am an administrator on my local machine. I tried different things like making aspnet user an administrator,log as as service etc etc with no luck
Please advice me how to configure IIS5 to run under a different account. thanks in advance
You need to set the user for anonymous login to be the domain account. I forget what tab it is on but it is there somewhere.
I think this link will point you in the correct direction
http://support.microsoft.com/kb/310344
Use IIS Express -- it is IIS7 for XP.
I'm trying to get msdeploy working from the command line, and can successfully test against the WMSVC directly (using HTTPS, port 8172) with both a local admin account and using an IIS Manager user account. Here's the command line:
> msdeploy -verb:dump -source:appHostConfig=MyWebsite,wmsvc=myserver,username=iisuser,password=password -allowuntrusted
So, wmsvc= directs msdeploy to use https://myserver:8172/msdeploy.axd . However, because the target host firewall doesn't allow port 8172, I'd really like to use the Web Deployment Agent Service over port 80. But, it responds with a 401 when I change wmsvc to computerName:
> msdeploy -verb:dump -source:appHostConfig=MyWebsite,computername=myserver,username=myserver\localadmin,password=password
where computername= directs msdeploy to use http://myserver/MSDEPLOYAGENTSERVICE . In a browser, that URL prompts for username/password, and returns a blank page (if authenticated), so it seems to be listening and authenticating properly. Also, I've added full rights to the site root for NETWORK SERVICE.
What's the difference in using the Web Deployment Agent Service over the standard WMSVC? Thanks in advance!
As far as I've discovered so far, the differences are:
WMSVC is tightly bound with IIS, whereas the remote agent appears not to be
WMSVC users can be windows or IIS users, and you can delegate permissions via the IIS manager so they can run some tasks under other security accounts etc. You can also control the paths that they are allowed to do things under.
Remote agent users can only execute tasks within the context of their own account on the machine: you control what they can do directly through the windows security mechanism.