I'm trying to get msdeploy working from the command line, and can successfully test against the WMSVC directly (using HTTPS, port 8172) with both a local admin account and using an IIS Manager user account. Here's the command line:
> msdeploy -verb:dump -source:appHostConfig=MyWebsite,wmsvc=myserver,username=iisuser,password=password -allowuntrusted
So, wmsvc= directs msdeploy to use https://myserver:8172/msdeploy.axd . However, because the target host firewall doesn't allow port 8172, I'd really like to use the Web Deployment Agent Service over port 80. But, it responds with a 401 when I change wmsvc to computerName:
> msdeploy -verb:dump -source:appHostConfig=MyWebsite,computername=myserver,username=myserver\localadmin,password=password
where computername= directs msdeploy to use http://myserver/MSDEPLOYAGENTSERVICE . In a browser, that URL prompts for username/password, and returns a blank page (if authenticated), so it seems to be listening and authenticating properly. Also, I've added full rights to the site root for NETWORK SERVICE.
What's the difference in using the Web Deployment Agent Service over the standard WMSVC? Thanks in advance!
As far as I've discovered so far, the differences are:
WMSVC is tightly bound with IIS, whereas the remote agent appears not to be
WMSVC users can be windows or IIS users, and you can delegate permissions via the IIS manager so they can run some tasks under other security accounts etc. You can also control the paths that they are allowed to do things under.
Remote agent users can only execute tasks within the context of their own account on the machine: you control what they can do directly through the windows security mechanism.
Related
I am trying to serve static files from a file server running Windows Server 2016. I would like to use a group managed service account for the connection.
I have attempted configuring IIS on Windows Server 2012 to use the gmsa. The Test-ADServiceAccount cmdlet returns True for the gmsa I am attempting to use on the IIS host. I have gone under the basic settings option of the IIS site configuration and used the "connect as" button and set it to the gmsa account with no password. The prompt then says "Connect as 'gmsa-foo$'". However, when I attempt to press "ok", I get an error that the specified password is invalid.
Can I use a gmsa to allow access to the remotely hosted static files that I want to serve? Do I need to use a particular version of Windows Server to do so?
Make sure you added the gMSA account in the application pool identity.
It should be noted that this account may show unexpected behavior in IIS manager. For example, if you click on “Basic Settings” for an application that uses this account for its application pool, “Test Settings” may give you an error indicating “the user name or password is incorrect”. Usually, this can be ignored. Browsing any page in the application would be a better test – as long as you don’t receive a 503 response, the application pool username/password is fine.
You could get more information from the below document:
Windows Server 2012: Group Managed Service Accounts
I am deploying multiple web sites on Windows Azure cloud service on Single web role. I have added required binding and host file entries. when I run ping command I am getting the response as well.
However when RDP to VM and browse the site locally on VM as localhost
it is not reachable and showing 404 not found.
Error from IIS events
The application '/' belonging to site '1' has an invalid AppPoolId 'DefaultAppPool' set. Therefore, the application will be ignored.
when RDP to VM and browse the site locally on VM as localhost it is not reachable and showing 404 not found.
I access the desktop of your web role running in Azure and add a new Web site to your Web server, I can browse the site locally. If possible, you can try to create a new web site to server static html files and check if it works fine, or you can share us the detailed information of bindings and your application.
Add a website:
Settings:
Application pool:
Browse site locally:
The application '/' belonging to site '1' has an invalid AppPoolId 'DefaultAppPool' set. Therefore, the application will be ignored.
Some community members encounter and post similar issue in this so thread, you can check if any .dll files are missing or 32-bit libraries are used.
I've previously had Web Deploy up and running without any issues. Following a company wide installation of Bitdefender, Web Deploy has stopped working. I've tried the following without any success
Added the following rule to Bitdefender firewall
Local Address: Any
Remote Address: our server IP port 8172
Protocol: TCP
Direction: Both
IP: Any
Network: Home / Office
Permission: Allow
Using the following telnet command, telnet [IP address] 8172, I get a blank screen.
Navigating to the URL for the publishing server connection, I'm prompted with a login and then a blank screen.
I don't have Fiddler, or anything similar, running.
I've tried on other machines in our office yet I get the same response.
Re-installed Web Deploy via Web Platform Installer Recommended Server Configuration for Web Hosting Providers and using command prompt I've restarted the agent services with the following commands
net stop msdepsvc & net start msdepsvc
net stop wmsvc & net start wmsvc
I've added IIS Manager Permissions to the appropriate site in IIS, using the server administrator account (which worked in the past) and configured web deploy publishing.
I'm running out of ideas of what to try so I'd appreciate any suggestions.
When attempting to validate the connection in Visual Studio I see the failed notification, "The operation has timed out".
The problem is in the Policies for Content Control. Exceptions need to be added for the sites you would like to web deploy to.
Click on policies, then go to the policy that applies to your development system. In my case this was "IT Policy." If you don't know, you can go to Network and drill down through Active Directory to find what policy applies.
Next, go to Content Control => Traffic. Check the boxes for Web (HTTP traffic) and Traffic Scan exclusions. Then add the URL or IP address for whatever system you are trying to deploy to (We used IP).
Hope that helps!
What are the permissions needed for running delegated deployments, using MSDeploy, targeting a Windows 2003 Server / IIS 6.0 ?
EDIT: this is a duplicate of ... How to allow non-admin user to deploy web applications on IIS 6 using web deploy
IIS6 can't be published to directly via Web Deploy, so you will need to use Web Deployment Agent. Once you have setup the agent, the endpoint address should look something like this:
http://myserver/MsDeployAgentService
Note this is not an HTTPS address and does not explicitly specify a port. Also, the account publishing to this endpoint must have admin rights on the server (nasty, but necessary). Finally, make sure the "Web Deployment Agent Service" is actually running because it's not set to start automatically by default.
I'm trying to deploy from a teamcity server to my iis server but I get unauthorized when I use an IIS Manager user set up in IIS. If I use a Windows account it works just fine. Am I missing something?
I thought it was enough to create an IIS Manager User in ISS, or do I have to add that user to the domain or server I'm trying to deploy to?
In the Management Service Delegation I have added two rules, it could probably be combined into one. The first rule is for contentPath and iisApp and the second is for createApp. Both rules are run as an administrator user. I have added that all users (*) are allowed to execute the rule.
Is it something else I need to enable on the target server for it to work with IIS Manager Users?
I get the following message in my event viewer:
IISWMSVC_AUTHORIZATION_SERVER_NOT_ALLOWED
Only Windows Administrators are allowed to connect using a server connection.
Other users should use the 'Connect To Site or Application' task to be able to connect.
Process:WMSvc
Ok, I've been looking for an answer for some time and couldn't find it... but of course I figure it out myself as soon as I post the question here. The answer to my problem was that I have to add the IIS Manager User to the site which I want to deploy to. So if I selected the sites and then opened up the "IIS Manager Permissions" and added my user it all started working just as expected.