You are currently browsing the tag archive for the ‘web deploy 2.0’ tag.

Here’s how I set up a Continuous Integration server using IIS7 and Web Deploy 2.0 for deploying an application remotely. Our technology stack is Asp.net MVC4, jQuery, knockout, Entity Framework 4.1 code first, and Oracle. On your IIS server do the following:

– Create new folders C:\[YourAppName] and C:\logs\[YourAppName] (for logging)
– Create local Windows User “MyUser” and grant him full control on directory C:\[YourAppName]
– Add “Management Service” Role Service (Right click Add role on Web server (IIS) in server manager)
– Add all “Common HTTP Features”
– Add all Application Development Features EXCEPT “CGI” and “Server Side Includes”

– Add Basic, Windows and Digest Authentication below Security
– Add all Management Tools Features
– Install Web Deploy 2.0 (WebDeploy_2_10_amd64_en-US.msi – Use Custom installation – select all by hand, complete has not all features enabled). Link:
http://www.microsoft.com/en-us/download/details.aspx?id=25230
– Create new website in IIS with name [YourAppName] and physical path C:\[YourAppName] – delete default website
– Configure the Default Web Site’s Web-Deployment permission list
– Right click Website and choose Deploy – Configure Web Deploy Publishing (in case that Deploy is not visible you need a server restart)
– Select local “MyUser” user
– Copy URL for the publishing server connection for later use
– Set .NET Framework version on the newly created Application Pool [YourAppName] to v4.0 (in Web Site Advance Settings) and Classic mode
– Restart server
– In the IIS Management on IIS level in “Management service delegation” add two new rules (Template “Deploy applications with Content”)
– Provider: contentPath, iisApp; Path: C:\[YourAppName]; Identity Type: Current user
– Provider: setAcl; Path: C:\[YourAppName]; Identity Type: Current user
– Enable Windows Authentication in the [YourAppName] Authentication Settings.
– Activate Remote Access in “Management Service” in IIS Management Console (IIS level)
– Active .NET 64 Bit in IIS => c:/windows/microsoft.net/.net 4.x/aspnet_regiis –i
– Allow ISAPI/CGI use for the .NET framework in IIs (ISAPI & CGI restrictions)
– Set the Web Management Service to “auto” in the Services management console
– Create c:/logs/[YourAppName] directory and give write permission to IIS account

I recently had a problem where our continuous integration build started failing out of the blue. The last message in the console output was:

Info: Using ID '913622f8-8063-47e5-9eef-44510c5b00ca' for connections to the remote server.
Info: Adding createApp (MyApp).
Error: (6/15/2012 3:06:01 PM) An error occurred when the request was processed on the remote computer.
Error: Unable to perform the operation. Please contact your server administrator to check authorization and delegation settings.

There was nothing in the IIS log files about this but there was an entry in the Event viewer saying that the password had expired for user “WDeployConfigWriter”:

Not able to log on the user '.\WDeployConfigWriter'. ---> System.Runtime.InteropServices.COMException (0x8007052E): Logon failure: unknown user name or bad password. (Exception from HRESULT: 0x8007052E)

So I reset the password and restarted IIS and the Application Pool and tried to build again. Same problems. I checked the Event viewer again and there was the same error as above except this time the user was “WDeployAdmin”. So I reset the pw again and also set both accounts to “password never expires”, followed by the same restarting of IIS and the App pool. Still the same problem though. So I reboot the server to see if this would help but the build still failed after this with the same errors.

After some more digging I found what these user accounts were actually used for. The Web Deploy installer has an option to “Configure for Non-administrator Deployments”. If this option is selected Web Deploy will automatically create Management Service Delegation rules for certain providers, as well as the accounts needed for providers like createApp and recycleApp that need elevated privileges:

Image

There are a set rules in the Management Service Delegation UI in IIS Manager after you install this component. Some of these rules operate under our 2 users above WDeployAdmin and WDeployConfigWriter. Double clicking on these rules allows them to be edited, and when I chose the Set button I could see that the user field was empty, so for some reason the user assignations to these rules were lost meaning I had to re-assign the users to their respective roles. After this the build started working again:

 

%d bloggers like this: