问题
I am trying to deploy using Team Build 2010 to a Windows Server 2008 R2 web server. My build server agent is setup to run under a Windows domain account. I have successfully given this domain account permissions on my web server for the deployment using the IIS Manager permissions. This account is not an Administrator on the web server. I can get the build deploying just fine using the following parameters:
/p:DeployOnBuild=True
/p:DeployTarget=MsDeployPublish
/p:CreatePackageOnPublish=False
/p:MSDeployPublishMethod=WMSVC
/p:AllowUntrustedCertificate=True
/p:MSDeployServiceUrl=webservername
/p:DeployIisAppPath="Web Site Name"
/p:UserName=DOMAIN\BUILDID
/p:Password=buildidpassword
Because other developers are going to be setting up their builds, and I would rather not publish the password for the domain account, I need to use NTLM authentication to deploy. I would like to continue using the Web Management service method (WMSVC) for deployment so the BUILDID doesn't have to be an administrator.
I have dug deep into the "Microsoft.Web.Publishing.targets" and it appears that I should be able to pass an AuthType parameter to control the authorization type, but it appears to not have any effect. I have tried:
/p:DeployOnBuild=True
/p:DeployTarget=MsDeployPublish
/p:CreatePackageOnPublish=False
/p:MSDeployPublishMethod=WMSVC
/p:AllowUntrustedCertificate=True
/p:MSDeployServiceUrl=webservername
/p:DeployIisAppPath="Web Site Name"
/p:AuthType=NTLM
And I have also tried putting a blank username (as seen elsewhere on StackOverflow), to no avail. I continue to get the error:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets(3847,5)
: error : Web deployment task failed.(Connected to the destination computer ("webservername") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site.)
I have also tried the UseMsdeployexe
parameter as mentioned in the previous link, but I then get other errors related to the web.config transformation. It looks like the issue is already on Microsoft Connect and is listed as being fixed in the next issue.
回答1:
There is an additional step, which I never picked up on:
Source
You can optionally enable users to authenticate with the Web Management Service using NTLM. To do this, update the registry on the server by adding a DWORD key named "WindowsAuthenticationEnabled" under HKEY_LOCAL_MACHINE\Software\Microsoft\WebManagement\Server, and set it to 1. If the Web Management Service is already started, the setting will take effect after the service is restarted.
回答2:
If it is failing using NTLM then the team build service agent needs to be given permission to your site to allow non-administrators to connect to the site or application deployment server access. You can configure this under Management Service .
You might want to also take a look at configuring the web deployment provider settings. Web Deploy Provider Settings
If the wmsvc provider setting is specified, the default authentication type is Basic; otherwise, the default authentication type is NTLM.
You could also encrypted your password using the encryptPassword parameter and configuring the setup on the hosted server if you are wanted to use basic authentication type.
Hope this helps.
This error code can surface because of a number of different reasons. It typically indicates an authentication or authorization problem, and can happen because of any of hte following reasons:
If connecting using the Web Management Service:
- Verify that the username and password are correct
- Verify that the site exists
- Verify that the user has IIS Manager Permissions to the site's scope
If connecting using the Remote Agent Service:
- Verify that the username and password are correct
- Verify that the user account you specified is a member of the Administrators group on the remote computer. NOTE: Because of a bug in Web Deploy 2.0, the user must be either the built-in Administrator or a member of the Domain Administrators security group. Attempts to sync with any other user account, even if it is an administrator, will see this error code. Verify that the site exists
来源:https://stackoverflow.com/questions/7639597/how-do-i-deploy-using-msdeploy-in-team-build-2010-using-the-wmsvc-service-and-nt