msdeploy(Web 部署)因 401 身份验证问题而失败
我正在尝试安装并设置 msdeploy。我已在 Web 服务器上安装了远程服务,但所有测试均给出 401 未经授权的错误。服务器是Windows 2008 R2。
我正在测试一个非常简单的 msdeploy 命令:
msdeploy -verb:dump -source:contentPath=c:\inetpub\wwwroot\MyApp,computerName=<IP HERE>,userName=Domain\msdeploy,password=MyPassword
错误:
Error: Object of type 'contentPath' and path 'c:\inetpub\wwwroot\MonApp' cannot be created.
Error: Remote agent (URL http://<IP HERE>/MSDEPLOYAGENTSERVICE) could not be contacted. Make sure the remote agent service is installed and started on the target computer.
Error: An unsupported response was received. The response header 'MSDeploy.Response' was '' but 'v1' was expected.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.
我创建了一个名为 msdeploy 的用户,并将其添加到服务器上的本地管理员组中。
我已经检查过:
- 该服务安装正确,并且我启动了它
- 不使用用户名的域部分并添加 authType=Basic 的各种组合
- 为每个人提供对该文件夹的完全权限
- 在 IIS 中允许远程连接
- 添加了管理服务委派规则我的 contentPath 和 iisApp 的“msdeploy”用户(大致基于阅读 这个)
- 尝试使用我用于 RDC 到服务器的不同管理员帐户...
- 尝试使用不同的 contentPaths 和不同的 msdeploy 命令
- 创建一个特定帐户,并将该帐户添加到 IIS_Users。将该用户添加到我的网站“IIS 管理器权限”,并为所有提供商设置“管理服务委派”。
I'm trying to get msdeploy installed and set up. I've installed the remote service on the web server, but all my tests are giving me a 401 unauthorised error. The server is Windows 2008 R2.
I'm testing a very simple msdeploy command:
msdeploy -verb:dump -source:contentPath=c:\inetpub\wwwroot\MyApp,computerName=<IP HERE>,userName=Domain\msdeploy,password=MyPassword
And the error:
Error: Object of type 'contentPath' and path 'c:\inetpub\wwwroot\MonApp' cannot be created.
Error: Remote agent (URL http://<IP HERE>/MSDEPLOYAGENTSERVICE) could not be contacted. Make sure the remote agent service is installed and started on the target computer.
Error: An unsupported response was received. The response header 'MSDeploy.Response' was '' but 'v1' was expected.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.
I created a user called msdeploy and I added it to the local admins group on the server.
I've checked:
- That the service installed properly and I started it
- Various combinations of not using the domain part of the username, and adding authType=Basic
- Given full permissions to that folder to everyone
- In IIS allow remote connections
- Added Management Service Delegation rules for my "msdeploy" user for contentPath and iisApp (loosely based on reading this)
- Tried with a different admin account I use for RDC to the server...
- Tried with different contentPaths and different msdeploy commands
- Created a specific account, and added that account to the IIS_Users. Added that user to my web site "IIS Manager Permissions", and setup "Management Service Delegation" for all providers.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
我假设您已按照本文正确配置了 WebDeploy 2.0 的服务器:
注意:MS 已经发布了 Web Deploy 2.0 的更新版本,原始链接不再有效。我已经更新了此内容,但我认为随着时间的推移,它将成为一个移动目标。
您还需要在您的开发/构建/CI 计算机上安装 Web Deploy 2.0。
如果您仍在使用 1.0 那么我建议升级,2.0 中有一些巨大的改进。
使用 Visual Studio 2010 的发布功能:
Visual Studio 可以通过右键单击网站并选择“发布”来发布网站。这将显示以下对话框:
Visual Studio 2010 和 WebDeploy 2.0 有一些问题。首先,VS2010 不支持 WebDeploy/MSDeploy 2.0。因此,如果您尝试发布,您将收到如下错误:
您还将在失败的请求跟踪中看到以下错误:服务器上的 Web 管理服务位于
C:\inetpub\logs\wmsvc\TracingLogFiles\W3SVC1假设您已打开此服务:驱动器号将根据 IIS 站点所在的驱动器而有所不同。
GUI 内的发布机制开箱即用,默认使用错误版本的 MSDeploy (1.0)。我们想要告诉 VS2010 使用 MSDeploy 2.0。您可以通过编辑 Visual Studio 2010 的
devenv.exe.config文件来执行此操作(假设您执行了默认的c:\驱动器安装):对于 64 位系统:c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE
对于 32 位系统:
c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE在您最喜欢的 XML 编辑器中打开
devenv.exe.config(我刚刚使用 Visual Studio 2010 本身)并复制以下 xml:将其添加到
/configuration/runtime/ assemblyBinding部分:完成此操作后,请关闭 Visual Studio 2010 的所有实例以使此更改生效。重新启动VS2010,打开一个Web项目,然后再次尝试发布。这次应该会成功。
使用构建包发布:
Visual Studio 可以生成可以从命令行执行的构建包。这是使用
Project -> 生成的构建部署包。方便持续集成等(也可以使用带有/t:Package开关的 msbuild 生成包)。包的输出文件夹通常默认为 obj\Package。
不幸的是,Visual Studio 2010 遇到了一些错误,并生成了一个针对 1.0 的 msdeploy 包装批处理脚本,并针对服务器而不是站点级别的部署。
除了创建自己的 msdeploy.exe 命令行之外,没有快速解决此问题的方法。我将其分成几行,以使其更具可读性。:
"C:\Program Files\IIS\Microsoft Web Deploy v2\\msdeploy.exe" -source:archiveDir='d:\sites\DemoApp\obj\Package\Archive' -dest: auto, computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename', userName='demosite', password='somepassword', authtype='basic', includeAcls='False' -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"d:\sites\DemoApp\obj\Package\Archive.SetParameters.xml" -allowuntrusted首先要注意的是
msdeploy.exe的路径。 Visual Studio 生成版本 1.0 的路径。我已经将其更改为使用 2.0。值得注意的参数:
-source:archiveDir=告诉 msdeploy 我们正在部署包并提供本地位置computerName='https://yoursite.com:8172 /msdeploy.axd?site=yoursitename'- 这告诉 MSDEPLOY 部署到 IIS7 上的特定站点。yoursitename应与 IIS 中的站点名称完全匹配。userName和password是网站委派管理员用户的名称。这是使用站点级别的“IIS 管理器权限”功能进行配置的。该帐户必须是本地 Windows 用户帐户。-authtype='basic'- 这会强制进行基本身份验证,否则会尝试 NTLM 身份验证。-allowuntrusted- 如果您使用内置的自签名 SSL 证书,则会忽略任何 SSL 证书错误。如果您使用该命令行,那么您应该能够成功部署到远程 IIS7 服务器。
发布原始内容:
有时我们只想直接从本地文件夹发布一些静态内容(甚至可能是经典 ASP 或 PHP 站点)。我们可以使用以下
msdeploy.exe命令行来执行此操作:"C:\Program Files\IIS\Microsoft Web Deploy v2\\msdeploy.exe" -source:contentPath='d:\websites\mysite' -dest: contentPath='yoursitename', computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename', userName='demosite', password='somepassword', authtype='basic', includeAcls='False' -verb:sync -allowuntrusted对于
-dest:contentPath和computerName再次应用与之前相同的规则。我相信 MSDeploy 版本问题将在 SP1 中得到解决(我还没有机会查看)。
最后一个 VS2010 问题:
使用 Visual Studio 2010 进行发布时,“发布”构建包会导致网站匿名帐户的 ACL 对所有文件和文件夹更改为只读,
>App_Data文件夹已更改为“读取”和“写入”。可以通过将以下设置添加到每个
或者如果您使用的是 msbuild:
我从这里发现了有用的金块:
I'm assuming you've configured your server correctly for WebDeploy 2.0 as per this article:
Note: MS have released a refresh of Web Deploy 2.0 and the original link isn't really valid any more. I've updated this but I think it'll be a moving target over time.
You also need to install Web Deploy 2.0 on your development/build/CI machine.
If you're still using 1.0 then I recommend upgrading, there are some huge improvements in 2.0.
Using Visual Studio 2010's Publish Feature:
Visual Studio can publish a site by right clicking on the site and selecting "Publish". This brings up the following dialogue:
There are a couple of gotcha's with Visual Studio 2010 and WebDeploy 2.0. The first is that VS2010 isn't WebDeploy/MSDeploy 2.0 aware. So if you try to publish you will get an error such as the following:
You'll also see the following error in the Failed Request Tracing for the web management service on the server in
C:\inetpub\logs\wmsvc\TracingLogFiles\W3SVC1assuming you have this turned on:The drive letter will vary according to which drive your IIS site is located on.
Out of the box, the in-GUI Publish mechanism defaults to using the wrong version of MSDeploy (1.0). We want to tell VS2010 to use MSDeploy 2.0. You can do this by editing Visual Studio 2010's
devenv.exe.configfile which is located in (assuming you did a defaultc:\drive install):For 64 bit systems:
c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDEFor 32 bit systems:
c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDEOpen up
devenv.exe.configin your favourite XML editor (I just used Visual Studio 2010 itself) and copy the following xml:Add this to the
/configuration/runtime/assemblyBindingsection:Once you've done this close all instances of Visual Studio 2010 to allow this change to take effect. Restart VS2010, open a web project and then try to publish again. This time it should be successful.
Publishing using a Build Package:
Visual Studio can produce a Build Package that can be executed from the command line. This is generated using
Project -> Build Deployment Package. Handy for continuous integration and the like (the package can also be generated using msbuild with the/t:Packageswitch).The output folder for the package usually defaults to
obj\Package.Unfortunately Visual Studio 2010 gets this a bit wrong and generates a msdeploy wrapper batch script targetting 1.0 and targetting deployment at the server rather than site level.
There's no quick fix for this other than to craft your own msdeploy.exe command line. I've split this across several lines to make this a bit more readable.:
"C:\Program Files\IIS\Microsoft Web Deploy v2\\msdeploy.exe" -source:archiveDir='d:\sites\DemoApp\obj\Package\Archive' -dest: auto, computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename', userName='demosite', password='somepassword', authtype='basic', includeAcls='False' -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"d:\sites\DemoApp\obj\Package\Archive.SetParameters.xml" -allowuntrustedThe first thing to note is the path to
msdeploy.exe. Visual Studio generates a path to version 1.0. I've changed this to use 2.0.Notable parameters:
-source:archiveDir=tells msdeploy we're deploying a package and provides the local locationcomputerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename'- this tells MSDEPLOY to deploy to a specific site on IIS7.yoursitenameshould exactly match the name of the site in IIS.userNameandpasswordare is the name of the delegated manager user for the site. This is configured using the "IIS Manager Permissions" feature at the site level. The account needs to be a local Windows user account.-authtype='basic'- this forces basic authentication otherwise NTLM authentication is attempted.-allowuntrusted- this ignores any SSL certificate errors if you use the built-in self signed SSL cert.If you use that command line then you should be able to deploy to a remote IIS7 server with success.
Publishing Raw Content:
Sometimes we want to just publish some static content (or maybe even a Classic ASP or PHP site) directly from a local folder. We can do this using the following
msdeploy.execommand line:"C:\Program Files\IIS\Microsoft Web Deploy v2\\msdeploy.exe" -source:contentPath='d:\websites\mysite' -dest: contentPath='yoursitename', computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename', userName='demosite', password='somepassword', authtype='basic', includeAcls='False' -verb:sync -allowuntrustedAgain the same rules apply as before for
-dest:contentPathandcomputerName.I believe the MSDeploy version issues will be resolved in SP1 (which I haven't had a chance to look at yet).
One Final VS2010 Gotcha:
When publishing using Visual Studio 2010, the "Publish" build package causes the ACL's of the site's anonymous account to change to Read Only for all files and folders with the exception of the
App_Datafolder which is changed to Read and Write.This can be worked around by adding the following setting to the
.csprojfile under each<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">:Or if you're using msbuild:
I found that useful nugget from here:
对我来说,发布在 Visual Studio 中工作,但当我运行
.deploy.cmd脚本时它不起作用。通过在
.csproj中设置true 我的
.deploy.cmd的问题是:computerName< 中的?site=/代码>。-dest:参数中使用AuthType='Basic'。For me, publishing worked in Visual Studio, but it did not work when I ran the
.deploy.cmdscript.By setting
<UseMsdeployExe>true</UseMsdeployExe>in your.csproj, you can force VS to use msdeploy.exe instead of an MSBuild task. Then by turning up the logging level (Tools > Options > Projects and Solutions > Build and Run > MSBuild project build output verbosity) you can see the command line that VS uses.The problems with my
.deploy.cmdwere:?site=<SITENAME>in thecomputerName.AuthType='Basic'in the-dest:parameter.我们面临着与您类似的问题。
为此,您需要在服务中启动远程代理服务。
我们使用 PC 名称是因为 IP 地址出错。所以尝试使用电脑名称、用户名和密码。
We were facing a similar problem as yours.
For this you need to start the remote agent service in services.
We used the PC name because the IP address was giving an error. So try to use pc name, username and password.
最后,我从未弄清楚我的部署用户帐户缺少哪些权限 - 但发现如果我使用计算机管理员帐户,部署就会成功。目前我正在使用管理员帐户进行部署。
感谢 Kev 对设置 MS 部署 2 所做的精彩而内容丰富的总结:)
In the end I never did suss out what permissions I was missing with my deploy user account - but found that if I used the machine admin account, that the deployment would succeed. For now I'm using the admin account to do the deployment.
Kudos to Kev for the fantastic and informative summary of setting up ms deploy 2 :)
为了它的价值。发布对我来说很有效,然后有一天我遇到了同样的问题(401 未经授权的错误),重新启动 VS2012 解决了该问题。希望在尝试其他所有解决方案之前我已经尝试过这一点。
For what it's worth. Publishing was working for me and then one day I had this very same issue (401 unauthorised error) Restarting VS2012 resolved the issue. Wish I had tried that before trying out every other solution.