msdeploy(Web 部署)因 401 身份验证问题而失败

发布于 2024-10-07 11:49:15 字数 1350 浏览 13 评论 0原文

我正在尝试安装并设置 msdeploy。我已在 Web 服务器上安装了远程服务,但所有测试均给出 401 未经授权的错误。服务器是Windows 2008 R2。

我正在测试一个非常简单的 msdeploy 命令:

msdeploy -verb:dump -source:contentPath=c:\inetpub\wwwroot\MyApp,computerName=<IP HERE>,userName=Domain\msdeploy,password=MyPassword

错误:

Error: Object of type 'contentPath' and path 'c:\inetpub\wwwroot\MonApp' cannot be created.
Error: Remote agent (URL http://<IP HERE>/MSDEPLOYAGENTSERVICE) could not be contacted.  Make sure the remote agent service is installed and started on the target computer.
Error: An unsupported response was received. The response header 'MSDeploy.Response' was '' but 'v1' was expected.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.

我创建了一个名为 msdeploy 的用户,并将其添加到服务器上的本地管理员组中。

我已经检查过:

  • 该服务安装正确,并且我启动了它
  • 不使用用户名的域部分并添加 authType=Basic 的各种组合
  • 为每个人提供对该文件夹的完全权限
  • 在 IIS 中允许远程连接
  • 添加了管理服务委派规则我的 contentPath 和 iisApp 的“msdeploy”用户(大致基于阅读 这个
  • 尝试使用我用于 RDC 到服务器的不同管理员帐户...
  • 尝试使用不同的 contentPaths 和不同的 msdeploy 命令
  • 创建一个特定帐户,并将该帐户添加到 IIS_Users。将该用户添加到我的网站“IIS 管理器权限”,并为所有提供商设置“管理服务委派”。

I'm trying to get msdeploy installed and set up. I've installed the remote service on the web server, but all my tests are giving me a 401 unauthorised error. The server is Windows 2008 R2.

I'm testing a very simple msdeploy command:

msdeploy -verb:dump -source:contentPath=c:\inetpub\wwwroot\MyApp,computerName=<IP HERE>,userName=Domain\msdeploy,password=MyPassword

And the error:

Error: Object of type 'contentPath' and path 'c:\inetpub\wwwroot\MonApp' cannot be created.
Error: Remote agent (URL http://<IP HERE>/MSDEPLOYAGENTSERVICE) could not be contacted.  Make sure the remote agent service is installed and started on the target computer.
Error: An unsupported response was received. The response header 'MSDeploy.Response' was '' but 'v1' was expected.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.

I created a user called msdeploy and I added it to the local admins group on the server.

I've checked:

  • That the service installed properly and I started it
  • Various combinations of not using the domain part of the username, and adding authType=Basic
  • Given full permissions to that folder to everyone
  • In IIS allow remote connections
  • Added Management Service Delegation rules for my "msdeploy" user for contentPath and iisApp (loosely based on reading this)
  • Tried with a different admin account I use for RDC to the server...
  • Tried with different contentPaths and different msdeploy commands
  • Created a specific account, and added that account to the IIS_Users. Added that user to my web site "IIS Manager Permissions", and setup "Management Service Delegation" for all providers.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

沧笙踏歌 2024-10-14 11:49:15

我假设您已按照本文正确配置了 WebDeploy 2.0 的服务器:

配置 Web部署(IIS.NET)

注意:MS 已经发布了 Web Deploy 2.0 的更新版本,原始链接不再有效。我已经更新了此内容,但我认为随着时间的推移,它将成为一个移动目标。

您还需要在您的开发/构建/CI 计算机上安装 Web Deploy 2.0。

如果您仍在使用 1.0 那么我建议升级,2.0 中有一些巨大的改进。

使用 Visual Studio 2010 的发布功能

Visual Studio 可以通过右键单击网站并选择“发布”来发布网站。这将显示以下对话框:

在此处输入图像描述

Visual Studio 2010 和 WebDeploy 2.0 有一些问题。首先,VS2010 不支持 WebDeploy/MSDeploy 2.0。因此,如果您尝试发布,您将收到如下错误:

错误 1 ​​Web 部署任务
失败。((04/02/2011 12:30:40) 错误
当请求发生时发生
在远程计算机上处​​理。)

在此处输入图像描述

您还将在失败的请求跟踪中看到以下错误:服务器上的 Web 管理服务位于 C:\inetpub\logs\wmsvc\TracingLogFiles\W3SVC1 假设您已打开此服务:

AspNetModuleDiagErrorEvent
URI /msdeploy.axd
事件数据追踪
部署代理异常。请求ID
”。请求时间戳:'02/04/2011
System.UnauthorizedAccessException:对路径“D:\”的访问被拒绝。

在此处输入图像描述

驱动器号将根据 IIS 站点所在的驱动器而有所不同。

GUI 内的发布机制开箱即用,默认使用错误版本的 MSDeploy (1.0)。我们想要告诉 VS2010 使用 MSDeploy 2.0。您可以通过编辑 Visual Studio 2010 的 devenv.exe.config 文件来执行此操作(假设您执行了默认的 c:\ 驱动器安装):

对于 64 位系统:c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE
对于 32 位系统:c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE

在您最喜欢的 XML 编辑器中打开 devenv.exe.config(我刚刚使用 Visual Studio 2010 本身)并复制以下 xml:

<dependentAssembly>
  <assemblyIdentity 
    name="Microsoft.Web.Deployment" 
    publicKeyToken="31bf3856ad364e35" culture="neutral"/>
  <bindingRedirect oldVersion="7.1.0.0" newVersion="8.0.0.0"/>
</dependentAssembly>

将其添加到 /configuration/runtime/ assemblyBinding 部分:

“在此处输入图像描述”

完成此操作后,请关闭 Visual Studio 2010 的所有实例以使此更改生效。重新启动VS2010,打开一个Web项目,然后再次尝试发布。这次应该会成功。

使用构建包发布

Visual Studio 可以生成可以从命令行执行的构建包。这是使用 Project -> 生成的构建部署包。方便持续集成等(也可以使用带有 /t:Package 开关的 msbuild 生成包)。

包的输出文件夹通常默认为 obj\Package。

不幸的是,Visual Studio 2010 遇到了一些错误,并生成了一个针对 1.0 的 msdeploy 包装批处理脚本,并针对服务器而不是站点级别的部署。

除了创建自己的 msdeploy.exe 命令行之外,没有快速解决此问题的方法。我将其分成几行,以使其更具可读性。:

"C:\Program Files\IIS\Microsoft Web Deploy v2\\msdeploy.exe"
  -source:archiveDir='d:\sites\DemoApp\obj\Package\Archive' 
  -dest:
       auto,
       computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename',
       userName='demosite',
       password='somepassword',
       authtype='basic',
       includeAcls='False' 
  -verb:sync 
  -disableLink:AppPoolExtension 
  -disableLink:ContentExtension 
  -disableLink:CertificateExtension 
  -setParamFile:"d:\sites\DemoApp\obj\Package\Archive.SetParameters.xml"   
  -allowuntrusted

首先要注意的是 msdeploy.exe 的路径。 Visual Studio 生成版本 1.0 的路径。我已经将其更改为使用 2.0。

值得注意的参数

-source:archiveDir= 告诉 msdeploy 我们正在部署包并提供本地位置

computerName='https://yoursite.com:8172 /msdeploy.axd?site=yoursitename' - 这告诉 MSDEPLOY 部署到 IIS7 上的特定站点。 yoursitename 应与 IIS 中的站点名称完全匹配。

userNamepassword 是网站委派管理员用户的名称。这是使用站点级别的“IIS 管理器权限”功能进行配置的。该帐户必须是本地 Windows 用户帐户。

-authtype='basic' - 这会强制进行基本身份验证,否则会尝试 NTLM 身份验证。

-allowuntrusted - 如果您使用内置的自签名 SSL 证书,则会忽略任何 SSL 证书错误。

如果您使用该命令行,那么您应该能够成功部署到远程 IIS7 服务器。

发布原始内容:

有时我们只想直接从本地文件夹发布一些静态内容(甚至可能是经典 ASP 或 PHP 站点)。我们可以使用以下 msdeploy.exe 命令行来执行此操作:

"C:\Program Files\IIS\Microsoft Web Deploy v2\\msdeploy.exe" 
  -source:contentPath='d:\websites\mysite' 
  -dest:
     contentPath='yoursitename',
     computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename',
     userName='demosite',
     password='somepassword',
     authtype='basic',
     includeAcls='False' 
-verb:sync 
-allowuntrusted 

对于 -dest:contentPathcomputerName 再次应用与之前相同的规则。

我相信 MSDeploy 版本问题将在 SP1 中得到解决(我还没有机会查看)。

最后一个 VS2010 问题

使用 Visual Studio 2010 进行发布时,“发布”构建包会导致网站匿名帐户的 ACL 对所有文件和文件夹更改为只读,>App_Data 文件夹已更改为“读取”和“写入”。

可以通过将以下设置添加到每个

<IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>

或者如果您使用的是 msbuild:

msbuild.exe myproject.csproj /t:Package /p:IncludeSetAclProviderOnDestination=False

我从这里发现了有用的金块:

跳过在 Visual Studio 2010 部署包中设置 ACL(WayBackMachine 链接,因为原始内容不再可用)

I'm assuming you've configured your server correctly for WebDeploy 2.0 as per this article:

Configure Web Deploy (IIS.NET)

Note: MS have released a refresh of Web Deploy 2.0 and the original link isn't really valid any more. I've updated this but I think it'll be a moving target over time.

You also need to install Web Deploy 2.0 on your development/build/CI machine.

If you're still using 1.0 then I recommend upgrading, there are some huge improvements in 2.0.

Using Visual Studio 2010's Publish Feature:

Visual Studio can publish a site by right clicking on the site and selecting "Publish". This brings up the following dialogue:

enter image description here

There are a couple of gotcha's with Visual Studio 2010 and WebDeploy 2.0. The first is that VS2010 isn't WebDeploy/MSDeploy 2.0 aware. So if you try to publish you will get an error such as the following:

Error 1 Web deployment task
failed.((04/02/2011 12:30:40) An error
occurred when the request was
processed on the remote computer.)

enter image description here

You'll also see the following error in the Failed Request Tracing for the web management service on the server in C:\inetpub\logs\wmsvc\TracingLogFiles\W3SVC1 assuming you have this turned on:

AspNetModuleDiagErrorEvent
Uri /msdeploy.axd
eventData Tracing
deployment agent exception. Request ID
''. Request Timestamp: '02/04/2011
System.UnauthorizedAccessException: Access to the path 'D:\' is denied.

enter image description here

The drive letter will vary according to which drive your IIS site is located on.

Out of the box, the in-GUI Publish mechanism defaults to using the wrong version of MSDeploy (1.0). We want to tell VS2010 to use MSDeploy 2.0. You can do this by editing Visual Studio 2010's devenv.exe.config file which is located in (assuming you did a default c:\ drive install):

For 64 bit systems: c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE
For 32 bit systems: c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE

Open up devenv.exe.config in your favourite XML editor (I just used Visual Studio 2010 itself) and copy the following xml:

<dependentAssembly>
  <assemblyIdentity 
    name="Microsoft.Web.Deployment" 
    publicKeyToken="31bf3856ad364e35" culture="neutral"/>
  <bindingRedirect oldVersion="7.1.0.0" newVersion="8.0.0.0"/>
</dependentAssembly>

Add this to the /configuration/runtime/assemblyBinding section:

enter image description here

Once you've done this close all instances of Visual Studio 2010 to allow this change to take effect. Restart VS2010, open a web project and then try to publish again. This time it should be successful.

Publishing using a Build Package:

Visual Studio can produce a Build Package that can be executed from the command line. This is generated using Project -> Build Deployment Package. Handy for continuous integration and the like (the package can also be generated using msbuild with the /t:Package switch).

The output folder for the package usually defaults to obj\Package.

Unfortunately Visual Studio 2010 gets this a bit wrong and generates a msdeploy wrapper batch script targetting 1.0 and targetting deployment at the server rather than site level.

There's no quick fix for this other than to craft your own msdeploy.exe command line. I've split this across several lines to make this a bit more readable.:

"C:\Program Files\IIS\Microsoft Web Deploy v2\\msdeploy.exe"
  -source:archiveDir='d:\sites\DemoApp\obj\Package\Archive' 
  -dest:
       auto,
       computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename',
       userName='demosite',
       password='somepassword',
       authtype='basic',
       includeAcls='False' 
  -verb:sync 
  -disableLink:AppPoolExtension 
  -disableLink:ContentExtension 
  -disableLink:CertificateExtension 
  -setParamFile:"d:\sites\DemoApp\obj\Package\Archive.SetParameters.xml"   
  -allowuntrusted

The first thing to note is the path to msdeploy.exe. Visual Studio generates a path to version 1.0. I've changed this to use 2.0.

Notable parameters:

-source:archiveDir= tells msdeploy we're deploying a package and provides the local location

computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename' - this tells MSDEPLOY to deploy to a specific site on IIS7. yoursitename should exactly match the name of the site in IIS.

userName and password are is the name of the delegated manager user for the site. This is configured using the "IIS Manager Permissions" feature at the site level. The account needs to be a local Windows user account.

-authtype='basic' - this forces basic authentication otherwise NTLM authentication is attempted.

-allowuntrusted - this ignores any SSL certificate errors if you use the built-in self signed SSL cert.

If you use that command line then you should be able to deploy to a remote IIS7 server with success.

Publishing Raw Content:

Sometimes we want to just publish some static content (or maybe even a Classic ASP or PHP site) directly from a local folder. We can do this using the following msdeploy.exe command line:

"C:\Program Files\IIS\Microsoft Web Deploy v2\\msdeploy.exe" 
  -source:contentPath='d:\websites\mysite' 
  -dest:
     contentPath='yoursitename',
     computerName='https://yoursite.com:8172/msdeploy.axd?site=yoursitename',
     userName='demosite',
     password='somepassword',
     authtype='basic',
     includeAcls='False' 
-verb:sync 
-allowuntrusted 

Again the same rules apply as before for -dest:contentPath and computerName.

I believe the MSDeploy version issues will be resolved in SP1 (which I haven't had a chance to look at yet).

One Final VS2010 Gotcha:

When publishing using Visual Studio 2010, the "Publish" build package causes the ACL's of the site's anonymous account to change to Read Only for all files and folders with the exception of the App_Data folder which is changed to Read and Write.

This can be worked around by adding the following setting to the .csproj file under each <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">:

<IncludeSetAclProviderOnDestination>False</IncludeSetAclProviderOnDestination>

Or if you're using msbuild:

msbuild.exe myproject.csproj /t:Package /p:IncludeSetAclProviderOnDestination=False

I found that useful nugget from here:

Skipping setting an ACL in a Visual Studio 2010 deployment package (WayBackMachine link because the original content is no longer available)

只想待在家 2024-10-14 11:49:15

对我来说,发布在 Visual Studio 中工作,但当我运行 .deploy.cmd 脚本时它不起作用。

通过在 .csproj 中设置 true,您可以强制 VS 使用 msdeploy.exe 而不是 MSBuild 任务。然后通过调高日志记录级别(工具 > 选项 > 项目和解决方案 > 构建和运行 > MSBuild 项目构建输出详细程度),您可以看到 VS 使用的命令行。

我的 .deploy.cmd 的问题是:

  • 我的 IIS 用户只有该站点的权限,因此我需要 computerName< 中的 ?site= /代码>。
  • 我需要在 -dest: 参数中使用 AuthType='Basic'

For me, publishing worked in Visual Studio, but it did not work when I ran the .deploy.cmd script.

By setting <UseMsdeployExe>true</UseMsdeployExe> in your .csproj, you can force VS to use msdeploy.exe instead of an MSBuild task. Then by turning up the logging level (Tools > Options > Projects and Solutions > Build and Run > MSBuild project build output verbosity) you can see the command line that VS uses.

The problems with my .deploy.cmd were:

  • My IIS user only had permissions on that site so I needed ?site=<SITENAME> in the computerName.
  • I needed AuthType='Basic' in the -dest: parameter.
莫多说 2024-10-14 11:49:15

我们面临着与您类似的问题。

为此,您需要在服务中启动远程代理服务。
我们使用 PC 名称是因为 IP 地址出错。所以尝试使用电脑名称、用户名和密码。

We were facing a similar problem as yours.

For this you need to start the remote agent service in services.
We used the PC name because the IP address was giving an error. So try to use pc name, username and password.

耳钉梦 2024-10-14 11:49:15

最后,我从未弄清楚我的部署用户帐户缺少哪些权限 - 但发现如果我使用计算机管理员帐户,部署就会成功。目前我正在使用管理员帐户进行部署。

感谢 Kev 对设置 MS 部署 2 所做的精彩而内容丰富的总结:)

In the end I never did suss out what permissions I was missing with my deploy user account - but found that if I used the machine admin account, that the deployment would succeed. For now I'm using the admin account to do the deployment.

Kudos to Kev for the fantastic and informative summary of setting up ms deploy 2 :)

思慕 2024-10-14 11:49:15

为了它的价值。发布对我来说很有效,然后有一天我遇到了同样的问题(401 未经授权的错误),重新启动 VS2012 解决了该问题。希望在尝试其他所有解决方案之前我已经尝试过这一点。

For what it's worth. Publishing was working for me and then one day I had this very same issue (401 unauthorised error) Restarting VS2012 resolved the issue. Wish I had tried that before trying out every other solution.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文