WebDeploy (401) 未经授权的错误

发布于 2024-10-14 06:31:46 字数 761 浏览 10 评论 0原文

当尝试使用不是目标服务器上本地管理员的 Windows 用户远程部署应用程序时,我使用 NTLM 身份验证从 MsDeploy 收到未经授权的错误。我在目标框中的管理服务委派中设置了规则,并选中了所有提供商。在此规则下,我添加了 2 个具有允许权限的用户(“*”,以及正在进行远程部署的 Windows 用户)。此外,我已在我尝试部署的站点上授予 Windows 用户权限。如果我将 Windows 用户设置为目标框上的本地管理员并设置“允许管理员绕过规则”,则部署可以正常工作。如果 Windows 用户不是本地管理员,我会收到以下错误:

Web 部署任务失败。(无法联系远程代理(URL http://xxxxxxxx/MSDEPLOYAGENTSERVICE)。确保目标计算机上安装并启动了远程代理服务。)确保站点名称、用户名和密码正确。如果问题未解决,请联系您的本地或服务器管理员。错误详细信息:无法联系远程代理 (URL http://xxxxx/MSDEPLOYAGENTSERVICE)。确保目标计算机上安装并启动了远程代理服务。收到了不支持的回复。响应标头“MSDeploy.Response”为“V1”,但预期为“v1”。远程服务器返回错误:(401) 未经授权。在 Microsoft.Web.Publishing.targets(3588, 5)

I'm getting an unauthorized error from MsDeploy using NTLM authentication when trying to remotely deploy an application using a windows user who is not a local admin on the destination server. I have setup rules in the Management Service Delegation on the destination box with all providers checked. Under this rule I have added 2 users with allow permissions ('*', and my windows user that is doing the remote deploy). Additionally, I have given the windows user permission on the site I'm trying to deploy. If I make the windows user a local admin on the destination box and set 'Allow administrators to bypass rules', the deploy works correctly. If the windows user is not a local administrator I get the following error:

Web deployment task failed.(Remote agent (URL http://xxxxxxxx/MSDEPLOYAGENTSERVICE) could not be contacted. Make sure the remote agent service is installed and started on the target computer.) Make sure the site name, user name, and password are correct. If the issue is not resolved, please contact your local or server administrator. Error details: Remote agent (URL http://xxxxx/MSDEPLOYAGENTSERVICE) could not be contacted. Make sure the remote agent service is installed and started on the target computer. An unsupported response was received. The response header 'MSDeploy.Response' was 'V1' but 'v1' was expected. The remote server returned an error: (401) Unauthorized. in Microsoft.Web.Publishing.targets(3588, 5)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(10

夜吻♂芭芘 2024-10-21 06:31:46

如果您将委派配置为“允许管理员绕过规则”并且 msdeploy 命令成功,则您将通过 WMSvc 并且它会让您通过。否则,从响应来看,WMSvc 似乎拒绝了您,您将退回到 Web Deloy 代理。

将以下注册表值设置/添加到 WMSvc 注册表项:

reg add HKLM\Software\Microsoft\WebManagement\Server /v WindowsAuthenticationEnabled /t REG_DWORD /d 1

回收 WMSvc:

net stop wmsvc & net start wmsvc

再试一次。如果没有成功,您可以发布您的 msdeploy 命令行吗?

If you configure delegation to "Allow administrators to bypass rules" and msdeploy command succeeds, then you are going through WMSvc and it is letting you through. Otherwise, from the response it seems that WMSvc is rejecting you and you are falling back to Web Deloy agent.

Set/add the following reg value to WMSvc reg key:

reg add HKLM\Software\Microsoft\WebManagement\Server /v WindowsAuthenticationEnabled /t REG_DWORD /d 1

Recycle WMSvc:

net stop wmsvc & net start wmsvc

Try again. If it doesn't succeed, can you post your msdeploy command line.

合约呢 2024-10-21 06:31:46

作为构建过程的一部分,我们已经部署了一台机器。由于没有明显的原因,部署停止工作,我们无法再远程访问任何管理共享(C$、ADMIN$ 等)。我们找到了管理共享的修复程序,也解决了部署问题。

我们按照这篇知识库文章中的步骤重新启用管理共享(仍然不知道为什么它们突然停止工作)。

http://support.microsoft.com/kb/947232

完成此操作后,msdeploy 所有突然又开始工作了。我认为 msdeploy 根本没有使用管理共享。我什至不确定这两者有什么关系,但我想我会把它扔在那里,以防它解决其他人的问题。

We have a machine that we have been deploying to as part of our build process. For no obvious reason, deploys stopped working and we could no longer remotely access any of the administrative shares (C$, ADMIN$, etc.). We found a fix for the administrative shares which also fixed the deployment problems.

We followed the step in this KB article to re-enable the administrative shares (still no idea why they suddenly stopped working).

http://support.microsoft.com/kb/947232

After we did that, msdeploy all of a sudden started working again as well. I didn't think msdeploy used administrative shares at all. I'm not even positive the two are related at all, but I thought I'd throw it out there in case it solves anyone else's problem.

人间☆小暴躁 2024-10-21 06:31:46

我终于能够使用 NTLM 运行自动化构建和部署。我只是想总结一下它的运行过程,以防对任何人有帮助。这是 IIS 7.5 的情况。

  1. 设置注册表设置并重新启动 Web 管理服务 (WMSVC):

    reg add HKLM\Software\Microsoft\WebManagement\Server /v WindowsAuthenticationEnabled /t REG_DWORD /d 1

  2. 授予在网站目录中运行 TFS 构建服务的用户权限。

  3. 以下是我使用的 MSBuild 参数。将各种名称替换为您的名字。我使用的是 DEV 和 Any CPU。我还需要允许不受信任的证书。

    /m /p:PublishProfile=DEV /p:Configuration=DEV /p:Platform="Any CPU" /p:DeployOnBuild=true /p:AllowUntrustedCertificate=true /p:authType=NTLM

  4. 在具有目标的 IIS 管理器中选择网站,打开 IIS 管理器权限并允许用户运行 TFS 构建服务。

追踪对于诊断问题非常有帮助。您可以在 IIS 管理器的管理服务委派中打开跟踪。最初我在 IIS 管理器中看不到管理服务委派。为了演示,我必须从“添加程序”中“更改”Web 部署,以便安装管理服务委派。看起来它已经安装了,但我重置了下拉列表以安装到我的计算机并完成了安装。然后它出现在IIS管理器中。

I was finally able to get my automated build and deploy running using NTLM. I just wanted to summarize what it took to get it going in case it is helpful to anyone. This is with IIS 7.5.

  1. Set the registry setting and restart Web Management Service (WMSVC):

    reg add HKLM\Software\Microsoft\WebManagement\Server /v WindowsAuthenticationEnabled /t REG_DWORD /d 1

  2. Give the user running the TFS build service permission in the web site directory.

  3. Here are the MSBuild arguments that I used. Replace the various names with your names. I was using DEV and Any CPU. I also needed to allow an untrusted certificate.

    /m /p:PublishProfile=DEV /p:Configuration=DEV /p:Platform="Any CPU" /p:DeployOnBuild=true /p:AllowUntrustedCertificate=true /p:authType=NTLM

  4. In IIS Manager with the destination web site selected, open IIS Manager Permissions and allow the user running the TFS build service.

Tracing was very helpful in diagnosing the problems. You can turn on tracing in Management Service Delegation in IIS Manager. Initially I couldn't see Management Service Delegation in IIS Manager. To get to show I had to 'change' Web Deploy from Add Programs so that Management Service Delegation was installed. It looked like it was installed, but I reset the dropdown to install to my computer and completed the install. Then it appeared in IIS Manager.

℡Ms空城旧梦 2024-10-21 06:31:46

不确定确切原因,但也许可以帮助您找到方法。

WebDeploy 根据远程服务器的配置(即运行的是 IIS6 还是 IIS7)使用两个入口点。

IIS 7 使用 IIS 部署处理程序,它由 Web 管理服务管理,并允许 msdeploy 直接配置 IIS。所有“管理服务委托”等设置都与此设置相关。

然而,IIS 6 没有 Web 管理服务,因此处理程序将无法工作。对于 IIS6 目标,使用名为 MS 部署代理服务 的服务。

奇怪的是,您的设置表明您正在使用 IIS 7,因为您能够设置委派设置等。但是,该 url“/MSDEPLOYAGENTSERVICE”表明您的计算机正在尝试使用该服务...几乎就像它一样认为它是 IIS 6。该服务需要管理员访问权限,这就是您收到该错误的原因。

根据错误,您似乎是从 MSbuild 调用此函数,很可能是直接从 Visual Studio 调用。您可能需要查看给定的设置,看看其中是否有任何内容导致此路径和/或服务器选择。

还要确保 Web 管理服务正在远程计算机上运行。

基本上,您希望看到它对不同的网址进行部署调用,http://<>/msdeploy.axd(如果我没记错的话)以正确调用处理程序。

Not sure on the exact cause, but may be able to help ya find your way.

WebDeploy uses two entry points based on the configuration of the remote server, namely whether its running IIS6 or IIS7.

IIS 7 uses the IIS deployment handler, which is managed by the Web Management Service and allows msdeploy to directly provision IIS. All the "management service delegation", etc settings relate to this setup.

IIS 6, however, doesn't have the web management service so the handler will not work. For IIS6 targets, a service called the MS Deploy Agent Service is used.

Whats odd is that your setup suggests your are using IIS 7, as you were able to set delgation settings, etc. However, that url, "/MSDEPLOYAGENTSERVICE" suggests that your machine is attempting to use the service ... almost as if it thinks its IIS 6. The service requires admin access, which is why you are getting that error.

Based on the error it looks like you are invoking this from MSbuild, likely directly from Visual Studio. You may want to look around the settings you are given and see if anything in there is causing this path and/or server selection.

Also make sure the Web Management Service is running on the remote machine.

Basically you're wanting to see it make deploy calls to a different url, http://<>/msdeploy.axd (if I remember correctly) to properly invoke the handler.

ゝ偶尔ゞ 2024-10-21 06:31:46

这占用了我太多的时间。我已经在我的其他网站上使用了 Web Deploy。我决定向我的服务器添加一个新网站,并尝试对其进行部署(但由于过度的复制/粘贴错误,意外地留下了相同的“站点/应用程序”名称)。发布成功,但当我意识到我发布到错误的站点(而不是新站点)时,我更改了站点名称并尝试重新部署,但我不断收到此错误。我在 IIS 端尝试了一切。最后,我完全关闭了 Visual Studio 2010 实例。重新打开它,再次尝试发布,它成功了!

如有疑问,请问问自己:“您是否尝试过将其关闭并再次打开?”
我意识到这个建议并不能帮助每个人解决这个模棱两可的错误——只是少数人。

This ate up way too many hours of my time. I already had Web Deploy working for my other sites. I decided to add a new website to my server, and tried to deploy to it (but accidentally left the same "Site/application" name due to an overzealous copy/paste error). The publish succeeded, but when I realized I published to the wrong site (instead of the new site), I changed the site name and tried re-deploying but I kept getting this error. I tried everything on the IIS end of things. Finally, I just shut down my Visual Studio 2010 instance entirely. Opened it back up, tried the publish again and it worked!

When in doubt, ask yourself, "Have you tried turning it off and turning it on again?"
I realize this advice won't help everyone with this ambiguous error - just a select few.

同尘 2024-10-21 06:31:46

如果您的用户是管理员,但您仍然可以

ERROR_USER_IS_NOT_ADMIN

确保您使用的是完全限定的用户名。

MyMachineName\MyWebDeployUser

If your user is an admin, but you still get

ERROR_USER_IS_NOT_ADMIN

make sure that you are using the fully qualified user name.

MyMachineName\MyWebDeployUser

软糖 2024-10-21 06:31:46

昨天我能够很好地部署,今天有完全相同的错误消息。经过一两个小时的故障排除后,我最终从我的用户名中删除了该域。之前是 DOMAIN\username,我将其更改为 [username],瞧,它又开始工作了。我知道这不是一个很好的答案,但也许它会帮助遇到它的其他人。

Yesterday i was able to deploy just fine, today had this exact same error message. After an hour or two of troubleshooting I ended up removing the domain from my username. Where before it was DOMAIN\username, I changed it to just [username], lo' and behold, it started working again. I know this isn't a great answer, but maybe it will help someone else who runs across it.

傾城如夢未必闌珊 2024-10-21 06:31:46

昨天,在安装 MS15-025MS15-027我们运行 Windows Server 2003 的域控制器之一。

我们检查了有关 Web 部署的所有建议,但无法解决 HTTP 401.2 错误。

现在,Microsoft 专门针对 Windows Server 2003(KB3033395-v2 和 KB3002657-v2)重新发布了这两个公告的补丁。安装更新的补丁并启动域控制器后,它立即再次工作。我们甚至不必重新启动 Web 服务器上的任何服务。

没有事件日志条目指向这一点,只是由于时间关系才变得明显。

Web Deploy stopped working for us yesterday when using the current Windows user's identity (it worked with explicit credentials) after installing the patches for MS15-025 and MS15-027 on one of our domain controllers that is running Windows Server 2003.

We checked all recommendations for Web Deploy and could not resolve the HTTP 401.2 error.

Now, Microsoft reissued the patches for both bulletins specifically for Windows Server 2003 (KB3033395-v2 and KB3002657-v2). After installing the updated patches and booting the domain controller, it worked again immediately. We didn't even had to restart any service on the Web server.

There were no Event Log entries pointing to this, it only became obvious because of the temporal relation.

下雨或天晴 2024-10-21 06:31:46

还有另一种可能性:由于尝试使用 Web 部署进行部署失败次数过多,您的帐户已被锁定。重置您的帐户或让您的系统管理员为您执行此操作。非常令人沮丧。

There's another possibility: your account has been locked out due to too many failed attempts to deploy with web deploy. Reset your account or have your system administrator do that for you. Very frustrating.

浪菊怪哟 2024-10-21 06:31:46

我的问题是网络服务是Web 部署代理服务中的登录帐户,并且该帐户没有足够的权限来更改或读取 IIS 文件...

要解决您的问题,只需执行以下步骤:

打开服务面板(services.msc)
找到Web部署代理服务
双击打开Web部署代理服务属性...
在“登录”选项卡中,将“登录身份”更改为管理员帐户...

My problem was that the Network Services was the Logon Account in the Web Deploy Agent Service and it Account hasn't sufficient permissions to change or read IIS Files...

To solve your problem just do the following steps:

Open the Services Panel (services.msc)
Find the Web Deploy Agent Service and
Double click to open the Web Deploy Agent Service properties...
At Log On tab change the "Log on as" to a Administrator Account...

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文