Skip to main content

MSDEPLOYAGENTSERVICE 401 unauthorized–Resolution


We recently migrated a production environment for a client to new Servers. I had previously been using MSDeploy to deploy the websites/services to the servers so I figured all I had to do was install MSDeploy, point Update my deploy scripts to point to the new servers, and deploy! I was using MSDeploy 2 on the previous servers so I figured it would work on the new ones. Unfortunately it didn’t turn out to be that easy.
When I ran the updated scripts I got the following error:
Fatal: Request to remote agent URL 'http://myserver/MSDEPLOYAGENTSERVICE' failed.
Fatal: The remote server returned an error: (401) Unauthorized. Fatal count: 1
I was using an admin account and I could hit that URL above in a browser so I knew it wasn’t an authorization issue.
Here are the things I tried that DIDN’T work:
  1. Uninstall/Reinstall MSDeploy 2
  2. Install MSDeploy 3
  3. Create the fake user group on the server per these instructions:
  4. Check the file permissions on the Target server
  5. Bang my head against the wall and start crying…
After many hours of searching, I finally came across this brilliant post that solved my issue:http://forums.iis.net/post/1960329.aspx
here are the scripts from the IIS Forum post for easy access:
dism /online /enable-feature /featurename:IIS-WebServerRole 
dism /online /enable-feature /featurename:IIS-WebServerManagementTools
dism /online /enable-feature /featurename:IIS-ManagementService
Reg Add HKLM\Software\Microsoft\WebManagement\Server /V EnableRemoteManagement /T REG_DWORD /D 1
net start wmsvc
sc config wmsvc start= auto


It turns out that the MSDeploy installers don’t tell you that you need to have some of the windows features installed in order to work properly. The installers just move forward and then fail to do the dreaded 401 unauthorized error. I uninstalled MSDeploy, ran the scripts there from the command prompt and installed. IT WORKED!

After that, I did run into 1 more issue regarding file permissions on the redirection.config file, but that was easily fixed via this post: http://weblogs.asp.net/jdanforth/archive/2010/04/29/insufficient-permissions-problems-with-msdeploy-and-tfs-build-2010.aspx

I hope this saves someone as much time as I wasted over the past 2 days.

Labels:

Comments

Post a Comment

Popular posts from this blog

Quickly and Easily Deploy Websites/Web Services with TFS Build via Web Deploy (MSDeploy)

  When I first started deploying code from TFS I took the simple approach and created a batch file and deployed the websites via RoboCopy. I’m a very “Keep it simple” kind of guy, so this worked for us for a long time and so nothing was changed. With my most recent project however, we were deploying code over a slow VPN tunnel from our servers in Chicago to servers located in Europe. Due to this, the RoboCopy was taking over 4.5 hours to complete. I needed a better/faster way so I started looking into Web Deploy (MSDeploy). I was able to get it working fairly easily and I was pleasantly surprised how easy it was to get it working, and how much time its saved me! I can now deploy the code in less than 20 minutes! I’ve outlined the process in detail below, but in general you only need to do this: Add MSBuild parameters to your automated build Customize the deployment parameters for the website Create a batch file to an auto-generated MSDeploy script Execute the batch file fro...
2 comments
Read more

Get NodeAuthorization working in Kubernetes with acs-engine

Node Authorization in k8s I'm starting to get into the container world and I'm loving it. Recently we helped a client build out and deploy a micro-services application in Kubernetes. We created the cluster in Azure using the open source project  acs-engine . After we got the cluster set up, our client asked for some updates to the cluster for security reasons. One of those updates was to enable Node Authorization . What is Node Authorization? Node Authorization locks down each Node in the cluster to only be able to do actions on itself. If this is not turned on, its possible for a malicious pod to take actions on any other node, including reading secrets, deleting pods, etc. There is an excellent post by Antoine Cotten that explains this very well ( as well as RBAC, which is a different subject altogether). How do I set it up? Based on the current documentation, it looks like setting up Node Authorization should be easy. Basically follow these steps Turn on TLS ...
1 comment
Read more

Build/Deploy Windows service with TFS

Building and deploying a web service or website via TFS is pretty straight forward, but automatically deploying a windows service or console application takes a b it of setup. I’ve outlined the steps below to get your service deployed. Step 1: Set up Automated Build and MSDeploy on the Target server. If you are doing any sort of automated build/deploy I recommend using MSDeploy. You can follow steps 1-3 from a previous post here . Step 2: Edit the .csproj file The project file for the app you are trying to deploy needs to be edited so that TFS will create a directory for the output of the project. Otherwise the project will be built, but the assemblies will be placed in the code drop location with no organization to it. To edit the file, go to the open file dialog and locate the csproj file. Select it but don’t click “Open. Instead click on the dropdown arrow next to the Open button, select “Open with”, and choose the XML (Text) editor as shown: Once the file is open, add the fo...
1 comment
Read more