Reputation: 100
MsDeploy runCommand provider - Unauthorized error
I'm doing a spike to test out msdeploy to run a remote command as part of our custom installer process, but no matter how I configure it, I cant get it to allow me to use runCommand with a normal user.
The call I'm using is (wrapped for clarity):
"C:\program Files\IIS\Microsoft Web Deploy\msdeploy.exe"
-verb:sync
-source:runCommand="testcommand.bat"
-dest:auto,wmsvc="https://server:8172/msdeploy.axd?site=Default Web Site",authType=basic,userName=server\username,password=xxxxxx
-allowUntrusted
The user is a local user on the server, and has been added to "IIS Manager Permissions" for "Default Web Site". The testcommand.bat is just a normal batch file that contains "dir".
I've setup the runCommand provider under Management Service Delegation (Actions = "*", Path Type = "Path Prefix", Path = "{userScope}", Identity Type = "Specific User")
If I add the user to the local administrators group, it works fine.
Due to some of the logging that has been enabled, I'm getting the following in the event log:
Tracing deployment agent exception. Request ID '97beb70b-33da-4445-b3be-d3cf3e6db8b7'.
Request Timestamp: '08/31/2012 18:05:25'.
Error Details:
Microsoft.Web.Deployment.DeploymentUnauthorizedAccessException: Attempted to perform an unauthorized operation. runCommand http://go.microsoft.com/fwlink/?LinkId=178034
at Microsoft.Web.Deployment.DelegationHelper.ImpersonateForOperation(String deploymentAction, String deploymentProvider, String deploymentPath, DelegationContextCache cache)
at Microsoft.Web.Deployment.DelegationHelper.ImpersonateForOperation(String deploymentAction, DeploymentObject deploymentObject)/>
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequest(DeploymentAgentAsyncData asyncData)
I've had a go at the two permissions based fixes in http://technet.microsoft.com/en-us/library/ee619740(WS.10).aspx, but they haven't made any difference.
Would really appreciate any suggestions - I'm pretty close to tearing my hair out here!
Upvotes: 3
Views: 2438
Answers (1)
Reputation:
Spent two days on the same thing. If you will enable 'Web Management Service Failed Request Tracing', you will see messages like that:
Uri="/msdeploy.axd", eventData="Not authorized. Details: No rule was found that could authorize user 'WebDeploy', provider 'runCommand', operation 'Read', path 'echo HI!'."
As you can see, msdeploy uses command as path to match rules, so you just need to replace Path = "{userScope}" in delegation rule to Path = "testcommand.bat"
Not sure, why this is not specified in any articles on the web, maybe this is something new for WebDeployV3.
Upvotes: 7
Related Questions
- WebDeploy - Not able to log on the user '.\WDeployConfigWriter'
- Issues with `msdeploy` (An error occurred when the request was processed on the remote computer.)
- Webdeploy permission issue
- WebDeploy (401) Unauthorized error
- MsDeploy is returning 403 forbidden
- 401 Unauthorized error with WebDeploy using non-administrator user
- WebDeploy runcommand issue
- msdeploy could not authorize when user is local admin
- MSDeploy 3.0 Delegated Deployments
- runCommand provider in msdeploy's Manifest.xml file