HI all,
I am stumped... I have tried following all the tutorials I can find but still no luck
Build server is using NetworkService account and therefore is (correctly) getting Negotiated as "machine$" (as verified in wmsvc logs)
but is getting 401 regardless - eg: /msdeploy.axd site=Default%20Web%20Site 8172 BUILD01$ ff80::d1ad:e46d:9c6f:3cbe%11 - 401 1 1326 62(IPv6 address isn't causing any issues is it? all examples we've seen are IPv4 "1.2.3.4" style...)
We want to deploy From TFS/Build server to TEST server (but this permissions issue is killing us - deploying from Visual Studio works (presumably because it uses our accounts and not the "domain\machine$" account
both our accounts and the domain machine account are in the target servers "administrators" local group, so you would think this would work (Win2008R2) but I do notice that the accounts look like this in user management "DOMAIN\MACHINE" not what I would expect which is "DOMAIN\MACHINE$" however we've tried removing and re-adding it like this and because it represents a "computer" it seems to accept it but then it removes the "$" once accepted...
We only want to use the NetworkService account because the TFS doco suggests its the default and suffice in most cases. Better to use a service account?
Also perhaps its unwise to go down the "make it an admin on target" but we went with this approach because it means we don't have to configure each site with "delegation"... but perhaps this is bad in the long run?
Any ideas?
Additional info:
MSBuild Arguements: /p:DeployOnBuild=True /p:MsDeployServiceUrl=WebTest01 /p:DeployIisAppPath="Default Web Site/buildServerTest" /p:DeployTarget=MSDeployPublish /p:MSDeployPublishMethod=WMSVC /p:AllowUntrustedCertificate=True
Error in TFS build failure: Web deployment task failed. (Connected to the remote computer ("WebTest01") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
More info:
So I created "local" accounts on all the servers in question - build server, target server and made them like user: "DeploymentAgent" and password:"Password1!"
and so if I setup the build to use the explicit /p:UserName="DeploymentAgent" /p:Password="Password1!"then it works, but if I get the build server to run as that account and remove the User/password from the MSBuild argument string then it fails... slightly differntly from when using "domain/machine$"
Eg:
Build agent running as "local user" (in admin)
2016-10-20 14:52:23 192.168.40.60 HEAD /msdeploy.axd site=tstBuildTestSite 8172 - 192.168.1.1 - 401 2 5 0
2016-10-20 14:52:23 192.168.40.60 HEAD /msdeploy.axd site=tstBuildTestSite 8172 DeploymentAgent 192.168.1.1 - 401 1 64 421
Build agent running as "Netowrk Serivce" + MSBuild Arguments with usernaem/passowrd
2016-10-20 14:39:19 192.168.40.60 POST /msdeploy.axd site=tstBuildTestSite 8172 DeploymentAgent 192.168.1.2 VS11.0:CmdLine:WTE1.5.41108.0;sid=b3ff3a67-3501-4b60-9605-91c5ee97ba60;op=Sync 200 0 0 577
----------------------------------------------------------------------