[英]msdeploy error ERROR_USER_UNAUTHORIZED: Web deployment task failed
Web deployment task failed. Web 部署任务失败。 Error ERROR_USER_UNAUTHORIZED错误 ERROR_USER_UNAUTHORIZED
We are using Tfs Build Automation and msdeploy for publishing an web application on remote machine.我们正在使用 Tfs Build Automation 和 msdeploy 在远程机器上发布 Web 应用程序。
On "Visual Studio Build" step we set this parameters on "MSBuild Arguments": /p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=$(UserName);Password=$(Password)在“Visual Studio Build”步骤中,我们在“MSBuild Arguments”上设置此参数:/p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=$(UserName);Password=$(Password)
After quing the build we get this error:在 quing 构建后,我们收到此错误:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\Web\Microsoft.Web.Publishing.targets(4276,5): Error ERROR_USER_UNAUTHORIZED: Web deployment task failed. C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\Web\Microsoft.Web.Publishing.targets(4276,5):错误 ERROR_USER_UNAUTHORIZED:Web 部署任务失败。 (Connected to the remote computer ("MySERVER") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED .) (使用 Web 管理服务连接到远程计算机(“MySERVER”),但无法授权。确保您使用正确的用户名和密码,您要连接的站点存在,并且凭据代表一个有权访问该站点的用户。了解更多信息:http: //go.microsoft.com/fwlink/ ?LinkId=221672#ERROR_USER_UNAUTHORIZED。)
I am sure that username and password is correct, and the user isAdministrator on the server (MySERVER).我确定用户名和密码是正确的,并且用户是服务器(MySERVER)上的管理员。
I checked the Management Service log on IIS and found something important: the build agent's username(tfsadmin) sent for deploy on IIS instead of the user/pass that I set in build variables.我检查了 IIS 上的管理服务日志,发现了一些重要的信息:发送构建代理的用户名(tfsadmin)以在 IIS 上进行部署,而不是我在构建变量中设置的用户/密码。
2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 - MyBuildServerIP - - 401 2 5 1322 2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 tfsadmin MyBuildServerIP - - 401 1 1326 86 2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 - MyBuildServerIP - - 401 2 5 1322 2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 tfsadmin MyBuildServerIP - - 401 1 1326 86
Update 1: I add more information, as you see below in build log, in msBuildArgs the password is empty (instead of ********)!更新 1:我添加了更多信息,如下面的构建日志所示,在 msBuildArgs 中密码为空(而不是 ********)!
WebDeploy Version : 3.6 TFS Version : 2015.1 Target Machine (MySERVER) : Windows 2012 R2 IIS Version : 8.5 The "tfsadmin" user has local administrator of target server (MyServer) and IIS Manager Permission on the target IIS Site. WebDeploy 版本:3.6 TFS 版本:2015.1 目标机器(MySERVER):Windows 2012 R2 IIS 版本:8.5 “tfsadmin”用户具有目标服务器(MyServer)的本地管理员和目标 IIS 站点的 IIS 管理员权限。
Build log :构建日志:
2018-01-06T06:37:19.9298797Z Starting task: Build solution $/MyProject/MySolution.sln 2018-01-06T06:37:20.0529203Z Executing the powershell script: D:\Agents\Agent-01\tasks\VSBuild\1.0.16\VSBuild.ps1 2018-01-06T06:37:20.3760645Z ##[debug]Entering script VSBuild.ps1 2018-01-06T06:37:20.3790648Z ##[debug]vsLocation = 2018-01-06T06:37:20.3800653Z ##[debug]vsVersion = 14.0 2018-01-06T06:37:20.3810663Z ##[debug]msBuildLocation = 2018-01-06T06:37:20.3820668Z ##[debug]msBuildVersion = 2018-01-06T06:37:20.3830692Z ##[debug]msBuildArchitecture = x64 2018-01-06T06:37:20.3840679Z ##[debug]msBuildArgs = /p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=tfsadmin;Password=;Pass2=******** 2018-01-06T06:37:20.3840679Z ##[debug]solution = D:\Agents\Agent-01\_work\2\s\MyProject\MySolution.sln 2018-01-06T06:37:20.3860721Z ##[debug]platform = 2018-01-06T06:37:20.3870700Z ##[debug]configuration = 2018-01-06T06:37:20.3880727Z ##[debug]clean = true 2018-01-06T06:37:20.3890697Z ##[debug]restoreNugetPackages = true 2018-01-06T06:37:20.3890697Z ##[debug]logProjectEvents = true 2018-01-06T06:37:20.4010877Z ##[debug]Loading module from path 'D:\Agents\Agent-01\agent\worker\Modules\Microsoft.TeamFoundation.DistributedTask.Task.Internal\Microsoft.TeamFoundation.DistributedTask.Task.Internal.dll'. ...
Can anybody help me ?有谁能够帮我 ?
You are correct that the wrong username and password were ultimately used to authenticate the request.您是正确的,错误的用户名和密码最终用于验证请求。 Running the command net helpmsg 1326
(1326 is the sc-win32-status
value from the log entry you provided) yields " The user name or password is incorrect. "运行命令net helpmsg 1326
(1326 是您提供的日志条目中的sc-win32-status
值)产生“用户名或密码不正确。 ”
Also interesting is the request/response logged before that.同样有趣的是在此之前记录的请求/响应。 The substatus value 2 for a 401 means " Access is denied due to server configuration favoring an alternate authentication method. " according to TechNet .根据TechNet的说法,401 的子状态值 2 表示“由于服务器配置支持备用身份验证方法,访问被拒绝。 ”。 And net helpmsg 1322
yields " This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon. "并且net helpmsg 1322
产生“此操作被禁止,因为它可能导致管理帐户被禁用、删除或无法登录。 ”
Deploy from VS with the command line will use the user name and password you provided.使用命令行从 VS 部署将使用您提供的用户名和密码。 However deploy from TFS will use the build agent.但是,从 TFS 部署将使用构建代理。 So, the first thing is that the service account of the build process should has the correct permission to access the remote server.因此,第一件事是构建过程的服务帐户应该具有访问远程服务器的正确权限。
Just try to give the build service account local administrator
permissions and IIS Manager Permissionson
to the site's scope on the remote server ("MySERVER").只需尝试为远程服务器(“MySERVER”)上的站点范围授予构建服务帐户local administrator
权限和IIS Manager Permissionson
。 Then set the username parameter to ""
(empty quotes) and the password field omitted.然后将用户名参数设置为""
(空引号)并省略密码字段。
Reference: Build only works with username and password in msbuild arguments参考: 构建仅适用于 msbuild 参数中的用户名和密码
This error code can surface because of a number of different reasons.由于许多不同的原因,此错误代码可能会出现。 It typically indicates an authentication or authorization problem, and can happen because of any of hte following reasons:它通常表示身份验证或授权问题,并且可能由于以下任何原因而发生:
If connecting using the Web Management Service:如果使用 Web 管理服务进行连接:
- Verify that the username and password are correct验证用户名和密码是否正确
- Verify that the site exists验证站点是否存在
- Verify that the user has IIS Manager Permissions to the site's scope验证用户是否具有站点范围的 IIS 管理器权限
If connecting using the Remote Agent Service:如果使用远程代理服务连接:
- Verify that the username and password are correct验证用户名和密码是否正确
- Verify that the user account you specified is a member of the Administrators group on the remote computer.验证您指定的用户帐户是否是远程计算机上管理员组的成员。 NOTE: Because of a bug注意:由于一个错误
in Web Deploy 2.0, the user must be either the built-in Administrator or a member of the Domain Administrators security group.在 Web Deploy 2.0 中,用户必须是内置管理员或 Domain Administrators 安全组的成员。 Attempts to尝试去
sync with any other user account, even if it is an administrator,与任何其他用户帐户同步,即使它是管理员,
will see this error code.会看到这个错误代码。 Verify that the site exists验证站点是否存在
Reference : ERROR_USER_UNAUTHORIZED参考: ERROR_USER_UNAUTHORIZED
UPDATE:更新:
By default, Web Deploy will connect using HTTP Basic Authentication.默认情况下,Web 部署将使用 HTTP 基本身份验证进行连接。 When using HTTP Basic Authentication, specific credentials must be supplied, eg使用 HTTP 基本身份验证时,必须提供特定的凭据,例如
msdeploy.exe -verb:dump -source:apphostconfig,wmsvc=demo-host,authType:basic,username=someuser,password=somepassword
In your scenario, you can try set the AuthType
as NTLM
, then try it again.在您的场景中,您可以尝试将AuthType
设置为NTLM
,然后再试一次。
Just try adding the line <AuthType>NTLM</AuthType>
to the publish .pubxml
file.只需尝试将<AuthType>NTLM</AuthType>
行添加到发布的.pubxml
文件中。
Try this:尝试这个:
tfsadmin
user转到 users 找到tfsadmin
用户This seems unnecessary but worked for me.这似乎没有必要,但对我有用。 I hope someone can explain the "why".我希望有人可以解释“为什么”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.