msdeploy 错误 ERROR_USER_UNAUTHORIZED:Web 部署任务失败
[英]msdeploy error ERROR_USER_UNAUTHORIZED: Web deployment task failed
问题描述
Web deployment task failed. 
Web 部署任务失败。 Error ERROR_USER_UNAUTHORIZED错误 ERROR_USER_UNAUTHORIZED
We are using Tfs Build Automation and msdeploy for publishing an web application on remote machine.我们正在使用 Tfs Build Automation 和 msdeploy 在远程机器上发布 Web 应用程序。
On "Visual Studio Build" step we set this parameters on "MSBuild Arguments": /p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=$(UserName);Password=$(Password)在“Visual Studio Build”步骤中,我们在“MSBuild Arguments”上设置此参数:/p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=$(UserName);Password=$(Password)
After quing the build we get this error:在 quing 构建后,我们收到此错误:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\Web\Microsoft.Web.Publishing.targets(4276,5): Error ERROR_USER_UNAUTHORIZED: Web deployment task failed. C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\Web\Microsoft.Web.Publishing.targets(4276,5):错误 ERROR_USER_UNAUTHORIZED:Web 部署任务失败。 (Connected to the remote computer ("MySERVER") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED .) (使用 Web 管理服务连接到远程计算机(“MySERVER”),但无法授权。确保您使用正确的用户名和密码,您要连接的站点存在,并且凭据代表一个有权访问该站点的用户。了解更多信息:http: //go.microsoft.com/fwlink/ ?LinkId=221672#ERROR_USER_UNAUTHORIZED。)
I am sure that username and password is correct, and the user isAdministrator on the server (MySERVER).我确定用户名和密码是正确的,并且用户是服务器(MySERVER)上的管理员。
I checked the Management Service log on IIS and found something important: the build agent's username(tfsadmin) sent for deploy on IIS instead of the user/pass that I set in build variables.我检查了 IIS 上的管理服务日志,发现了一些重要的信息:发送构建代理的用户名(tfsadmin)以在 IIS 上进行部署,而不是我在构建变量中设置的用户/密码。
Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken字段:日期时间 s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status用的时间
2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 - MyBuildServerIP - - 401 2 5 1322 2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 tfsadmin MyBuildServerIP - - 401 1 1326 86 2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 - MyBuildServerIP - - 401 2 5 1322 2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 tfsadmin MyBuildServerIP - - 401 1 1326 86
Update 1: I add more information, as you see below in build log, in msBuildArgs the password is empty (instead of ********)!更新 1:我添加了更多信息,如下面的构建日志所示,在 msBuildArgs 中密码为空(而不是 ********)!
WebDeploy Version : 3.6 TFS Version : 2015.1 Target Machine (MySERVER) : Windows 2012 R2 IIS Version : 8.5 The "tfsadmin" user has local administrator of target server (MyServer) and IIS Manager Permission on the target IIS Site. WebDeploy 版本:3.6 TFS 版本:2015.1 目标机器(MySERVER):Windows 2012 R2 IIS 版本:8.5 “tfsadmin”用户具有目标服务器(MyServer)的本地管理员和目标 IIS 站点的 IIS 管理员权限。
Build log :构建日志:
2018-01-06T06:37:19.9298797Z Starting task: Build solution $/MyProject/MySolution.sln 2018-01-06T06:37:20.0529203Z Executing the powershell script: D:\Agents\Agent-01\tasks\VSBuild\1.0.16\VSBuild.ps1 2018-01-06T06:37:20.3760645Z ##[debug]Entering script VSBuild.ps1 2018-01-06T06:37:20.3790648Z ##[debug]vsLocation = 2018-01-06T06:37:20.3800653Z ##[debug]vsVersion = 14.0 2018-01-06T06:37:20.3810663Z ##[debug]msBuildLocation = 2018-01-06T06:37:20.3820668Z ##[debug]msBuildVersion = 2018-01-06T06:37:20.3830692Z ##[debug]msBuildArchitecture = x64 2018-01-06T06:37:20.3840679Z ##[debug]msBuildArgs = /p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=tfsadmin;Password=;Pass2=******** 2018-01-06T06:37:20.3840679Z ##[debug]solution = D:\Agents\Agent-01\_work\2\s\MyProject\MySolution.sln 2018-01-06T06:37:20.3860721Z ##[debug]platform = 2018-01-06T06:37:20.3870700Z ##[debug]configuration = 2018-01-06T06:37:20.3880727Z ##[debug]clean = true 2018-01-06T06:37:20.3890697Z ##[debug]restoreNugetPackages = true 2018-01-06T06:37:20.3890697Z ##[debug]logProjectEvents = true 2018-01-06T06:37:20.4010877Z ##[debug]Loading module from path 'D:\Agents\Agent-01\agent\worker\Modules\Microsoft.TeamFoundation.DistributedTask.Task.Internal\Microsoft.TeamFoundation.DistributedTask.Task.Internal.dll'. ...
Can anybody help me ?有谁能够帮我 ?
3 个解决方案
解决方案1
0 2018-01-03 15:59:46
You are correct that the wrong username and password were ultimately used to authenticate the request.您是正确的,错误的用户名和密码最终用于验证请求。 Running the command net helpmsg 1326 (1326 is the sc-win32-status value from the log entry you provided) yields " The user name or password is incorrect. "运行命令net helpmsg 1326 (1326 是您提供的日志条目中的sc-win32-status值)产生“用户名或密码不正确。 ”
Also interesting is the request/response logged before that.同样有趣的是在此之前记录的请求/响应。 The substatus value 2 for a 401 means " Access is denied due to server configuration favoring an alternate authentication method. " according to TechNet .根据TechNet的说法,401 的子状态值 2 表示“由于服务器配置支持备用身份验证方法,访问被拒绝。 ”。 And net helpmsg 1322 yields " This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon. "并且net helpmsg 1322产生“此操作被禁止,因为它可能导致管理帐户被禁用、删除或无法登录。 ”
- Review (or re-review) the instructions at https://docs.microsoft.com/en-us/iis/publish/using-web-deploy/configure-the-web-deployment-handler查看(或重新查看) https://docs.microsoft.com/en-us/iis/publish/using-web-deploy/configure-the-web-deployment-handler上的说明
- If your deployment is still not working, take a look at Microsoft's Troubleshooting Common Problems with Web Deploy .如果您的部署仍然无法正常工作,请查看Microsoft 的Web 部署常见问题疑难解答。
解决方案2
0 2018-01-04 09:13:01
Deploy from VS with the command line will use the user name and password you provided.使用命令行从 VS 部署将使用您提供的用户名和密码。 However deploy from TFS will use the build agent.但是,从 TFS 部署将使用构建代理。 So, the first thing is that the service account of the build process should has the correct permission to access the remote server.因此,第一件事是构建过程的服务帐户应该具有访问远程服务器的正确权限。
Just try to give the build service account local administrator permissions and IIS Manager Permissionson to the site's scope on the remote server ("MySERVER").只需尝试为远程服务器(“MySERVER”)上的站点范围授予构建服务帐户local administrator权限和IIS Manager Permissionson 。 Then set the username parameter to "" (empty quotes) and the password field omitted.然后将用户名参数设置为"" (空引号)并省略密码字段。
Reference: Build only works with username and password in msbuild arguments参考: 构建仅适用于 msbuild 参数中的用户名和密码
This error code can surface because of a number of different reasons.
If connecting using the Web Management Service:
- Verify that the username and password are correct
- Verify that the site exists
- Verify that the user has IIS Manager Permissions to the site's scope
If connecting using the Remote Agent Service:
- Verify that the username and password are correct
- Verify that the user account you specified is a member of the Administrators group on the remote computer.
in Web Deploy 2.0, the user must be either the built-in Administrator or a member of the Domain Administrators security group.
sync with any other user account, even if it is an administrator,
will see this error code.
Reference : ERROR_USER_UNAUTHORIZED参考: ERROR_USER_UNAUTHORIZED
UPDATE:更新:
By default, Web Deploy will connect using HTTP Basic Authentication.默认情况下,Web 部署将使用 HTTP 基本身份验证进行连接。 When using HTTP Basic Authentication, specific credentials must be supplied, eg使用 HTTP 基本身份验证时,必须提供特定的凭据,例如
msdeploy.exe -verb:dump -source:apphostconfig,wmsvc=demo-host,authType:basic,username=someuser,password=somepassword
In your scenario, you can try set the AuthType as NTLM , then try it again.在您的场景中,您可以尝试将AuthType设置为NTLM ,然后再试一次。
Just try adding the line <AuthType>NTLM</AuthType> to the publish .pubxml file.只需尝试将<AuthType>NTLM</AuthType>行添加到发布的.pubxml文件中。
解决方案3
0 2019-08-27 13:19:12
Try this:尝试这个:
- On your server go to Computer Management在您的服务器上转到计算机管理
- From the left pan select Local Users and Groups从左侧面板中选择本地用户和组
- Go to users find the
tfsadminuser转到 users 找到tfsadmin用户 - Right click on it and click on Set Password右键单击它,然后单击设置密码
- Give your existing password (whatever it is)提供您现有的密码(无论它是什么)
This seems unnecessary but worked for me.这似乎没有必要,但对我有用。 I hope someone can explain the "why".我希望有人可以解释“为什么”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.