I've spent the past week working though MSDeploy issues trying to get my VS 2010 Beta2 to one-click deploy to my Windows Server 2008 R2 with IIS 7.5. I've managed to get it working but have taken quite a circuitous route through many trials and errors. So I'll post what I think were some key hints I stumbled upon that may save others some time.
-------------
HINT #1 - In IIS Manager's "Web Platform Installer", install *all* of the "Management" features and after that run the "Web Deployment Tool" installer.
I had just "IIS Management Console" and "Management Service" installed (with WMSVC confirmed as running in Services admin panel) and I'm pretty sure that I only saw TWO, not FOUR installable features when I ran the "Web Deployment Tool" installer (http://www.iis.net/expand/WebDeploymentTool). The options "IIS 7 Deployment Handler" and "Management Service Delegation UI" were *not* available even though WMSVC installed and running on my machine. (Is this a bug in docs or in "Web Deployment Tool" installer??)
But after installing *all* Management features in the "Web Platform Installer",
when I re-ran the "Web Deployment Tool" installer (Control Panel | Programs | Programs and Features, then right-click "Web Deployment Tool" and select "Change") the two new features showed up (showing all features listed in picture above) and I was able to mark them as "install to hard disk" and get them installed. Then and only then was I able to see the "Management Service Delegation" feature in IIS Manager.
At this point, I was still getting "(404) Not Found" errors from the MSDeploy client.
-------------
HINT #2 - If getting inexplicable "(404) Not Found" and you're sure WMSVC and MsDepSvc are both running (OS' Services panel), try adding explicit IPv4 "Allows" in IIS Manager's "Management Service" pane. Don't know why this worked, but I explicitly added an "Allow..." for my local IP subnet in the "IPv4 Address Restrictions" area of "Management Service" pane in ISS Manager.
And then my client stopped reporting "(404) Not Found" errors. Funny thing was I reverted back by removing the explicit "Allow" for local IP subnet and the client continued to work so I cannot say what was causing the "(404) Not Found" errors...a strange bug which goes away when inserting and then removing explicit "Allows"??
Once past the "(404) Not Found" error, the one-click wizard was reporting a different type of error. I was getting "you do not have permissions" and "see your System Administrator" (that would be me) errors from my one-click client.
-------------
HINT #3 - Do verbose logging on your server side to debug permissions problems seen by MSDeploy clients.
Read this article http://technet.microsoft.com/en-us/library/ee461173%28WS.10%29.aspx and set up full (verbose, level 4) tracing across "All" (-1 in regedit didn't work for me but 0x1ff aka 511 did) trace sources. Then try something from your VS 2010 Beta2 one-click deploy client and read the verbose XML logs on your IIS machine to figure out what additional permissions to grant (hint, visually read from end of XML file until you see a stack trace and just above it usually you'll find an English string describing root cause). In the end, I ended up with two key grants in IIS Manager's "Management Service Delegation" pane.
The first grants delegation to "*" (all) users, and I have a special IIS Manager User I configured for installs, to do "dbFullSql" provider for specified data source. The second grants delegated privileges to do all other relevant MSDeploy providers. Also, don't forget that since WMSVC runs as NT account "Local Service" that you must grant "Local Service" appropriate SQL Server access (I used SQL Server Studio to do that) and file directory permissions. A good articles on those required file system grants: http://blogs.iis.net/krolson/archive/2009/11/04/using-iis-manager-accounts-for-web-deployment-tool-msdeploy-delegation.aspx.
-------------
Once I was able to get all Web Deployment Tool features installed, get past (404) Not Found errors, and work out delegated permissions, I was able to get one-click deploy fully working (and it is a nice feature). I hope these hints help save you some time getting one-click working.
-Andy
No comments:
Post a Comment