Background
We use Team City to deploy our web sites and SQL migrations/dacpac's to servers that have been working successfully for quite some time. One of our servers was last deployed to on 4 March 2019.
Today I did a deploy to that server and our step that deploys dacpac and migrations has stopped working on that server.
The server is Windows Server 2016 environments, running Sql Server 2017 with all the latest windows patches.
We are using IIS Delegation (NOT using Kerberos).
I can confirm the following
Nothing has changed in terms of IIS Settings, user permissions or
anything on this server
The last successful release out to the server was 4 March 2019.
The last time anyone logged onto this server was February 2019
Pre-authenticating to remote agent URL
'https://devdeploy.mydomain:8172/MsDeploy.axd?site=mysite' as
'TeamCity' authenticates as expected
The delegation set up is as follows:
The step that is now failing looks like this
run a .bat file that has the following command:
WHOAMI
"C:\Program Files\Microsoft SQL Server\150\DAC\bin\sqlpackage.exe" /Action:Publish /SourceFile:"C:\inetpub\websitepath\dacpac\mydacpac.dacpac" /TargetServerName:SQLServer /TargetDatabaseName:MyDatabase
(NOTE: The WHOAMI This returns "ServerName\TeamCity")
The error given in Team City logs is:
Cannot open database "MyDatabase" requested by the login. The login
failed. Login failed for user 'ServerName\TeamCity'.
This implies (IMHO) that the delegation from IIS to the batch file which is run, is no longer occurring.
It appears that IIS Delegation has not performed the correct delegation and is running the user under the 'TeamCity' not under the delegated user 'DbOwnerUser' (see image above for runCommand delegation setup).
My Questions therefore are
Is anyone else having this issue?
Is there a security update that has caused this to no longer work
e.g. KB4489885 (this talks about Kerberos and we are NOT using
Kerberos)
Does anyone have any thoughts as to how this could happen or be fixed
(apart from uninstalling the security update)?
Thanks in advance to anyone who has some good ideas :)
We are trying to configure continuous integration with TFS 2012. While queuing a new build, the publish fails with the error:
Build FAILED.
"C:\src\ProjectName.sln" (default target) (1) ->
"C:\src\Website\ProjectName.csproj" (default target) (2) ->
(MSDeployPublish target) ->
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v11.0\Web\Microsoft.Web.Publishing.targets(4377,5): msdeploy error ERROR_COULD_NOT_CONNECT_TO_REMOTESVC: Web deployment task failed. (Could not connect to the remote computer ("ServerName") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC)**
I checked all the points mentioned in the IIS.NET documentation for this error. Both services mentioned, Web Management Service and Web Deployment Agent Service, are running fine. A restart of those services has no change in behavior.
Windows Server 2008 R2 with IIS 7.
Web Deployment Agent Service is running on port 8172.
Web Deploy 3.0
Windows Firewall is not blocking any port on the server.
How can this be fixed?
If you install Web Deploy 3.x BEFORE Web Management Tools are installed, you'll have to re-install Web Deploy. I beat my head against the wall for hours on this.
Install the Web Management Services ("Turn Windows Features On/Off"/Roles -> Web Server -> Management Tools -> Management Service)
Then uninstall Web Deploy (repair didn't work) via the usual Add/Remove Programs control panel
Install Web Deploy 3.x again using Web Platform Installer.
Fixed. /Sigh
Double check in your Web Deploy settings that the name of the website is exactly that of what's in IIS.
Ben Day blogged more about it.
Fix that i saw on another website:
Fix it by adding “http://” to server.
In other words, when server is www.xxxx.com would get the 403 error, but when server is http://www.xxxx.com, then it works.
You need also to indicate the app name e.g 'Default Web Site/MyApp'
That was my error. Once I added /MyApp, it worked.
I got this error when using msdeploy, not TFS. In my case I needed to make sure the user msdeploy is using had permission to deploy to the website.
Find the website in IIS manager, right click and go to Deploy, then Configure Web Deploy Publishing. Find the user used by Web Deploy and setup for this website.
In my case the Internet proxy was enabled on source - which made msdeploy to reach out to internet instead of local ICN.
You should check the logs on your IIS first - see that you actually get to the server, and then you can locate the exact error here - https://support.microsoft.com/en-us/help/943891/the-http-status-code-in-iis-7-0-iis-7-5-and-iis-8-0
Uninstalling and re-installing (not repairing!) after setting up IIS did most of the magic for me.
There is another possible cause of the error. IIS Managemente Service have its own configuration for IP Address Restrictions, which default value is Deny Access for unspecified clients (Windows Server 2012 R2 with IIS 8.5).
You must set this value to Allow or add access to your specific IP address/IP address range using the Allow... button.
Remember, you must Stop the Management Service previously to change this configuration.
We have been using a Windows 7 Enterprise machine for development and we have 7 wcf services.... All of them worked fine in the development machine... When we hosted the same services in Windows Server 2003 and IIS 6, we are facing a couple issues... One of the services is throwing a "An existing connection was forcibly closed by the remote host" error... the underlying connection gets closed right in the service call.... I have turned on logging with log4net and I have turned on tracing... In trace logs I found out that it completes almost all the steps and stops at the end of Execute step... So I put log4net debug statements in the code and it looks like the code is executing fine, retrieving the values from the database fine but it is shutting down the connection at the point when its returning the data. So right at the moment of returning the data some exception is closing down the connection... And I am not able to figure out why or whats causing the error... And the same code works fine in Windows 7 Enterprise machine... So I wasnt sure to look for code problems or is it some special setup that IIS 6.0 needs... Do you guys have any idea what might be wrong with the situation... thanks for any help.
And there is another service that shows an error "The requested service, 'XXXXXXXXXXXXXXXXX' could not be activated"... Frequent calls like immediate calls to same service seems to be causing this error.. Is there a way this can be avoided because some of the services seem to exhibit this behavior in Windows server 2003- IIS 6 and they all run just fine on the windows 7 machine?
Yes I enabled MessageLogging and found whats the first error.... It is failing to serialize the reason for that being - the response is assigned the objects from the request. So in Windows 7 it is allowing it and keeping the references alive but Windows Server 2003 discards all request objects so by the time response serializes some of the object references are no longer valid in windows 2003 and hence shuts down the connection. So that solves the first. So I just created a new object at the service and copied over the values and it started working.
Unfortunately I don't have a lot of technical information to give you but I will give as thorough a description as I can.
I have done a fresh install of Windows Server 2003 Enterprise (SP1). Performed all the updates including SP2 and installed McAfee Enterprise 8.7. Once I've completed doing this I open up the Windows Components installation and check "Application Server" which should install the base IIS installation.
The install runs fine and I reboot just for good measure. When I go into services I see IIS Admin started. Pulling up the IIS Manager reveals that the DefaultAppPool and the Default Web Site are both stopped. Attempting to start the Default Web Site results in no failure message and no entries in the Event Log. This doesn't surprise me terribly as it depends on the DefaultAppPool. When I try to start the DefaultAppPool after a few seconds I get an error "The service did not respond to the start or control request in a timely fashion." and there is still no messages written to the event log.
I've tried this exact installation procedure twice now with identical results. Any suggestions would be greatly appreciated.
I found a work around if not a complete solution. I installed and configured IIS before updating or installing McAfee. IIS worked fine. Since I got it working I didn't want to go back and do a fresh installation but now that I think about it I might have just needed to run updates one more time after installing IIS. The order I installed it did allow me to get it to working so good luck to anyone else that has this issue. I hope this helps.
We installed SP1 on our Team Foundation Server 2008 server. Everything seems fine after the install, except there is a red X on the Reports folder in the Team Explorer in Visual Studio. If we attempt to access the Reporting Services web site, we get a message that says that the "report server is unavailable". There were no errors during the installation.
The Reporting Services service started up fine and left no errors in the event log. We looked at the Reporting Services Configuration Tool and everything shows as OK. We tried restarting the RS service and rebooting the machine. Again, no errors but still no report availability.
The SQL Server instance where our data lives is up and running fine and we can query the OLAP cube and the relational side with no problem. All of our developer machines are already at VSTS 2008 SP1. Visual Studio is not installed on the server.
We looked at the logs files in the RS folder and the only errors that show are the ones that we get when we try to access the web site from IE, but that don't seem to contain any more info about the root cause.
Any help would be greatly appreciated. I'll post any updates on other things we try here.
UPDATE: There is a login error showing up the ReportServer(timestamp).log file. The login on the reporting services service is not the login that is showing up in this error, so I'm not yet sure what process is actually trying to make the connection to the db.
We got this resolved. It appears that the TFS 2008 SP1 install process decided to change the identity setting of application pool for the Reporting Services web site. To resolve we needed to:
Open Internet Information Server Manager
Go into Application Pools
Right click on the Reporting Services application pool
Click on the Identity tab
Change the account from NetworkService to our TFS domain account
Edit the rsreportserver.config located in "\Program Files\Microsoft SQL Server\MSSQL.1\Reporting
Change the "NT Authority\NetworkService" to "OurDomain\TFSDomainAccount"
Restart IIS
Hope this saves someone else some time.
Check the IIS application pools. My feeling is that reporting services doesn't play nice with other web applications (usually I've fixed this in the past by setting a seperate pool for the other applications).