Strange Web Deploy access issue - webdeploy

I'm getting an odd problem with connecting to a server.
The server's logs read:
2013-05-21 11:18:24 [IP ADDRESS] HEAD /msdeploy.axd site=[SITE NAME] 8172 administrator [MY IP] - 401 1 1326 214
I am using the administrator account so I can't understand why it's not allowing access!
I am using VS2012 and Web Deploy 3.0 on Server 2008R2 x86.
UPDATE
When using the command msdeploy.exe -verb:dump -source:iisApp=<sitename>,username=administrator,password=<urpassword>,authtype=‌​basic,computername=https://<yourserver>:8172/msdeploy.axd?Site=<sitename> -authtype=basic as suggested by #ShaikhOwais I get the following error:
Error Code: ERROR_USER_UNAUTHORIZED
More Information: Connected to the remote computer ("[COMPUTER NAME]") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site.
"Make sure that you are using the correct user name and password" - yep.
"that the site you are connecting to exists" - yep
"the credentials represent a user who has permissions to access the site" - it's the administrator...

As stated in the comment above, you need to qualify the username with the domain to which your admin user belongs.
Your script should thus be:
msdeploy.exe -verb:dump -source:iisApp=<sitename>,username=
<DOMAIN>\administrator,password=<urpassword>,authtype=‌​
basic,computername=https://<yourserver>:8172/msdeploy.axd?Site=<sitename>
-authtype=basic

It happen with me and it was share permissions issue that time
Can you try "net use \server\c$\path\to\fodler" and see if you can access this directory?
If it does not help can you please reply -
Are you getting first time this error ? was you able to web deploy on the same server earlier or you are doing first time with this server ?

Related

How to connect snowsql from PC (Windows 10)

I have signed up for 30 day trial version for snowflake, as part of learning I am trying to run the Snowsql (client) from my windows desktop. I installed client from snowflake client repository (account name, username and password are all correct).
Got the following error:
C:\Users\ugain>snowsql -a vg49826 -u ugainedi
Password:
**250001 (08001): Failed to connect to DB. Verify the account name is correct: vg49826.snowflakecomputing.com:443. HTTP 403: Forbidden
If the error message is unclear, enable logging using -o log_level=DEBUG and see the log to find out the cause. Contact support for further help.
Goodbye!**
Appreciate the help. Thank you!
Go to your account using the Snowflake web UI and look at the URL. Since there is no account vg49826.snowflakecomputing.com, that means you're running Snowflake somewhere other than on AWS_US_WEST_2. That's the only region that does not include the region in the account name for connection purposes.
Copy the portion of the URL up to but not including "snowflakecomputing.com". It will be something like vg49826.us-east-1, vg49826.east-us-2.azure, or something similar. Your Snowflake account, for the purposes of connecting to SnowSQL is the portion of the URL after https:// and before snowflakecomputing.com in the web UI URL.

msdeploy error ERROR_USER_UNAUTHORIZED: Web deployment task failed

Web deployment task failed. Error ERROR_USER_UNAUTHORIZED
We are using Tfs Build Automation and msdeploy for publishing an web application on remote machine.
On "Visual Studio Build" step we set this parameters on "MSBuild Arguments":
/p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=$(UserName);Password=$(Password)
After quing the build we get this error:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\Web\Microsoft.Web.Publishing.targets(4276,5): Error ERROR_USER_UNAUTHORIZED: Web deployment task failed. (Connected to the remote computer ("MySERVER") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
I am sure that username and password is correct, and the user isAdministrator on the server (MySERVER).
I checked the Management Service log on IIS and found something important:
the build agent's username(tfsadmin) sent for deploy on IIS instead of the user/pass that I set in build variables.
Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 - MyBuildServerIP - - 401 2 5 1322
2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 tfsadmin MyBuildServerIP - - 401 1 1326 86
Update 1:
I add more information, as you see below in build log, in msBuildArgs the password is empty (instead of ********)!
WebDeploy Version : 3.6
TFS Version : 2015.1
Target Machine (MySERVER) : Windows 2012 R2
IIS Version : 8.5
The "tfsadmin" user has local administrator of target server (MyServer) and IIS Manager Permission on the target IIS Site.
Build log :
2018-01-06T06:37:19.9298797Z Starting task: Build solution $/MyProject/MySolution.sln
2018-01-06T06:37:20.0529203Z Executing the powershell script: D:\Agents\Agent-01\tasks\VSBuild\1.0.16\VSBuild.ps1
2018-01-06T06:37:20.3760645Z ##[debug]Entering script VSBuild.ps1
2018-01-06T06:37:20.3790648Z ##[debug]vsLocation =
2018-01-06T06:37:20.3800653Z ##[debug]vsVersion = 14.0
2018-01-06T06:37:20.3810663Z ##[debug]msBuildLocation =
2018-01-06T06:37:20.3820668Z ##[debug]msBuildVersion =
2018-01-06T06:37:20.3830692Z ##[debug]msBuildArchitecture = x64
2018-01-06T06:37:20.3840679Z ##[debug]msBuildArgs = /p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=tfsadmin;Password=;Pass2=********
2018-01-06T06:37:20.3840679Z ##[debug]solution = D:\Agents\Agent-01\_work\2\s\MyProject\MySolution.sln
2018-01-06T06:37:20.3860721Z ##[debug]platform =
2018-01-06T06:37:20.3870700Z ##[debug]configuration =
2018-01-06T06:37:20.3880727Z ##[debug]clean = true
2018-01-06T06:37:20.3890697Z ##[debug]restoreNugetPackages = true
2018-01-06T06:37:20.3890697Z ##[debug]logProjectEvents = true
2018-01-06T06:37:20.4010877Z ##[debug]Loading module from path 'D:\Agents\Agent-01\agent\worker\Modules\Microsoft.TeamFoundation.DistributedTask.Task.Internal\Microsoft.TeamFoundation.DistributedTask.Task.Internal.dll'.
...
Can anybody help me ?
You are correct that the wrong username and password were ultimately used to authenticate the request. Running the command net helpmsg 1326 (1326 is the sc-win32-status value from the log entry you provided) yields "The user name or password is incorrect."
Also interesting is the request/response logged before that. The substatus value 2 for a 401 means "Access is denied due to server configuration favoring an alternate authentication method." according to TechNet. And net helpmsg 1322 yields "This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon."
Review (or re-review) the instructions at https://learn.microsoft.com/en-us/iis/publish/using-web-deploy/configure-the-web-deployment-handler
If your deployment is still not working, take a look at Microsoft's Troubleshooting Common Problems with Web Deploy.
Deploy from VS with the command line will use the user name and password you provided. However deploy from TFS will use the build agent. So, the first thing is that the service account of the build process should has the correct permission to access the remote server.
Just try to give the build service account local administrator permissions and IIS Manager Permissionson to the site's scope on the remote server ("MySERVER"). Then set the username parameter to "" (empty quotes) and the password field omitted.
Reference: Build only works with username and password in msbuild arguments
This error code can surface because of a number of different reasons.
It typically indicates an authentication or authorization problem, and
can happen because of any of hte following reasons:
If connecting using the Web Management Service:
Verify that the username and password are correct
Verify that the site exists
Verify that the user has IIS Manager Permissions to the site's scope
If connecting using the Remote Agent Service:
Verify that the username and password are correct
Verify that the user account you specified is a member of the Administrators group on the remote computer. NOTE: Because of a bug
in Web Deploy 2.0, the user must be either the built-in Administrator
or a member of the Domain Administrators security group. Attempts to
sync with any other user account, even if it is an administrator,
will see this error code. Verify that the site exists
Reference : ERROR_USER_UNAUTHORIZED
UPDATE:
By default, Web Deploy will connect using HTTP Basic Authentication.
When using HTTP Basic Authentication, specific credentials must be supplied,
e.g.
msdeploy.exe -verb:dump -source:apphostconfig,wmsvc=demo-host,authType:basic,username=someuser,password=somepassword
In your scenario, you can try set the AuthType as NTLM, then try it again.
Just try adding the line <AuthType>NTLM</AuthType> to the publish .pubxml file.
Try this:
On your server go to Computer Management
From the left pan select Local Users and Groups
Go to users find the tfsadmin user
Right click on it and click on Set Password
Give your existing password (whatever it is)
This seems unnecessary but worked for me. I hope someone can explain the "why".

error 1069 the service did not start due to a logon failure while starting sqlserver service

I have found the answer of this issue;
the answer is to right click on the service / properties and logon tab then you should change the password;
but when I change the password and click apply my password does not work and it changes automatically to old one;
what you think I can do now?
This is the wrong forum to ask this question, but your issue is either you're putting in the wrong password for the service account.
OR
The user account you are using with the service does not have correct SQL permissions.
You should read up on SQL Permissions:
https://msdn.microsoft.com/en-us/library/bb669084(v=vs.110).aspx
https://msdn.microsoft.com/en-us/library/bb669065(v=vs.110).aspx
If you tried to update the password the SQL service uses via Windows Services, try instead via SQL Server Configuration Manager. Doing it via Windows Services will not work correctly.
And if you are not 100% sure you are typing the correct password, you may need to update the logon account's password first.

Which account is used to authenticate ASP.net to SQL when using a trusted connection?

I'm just in the process of trying to properly configure asp.net 4.5 on our IIS servers.
I have been able to navigate and launch an ASPX page that contains no data conenctions sucessfully so I know that the application pool authentication to the local directories is working as it should.
Now though I have a seperate SQL server that is connected to the domain and have a connection string stored in the code that connects the ASPX page to the server using a trusted connection. When running in visual studio debug mode, the connection works fine - but at that point I assume it is using my login credentials.
My question is, when a user calls the aspx page via the browser when hosted on the new IIS7 server, which account is used to call the SQL server when using a trusted connection? - Is it the end users or is it a local account from the IIS server?
When I call a page with data connections embedded I get the error: Login failed for user ADMIN\PCNAME$ ... which is an indication that this is the account that it is using. However this account doesn't exist on the domain that I'm aware of. - Or does it ?!
Thanks in advance,
It will use the account that ASP.NET is running under, as you've worked out. What you usually should do is create a Domain Account (with the right privileges) and run your ASP.NET AppPool under that account. Then a Trusted Connection will use that account for connecting to the database, and as long as you've given it access (which as a Domain Account you can do) it should all work.
Added:
After some back and forth on comments, lets go back to the start: set the new AppPool to run with the domain users account, and recycle the AppPoolo. What is it that says the password is wrong? If it's IIS trying to start the AppPool, then it is extremeny likely that the Password you gave the AppPool IS wrong, or else that the password is set to change on first logon.
If its not IIS, but opening a Database connection, are you sure that the database allows this Domain Account access to the database and the tables within it it will need? What roles have you assigned to this account? Also, what SQL statement is it trying to execute (if it's got far enough to try and execute a statement at all)?
I suggest you put any response in you original question - comments get to be a drag if there are too many of them.

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. in sql server

I have posted a related question few days back and provided its answer as well.
I am facing a strange issue, I have 2 servers first one is dev server and second is QA
When I execute the below line on dev server it works fine, but when I execute it on QA, it gives me the error Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON', as I posted in my previous question.
EXEC master.dbo.xp_cmdshell ‘sqlcmd -D db_name -S server_name -i sqlfile’
To resolve the above issue I have provided the username and pwd in the above query and it is working fine on both DEV and QA server. But to provide the username and pwd is not a nice approach as if we will change the server or pwd it directly impacts my query. So I want to execute the cmdshell command without using username and pwd on QA as well.
Can anyone please tell me what I am missing on QA. I have already provided the permissions to cmdshell on QA
ANY QUICK HELP
This is because the user the command runs as is NT AUTHORITY\ANONYMOUS LOGON, and this login does not have access to the DB.
Consider this: everything must run under a user context. Every process needs a to have a windows user owning it.
The SQLCMD you are running - who is the windows user running it? it isn't you. It is the SQL Server service. (do some research on xp_cmdshell)
You first need to do some research on windows service accounts and understand what they are.
Then, some possible solutions:
A. Check what your QA SQL Server service is running as (in the logon tab in services.msc)
B. USe a linked server insteadm which can use your logon instead
C. You might also be able to use some kind of proxy (a windows user to override the SQL Service user just for this pupose) but I haven't investigated that.