TFS releasing management deployment issue with WinRM - tfs

I am using TFS (2015 update 3 and implemented CI build. I created two environments for release, one is staging and other is production hosted in AWS windows VM. I am using IIS Deploy WinRM extension(https://marketplace.visualstudio.com/items?itemName=ms-vscs-rm.iiswebapp) in release task to deploy the package to the remote server.
staging IIS is hosted in same build machine and deployment task is working fine. when I deploy to production environment I am getting following error.
Deployment failed on machine xx.xx.xx.xx with following message: System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server xx.xx.xx.xx failed with the following error message: WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits accesses to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
I believe WinRM is not able to communicate with target server hence it is not working. I tried to follow instructions in this link (https://learn.microsoft.com/en-us/vsts/build-release/apps/cd/deploy-webdeploy-iis-winrm).
I configured winRM in both machines and even added build machine (where I initiate release) to trusted hosts on the target server. In both machines, winRM service is listening to ports 5985,5986.
i tried to test WinRM connection and tried following command in build machine.
test-wsman -ComputerName -UseSSL
I got following error
test-wsman : ">WinRM cannot complete the operation. Verify that the specified
computer name is valid, that the WinRM
service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles
limits access to remote computers within the same local subnet.
I am sure the issue is WinRM not able to communicate with the target server. One of the requirements of this TFS winRM deployment extension is both servers should be domain joined or workgroup joined. (mentioned in https://learn.microsoft.com/en-us/vsts/build-release/apps/cd/deploy-webdeploy-iis-winrm) . Is this why deployment not working and how can I join both domains? As target server is hosted in AWS ( it is a windows VM machine), we connect through VPN.
Build machine's name is like MachineName.uk.companyname.com and target servers name is MachineName.abc.risk.cloud (both in different domains)
Any thoughts on debugging this and get this deployment working in target server?

WinRM configuration
Windows Remote Management (WinRM) requires target servers to be:
Domain-joined or workgroup-joined
Able to communicate using the HTTP or HTTPS protocol
Addressed by using a fully-qualified domain name (FQDN) or an IP address
Just as the document described, you need to follow the requirements of WinRm configuration. Since using test-wsman -ComputerName -UseSSL also shows communicate with the target server, this is why deployment not working.
For AWS related, you could try to use AWS Tools for Microsoft Visual Studio Team Services. The AWS Tools for Microsoft Visual Studio Team Services (VSTS) is an extension for Microsoft VSTS and on-premises Microsoft Team Foundation Server (TFS) that makes it easy to deploy .NET applications to AWS.

Related

unable to deploy .net project using TFS IIS app deployment task

I am trying to deploy my project to IIS using TFS Winrm:IIS web app deployment task. I am new to this.
I am getting the following error'
"Deployment failed on machine xxx with following message : System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server xxx failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". "
I was able deploy the project to the same remote server using TFS Winrm: windows machine file copy task which is the prior step for web app deployment to IIS. Winrm service is running and when it type the "winrm quickconfig i am getting "winrm is already been configured".
What am i missing here ? please suggest. Thanks in advance.
The Winrm:IIS task is actually MSDeploy from Machine A to Machine B so for this to work you need to install MSDeploy on Machine B. You should then be ok to deploy from Machine A. Check this article out for more information and to see if you have all the pre-requisite. Also these articles have a bit more info.
https://learn.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-webdeploy-iis-winrm?view=azure-devops
https://marketplace.visualstudio.com/items?itemName=ms-vscs-rm.iiswebapp
The issue was resolved when i enable remote powershell remoting my remote machine using the command Enable-PSRemoting –force

Visual Studio Team Services error: "The target of the specified cmdlet cannot be a Windows client-based operating system."

When I try to deploy my artifact on IIS, I am getting the error as shown in the below screenshot. Any help will be greatly appreciated.
The "IIS Web App Management" screenshot is shown below:
The error message is pretty clear: You can't use it to install IIS on a client OS (such as Windows 10). You have to use a server OS (such as Windows Server).
There's nothing you can do about it other than to use a server OS or use an alternate tool to deploy.
Using Windows Remote Management (WinRM), connect to the host
machine(s) where IIS or SQL Server is installed, and manage the Web
application or deploy the SQL Server Database as described below:
Create a new website or update an existing website using AppCmd.exe.
Create a new application pool or update an existing application pool using AppCmd.exe.
Deploy a Web Application to the IIS Server using Web Deploy.
Deploy a SQL Server Database using DACPAC and SqlPackage.exe.
Your log mentioned the task was installing IIS, and it seemed the tasking was installing IIS on a windows client OS. You need to check your target machine to see whether it has IIS installed.

TFS2015: Test agents deployment through HTTPS failes: Access Denied

I'm getting a bit strange situation with a 'Visual Studio Test Agent Deploment' in TFS2015 Update 2.1. When in Machine Group the protocol is set to HTTP everthing is ok, testagent deploys sucsefully. But when I'm trying to do the same task with HTTPS connection to remote machine i'm getting exception:
DistributedTests: Task 'DownloadTestAgent' on machine 'XYZ:5986' is being run
DistributedTests: Task 'DownloadTestAgent' on machine 'XYZ:5986' completed.
DistributedTests: Task 'DownloadTestAgent' for machine XYZ:5986's Error : System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server XYZ failed with the following error message :
Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
Machines are in the same domain. It's not a user/password problem because when I use HTTP it succesfully finishes the deployment, but when I edit 'Machine Group' to use HTTPS it failes.
Thanks for any ideas!
I'm afraid you didn't configure HTTPS for WinRM on the host machine, you would need to follow the directions for domain-joined machines:
If you choose HTTPS, you can use either a FQDN or an IP address to access the target machine(s). To use a FQDN to access the target machine(s), execute the following in a Command window with Administrative permissions:
ConfigureWinRM.ps1 {FQDN} https
To use an IP address to access the target machine(s), execute the following in a Command window with Administrative permissions:
ConfigureWinRM.ps1 {ipaddress} https
These commands create a test certificate by using MakeCert.exe, use
the certificate to create an HTTPS WinRM listener, and open port 5986
inbound for WinRM over HTTPS. The script also increases the WinRM
MaxEnvelopeSizekb setting. By default on Windows Server this is 500
KB, which can result in a "Request size exceeded the configured
MaxEnvelopeSize quota" error.

Why is Web Deploy using the wrong account?

I've verified that Web Deploy works (using NTLM authorization) when I fire it from Visual Studio on my local machine. Now I want my build server to auto-deploy (if appropriate) every night. I'm using Jenkins on the build server, and I've granted the account access in IIS on the remote machine. My parameters to MSBuild are as follows:
/p:DeployOnBuild=true
/p:Configuration=Debug
/p:Platform=x86
/p:PublishProfile=DEV
/p:AuthType=NTLM
/p:AllowUntrustedCertificate=True
/p:Username=
The DEV publish profile specifies my DEV server which uses a self-signed certificate thus necessitating an untrusted certificate. The NTLM and blank username should use the current user/account to connect.
However, the Jenkins' job's MSBuild step fails with this error
msdeploy error ERROR_USER_UNAUTHORIZED: Web deployment task failed. (Connected to the remote computer ("DEV-SERVER") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
When I look at the IIS logs on DEV-SERVER, I see the following:
2016-01-06 23:55:10 159.212.19.186 HEAD /msdeploy.axd site=MySite 8172 - 159.212.19.123 - 401 2 5 0
2016-01-06 23:55:10 159.212.19.186 HEAD /msdeploy.axd site=MySite 8172 CO\BUILD-SERVER$ 159.212.19.123 - 401 2 64 78
I was expecting to see CO\jenkins, the account Jenkins is running under, instead of CO\BUILD-SERVER$. (And what's with the $ on the end?) Am I correct in thinking the wrong account is being used? What do I need to do to get this working?
CO\BUILD-SERVER$ is the machine account of your build server.
If you have a slave running on that machine, is it running as a windows service? If so it's probably running as "System"
Also re Selenium tests, if the tests are running on the build server then the service may need to set to run interactively so that the tests can run against a UI.

TFS build agent, same port as team server?

My team foundation is setup to use port 8080, when I am creating a new build agent it defaults to port 9191.
Which one should I use?
I am getting an error when I try and run my build, it says the build agent was unreachable.
I created a share on my drive c:\tfsbuilds, and I added the TFSService account and gave it full rights.
I am using the \computername\tfsbuilds as my path to the builds folder.
What else could be wrong?
Error message
Team Foundation Build on computer TFSBUILDS.MyServer1.local (port 9191) is not responding. (Detail Message: Unable to connect to the remote server)
Has the Build service been started? This is probably the most common issue as the service will need to be started first. And yes, 9191 is the default port for the build agents. Can you also check your firewall?

Resources