I'm getting a bit strange situation with a 'Visual Studio Test Agent Deploment' in TFS2015 Update 2.1. When in Machine Group the protocol is set to HTTP everthing is ok, testagent deploys sucsefully. But when I'm trying to do the same task with HTTPS connection to remote machine i'm getting exception:
DistributedTests: Task 'DownloadTestAgent' on machine 'XYZ:5986' is being run
DistributedTests: Task 'DownloadTestAgent' on machine 'XYZ:5986' completed.
DistributedTests: Task 'DownloadTestAgent' for machine XYZ:5986's Error : System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server XYZ failed with the following error message :
Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
Machines are in the same domain. It's not a user/password problem because when I use HTTP it succesfully finishes the deployment, but when I edit 'Machine Group' to use HTTPS it failes.
Thanks for any ideas!
I'm afraid you didn't configure HTTPS for WinRM on the host machine, you would need to follow the directions for domain-joined machines:
If you choose HTTPS, you can use either a FQDN or an IP address to access the target machine(s). To use a FQDN to access the target machine(s), execute the following in a Command window with Administrative permissions:
ConfigureWinRM.ps1 {FQDN} https
To use an IP address to access the target machine(s), execute the following in a Command window with Administrative permissions:
ConfigureWinRM.ps1 {ipaddress} https
These commands create a test certificate by using MakeCert.exe, use
the certificate to create an HTTPS WinRM listener, and open port 5986
inbound for WinRM over HTTPS. The script also increases the WinRM
MaxEnvelopeSizekb setting. By default on Windows Server this is 500
KB, which can result in a "Request size exceeded the configured
MaxEnvelopeSize quota" error.
Related
I am trying to deploy my project to IIS using TFS Winrm:IIS web app deployment task. I am new to this.
I am getting the following error'
"Deployment failed on machine xxx with following message : System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server xxx failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". "
I was able deploy the project to the same remote server using TFS Winrm: windows machine file copy task which is the prior step for web app deployment to IIS. Winrm service is running and when it type the "winrm quickconfig i am getting "winrm is already been configured".
What am i missing here ? please suggest. Thanks in advance.
The Winrm:IIS task is actually MSDeploy from Machine A to Machine B so for this to work you need to install MSDeploy on Machine B. You should then be ok to deploy from Machine A. Check this article out for more information and to see if you have all the pre-requisite. Also these articles have a bit more info.
https://learn.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-webdeploy-iis-winrm?view=azure-devops
https://marketplace.visualstudio.com/items?itemName=ms-vscs-rm.iiswebapp
The issue was resolved when i enable remote powershell remoting my remote machine using the command Enable-PSRemoting –force
I'm currently trying to configure Jenkins in order to launch my Windows slave using EC2 plugin. However, my slave agent enters an infinite loop with the message:
Connecting to ip-10-180-10-223.ap-southeast-2.compute.internal(10.180.10.223) with WinRM as Waiting for WinRM to come up. Sleeping 10s.
I followed this post How to run Windows instance on EC2 from Jenkins? to troubleshoot my issue but to no avail. I configured for both the client and the server and used this command on the remote machine winrm identify -r:http://winrm_server:5985 -auth:basic -u:user_name -p:password -encoding:utf-8 as stated in this link http://www.gabrielmatteson.com/index.php/howto-configure-windows-remote-management-service-to-allow-http-and-basic-authentication/ but I got this message:
The WinRM client cannot process the request. If the authentication scheme is
different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure
TrustedHosts. Note that computers in the TrustedHosts list might not be
authenticated. You can get more information about that by running the
following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
I followed this post here Connecting to remote server failed using WinRM from PowerShell to troubleshoot again but I still got the same message as above. For the EC2 instance, I modified the Security Group to allow all inbound and outbound traffic but it has not worked.
I don't know the issue why but my WinRM on the virtual server is up and running.
WinRm need to be configured to allow remote server management.
Two ways to do this:
Start your instance from aws and run these WinRm commands via the command line.
winrm quickconfig
winrm set winrm/config/client '#{AllowUnencrypted="true"}'
winrm set winrm/config/service '#{AllowUnencrypted="true"}'
winrm set winrm/config/client/Auth '#{Basic="true"}'
winrm set winrm/config/service/auth '#{Basic="true"}'
winrm set winrm/config/winrs '#{MaxMemoryPerShellMB="1024"}'
then save the image of this instance (aws ui -> ec2 -> select the instance -> actions -> images and templates -> create an image) and use it for your jenkins slave.
Put these commands in section "User Data" that you will find in the configurations of your jenkins agent (Jenkins UI -> Build Executor Status -> Configure Clouds).
<powershell>
winrm quickconfig
winrm set winrm/config/client '#{AllowUnencrypted="true"}'
winrm set winrm/config/service '#{AllowUnencrypted="true"}'
winrm set winrm/config/client/Auth '#{Basic="true"}'
winrm set winrm/config/service/auth '#{Basic="true"}'
winrm set winrm/config/winrs '#{MaxMemoryPerShellMB="1024"}'
</powershell>
NOTE that 1024 is an example, you can allocate more memory if needed. In my case my jenkins job needed more memory and because i have an t3.Xlarge instance type (16Gib memory) i've allocated 8Gib (8192) to WinRm.
Sources:
Jenkins Amazon EC2 plugin WinRM infinite loop
https://issues.jenkins.io/browse/JENKINS-34610
I am using TFS (2015 update 3 and implemented CI build. I created two environments for release, one is staging and other is production hosted in AWS windows VM. I am using IIS Deploy WinRM extension(https://marketplace.visualstudio.com/items?itemName=ms-vscs-rm.iiswebapp) in release task to deploy the package to the remote server.
staging IIS is hosted in same build machine and deployment task is working fine. when I deploy to production environment I am getting following error.
Deployment failed on machine xx.xx.xx.xx with following message: System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server xx.xx.xx.xx failed with the following error message: WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits accesses to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
I believe WinRM is not able to communicate with target server hence it is not working. I tried to follow instructions in this link (https://learn.microsoft.com/en-us/vsts/build-release/apps/cd/deploy-webdeploy-iis-winrm).
I configured winRM in both machines and even added build machine (where I initiate release) to trusted hosts on the target server. In both machines, winRM service is listening to ports 5985,5986.
i tried to test WinRM connection and tried following command in build machine.
test-wsman -ComputerName -UseSSL
I got following error
test-wsman : ">WinRM cannot complete the operation. Verify that the specified
computer name is valid, that the WinRM
service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles
limits access to remote computers within the same local subnet.
I am sure the issue is WinRM not able to communicate with the target server. One of the requirements of this TFS winRM deployment extension is both servers should be domain joined or workgroup joined. (mentioned in https://learn.microsoft.com/en-us/vsts/build-release/apps/cd/deploy-webdeploy-iis-winrm) . Is this why deployment not working and how can I join both domains? As target server is hosted in AWS ( it is a windows VM machine), we connect through VPN.
Build machine's name is like MachineName.uk.companyname.com and target servers name is MachineName.abc.risk.cloud (both in different domains)
Any thoughts on debugging this and get this deployment working in target server?
WinRM configuration
Windows Remote Management (WinRM) requires target servers to be:
Domain-joined or workgroup-joined
Able to communicate using the HTTP or HTTPS protocol
Addressed by using a fully-qualified domain name (FQDN) or an IP address
Just as the document described, you need to follow the requirements of WinRm configuration. Since using test-wsman -ComputerName -UseSSL also shows communicate with the target server, this is why deployment not working.
For AWS related, you could try to use AWS Tools for Microsoft Visual Studio Team Services. The AWS Tools for Microsoft Visual Studio Team Services (VSTS) is an extension for Microsoft VSTS and on-premises Microsoft Team Foundation Server (TFS) that makes it easy to deploy .NET applications to AWS.
I've verified that Web Deploy works (using NTLM authorization) when I fire it from Visual Studio on my local machine. Now I want my build server to auto-deploy (if appropriate) every night. I'm using Jenkins on the build server, and I've granted the account access in IIS on the remote machine. My parameters to MSBuild are as follows:
/p:DeployOnBuild=true
/p:Configuration=Debug
/p:Platform=x86
/p:PublishProfile=DEV
/p:AuthType=NTLM
/p:AllowUntrustedCertificate=True
/p:Username=
The DEV publish profile specifies my DEV server which uses a self-signed certificate thus necessitating an untrusted certificate. The NTLM and blank username should use the current user/account to connect.
However, the Jenkins' job's MSBuild step fails with this error
msdeploy error ERROR_USER_UNAUTHORIZED: Web deployment task failed. (Connected to the remote computer ("DEV-SERVER") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
When I look at the IIS logs on DEV-SERVER, I see the following:
2016-01-06 23:55:10 159.212.19.186 HEAD /msdeploy.axd site=MySite 8172 - 159.212.19.123 - 401 2 5 0
2016-01-06 23:55:10 159.212.19.186 HEAD /msdeploy.axd site=MySite 8172 CO\BUILD-SERVER$ 159.212.19.123 - 401 2 64 78
I was expecting to see CO\jenkins, the account Jenkins is running under, instead of CO\BUILD-SERVER$. (And what's with the $ on the end?) Am I correct in thinking the wrong account is being used? What do I need to do to get this working?
CO\BUILD-SERVER$ is the machine account of your build server.
If you have a slave running on that machine, is it running as a windows service? If so it's probably running as "System"
Also re Selenium tests, if the tests are running on the build server then the service may need to set to run interactively so that the tests can run against a UI.
My team foundation is setup to use port 8080, when I am creating a new build agent it defaults to port 9191.
Which one should I use?
I am getting an error when I try and run my build, it says the build agent was unreachable.
I created a share on my drive c:\tfsbuilds, and I added the TFSService account and gave it full rights.
I am using the \computername\tfsbuilds as my path to the builds folder.
What else could be wrong?
Error message
Team Foundation Build on computer TFSBUILDS.MyServer1.local (port 9191) is not responding. (Detail Message: Unable to connect to the remote server)
Has the Build service been started? This is probably the most common issue as the service will need to be started first. And yes, 9191 is the default port for the build agents. Can you also check your firewall?