MSDeploy triggers 401 Access denied error when trying to synch a site

Question

I try to push/sync a IIS Site from a Win2003 Server to another.

This is my command:

msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=Administrator,password=PASSWORD -whatif > msdeploysync.log

I also tried the following

msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=BACKUP-09\Administrator,password=PASSWORD -whatif > msdeploysync.log

I also tried

msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=Administrator@BACKUP-09,password=PASSWORD -whatif > msdeploysync.log

This is the error:

Fatal: Request to remote agent URL 'http://backup-09/MSDEPLOYAGENTSERVICE' failed.

Fatal: The remote server returned an error: (401) Unauthorized. Fatal count: 1

• I did run msdeploy/cmd as an administrator.
• I did try to access http://backup-09/MSDEPLOYAGENTSERVICE, it asked for my permissions, I entered the credentials above, it worked (empty site displayed).
• This is Beta 2 of MSDeploy

Can anyone help me?

I now even set up a domain controller for all the servers... still the same issues, whether I'm logged in as a domain controller, supply the local accounts, all variations trigger a 401

Answer 1

I've just experienced a 401 and ERROR_USER_NOT_ADMIN. In my case, the problem was I was using a hostname set in my hosts file (also in the hosts file on the destination machine) for the computerName setting to the -dest: parameter. NTLM was trying to treat this host name as the domain part of the username (e.g. hostname\userName). Changing this to the IP address or or real machine name fixed the issue.

Answer 2

Note that there is a bug in Web Deploy 2.0 (even the refresh) that does not allow users within the admin group to authenticate. Only domain admins and the administrator account itself can authenticate to web deploy. See the ERROR_USER_NOT_ADMIN error code on the following page: http://learn.iis.net/page.aspx/1023/web-deploy-error-codes/

Answer 3

Msdeploy appears to use NTLM authentication by default, even if userName and password are present. To enable the correct processing of "userName" and "password", append the following to the relevant source: or dest: parameters: ",authType=basic"

Answer 4

This is a really old question, but I may have found an answer.

I was getting the 401 Unauthorized error message, but still able to login using the account specified in the call to MSDeploy, as described in the question.

In my case, the problem was solved by giving the deploy account admin privileges on the machine being deployed too.

(I see that you were using an account called Administrator, so this might not be the case for you - but I had the same symptoms so wanted to post anyway).

Answer 5

I got this error because UAC was turned on (Windows Server 2008).

Need to turn off UAC for remote connections:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy=1

---

This key helped me on another server (Windows Server 2012):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server\WindowsAuthenticationEnabled=1

Michael12345 suggested it here: https://stackoverflow.com/a/15059759/991267

Answer 6

I did not have this type of error before but in Visual Studio 2015 Update 3 when create a new ASP.NET Core application the default publish profile does not work.

I did find a solution. For me adding the

<AuthType>NTLM</AuthType>

line in the .pubxml file fixed the issue.