msdeploy error deploying to Asp.Net Core site folder if logs have been written. [Answered]RSS

2 replies

Last post Jul 11, 2019 06:18 PM by Chris Becke

  • msdeploy error deploying to Asp.Net Core site folder if logs have been written.

    Jul 10, 2019 07:48 AM|Chris Becke|LINK

    $ msdeploy -verb:sync -source:iisApp="%cd%\Example.Api\bin\release\publish" -dest:iisApp="example.api",wmsvc=web1,userName=deploy,password=%WEBDEPLOY_PASSWORD% -enableRule:AppOffline -AllowUntrusted
    Info: Using ID 'b6ce879d-7823-436d-bc5d-785dfd2c1746' for connections to the remote server.
    Info: Deleting file (example.api\logs\API20190709.log).
    Error Code: ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER
    More Information: Unable to perform the operation ("Delete File")  for the specified directory ("API20190709.log"). This can occur if the server administrator has not authorized this operation for the user credentials you are using.
      Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER.
    Error count: 1.
    ERROR: Job failed: exit status 4294967295

    Deploying an Asp.Net Core application with an IIS Manager account, as above, fails, when asp.net core logging has been enabled.

  • Re: msdeploy error deploying to Asp.Net Core site folder if logs have been written.

    Jul 11, 2019 06:34 AM|Able|LINK

    Hi Chris Becke,

    According to the error message, this error code can surface if connecting over the Web Management Service as a non-administrator.To solve this error you ,I suggest that you could Grant the appropriate account Full Control on the site's root folder. Alternatively:

    • Start IIS Manager and right click on the site in question
    • Click Deploy > Configure for Web Deploy Publishing
    • Select the appropriate username
    • Click Setup

    Here is the link,I hope it could help you.

    https://docs.microsoft.com/en-us/iis/publish/troubleshooting-web-deploy/web-deploy-error-codes

    Best Regards

    Able

    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: msdeploy error deploying to Asp.Net Core site folder if logs have been written.

    Jul 11, 2019 06:18 PM|Chris Becke|LINK

    What though is "the appropriate account"?

    When an IIS Manager user is used (rather than a local/AD user), then wmsvc doesn't seem to have an account to use other than the account its configured to run under. Which seems somewhat variable depending on how Web Deploy was installed as, on one IIS server, by using ICACLS to look at files created by remote deployments authorized by IIS Manager users, on one server files were owned by NT SYSTEM\WMSVC and on another NT SYSTEM\LOCAL SERVICE (on this system the WMSVC account couldn't be found at all).

    Neither of these seems like the best choice of token to use, but I don't (obviously) know if:

    1. This is one of those weird cases where using the msi installer for web deploy to install the handler will reinstall the wmsvc - which is otherwise installed as "Remote Web Management" under Server Roles and Features would ensure that a consistent account was used for wmsvc / IIS Manager created content.
    2. If there is an alternate "better" security principal to use at the site level, because "LOCAL SERVICE" feels very coarse, and manually messing with wmsvc's settings feels like a security patch or something will undo my work / ill end up with a server in an unsupportable state for production.

    Hopefully this "Configure for Publishing" Wizard knows what to do.

    --

    One point of confusion: I'm also interested in why wmsvc can actually deploy the site normally. Its interesting to me that it can create objects in the folder in the first place, but then later, with largely the same permissions in place, it can't delete files that were created by a different security principal - despite all the other inherited permissions being the same.