IIS 7 and Above
msdeploy error deploying to Asp.Net Core site folder if logs have bee...
Last post Jul 11, 2019 06:18 PM by Chris Becke
Jul 10, 2019 07:48 AM|Chris Becke|LINK
$ msdeploy -verb:sync -source:iisApp="%cd%\Example.Api\bin\release\publish" -dest:iisApp="example.api",wmsvc=web1,userName=deploy,password=%WEBDEPLOY_PASSWORD% -enableRule:AppOffline -AllowUntrusted
Info: Using ID 'b6ce879d-7823-436d-bc5d-785dfd2c1746' for connections to the remote server.
Info: Deleting file (example.api\logs\API20190709.log).
Error Code: ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER
More Information: Unable to perform the operation ("Delete File") for the specified directory ("API20190709.log"). This can occur if the server administrator has not authorized this operation for the user credentials you are using.
Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_INSUFFICIENT_ACCESS_TO_SITE_FOLDER.
Error count: 1.
ERROR: Job failed: exit status 4294967295
Deploying an Asp.Net Core application with an IIS Manager account, as above, fails, when asp.net core logging has been enabled.
Jul 11, 2019 06:34 AM|Able|LINK
Hi Chris Becke,
According to the error message, this error code can surface if connecting over the Web Management Service as a non-administrator.To solve this error you ,I suggest that you could Grant the appropriate account Full Control on the site's root
Here is the link,I hope it could help you.
Jul 11, 2019 06:18 PM|Chris Becke|LINK
What though is "the appropriate account"?
When an IIS Manager user is used (rather than a local/AD user), then wmsvc doesn't seem to have an account to use other than the account its configured to run under. Which seems somewhat variable depending on how Web Deploy was installed as, on one IIS server,
by using ICACLS to look at files created by remote deployments authorized by IIS Manager users, on one server files were owned by NT SYSTEM\WMSVC and on another NT SYSTEM\LOCAL SERVICE (on this system the WMSVC account couldn't be found at all).
Neither of these seems like the best choice of token to use, but I don't (obviously) know if:
Hopefully this "Configure for Publishing" Wizard knows what to do.
One point of confusion: I'm also interested in why wmsvc can actually deploy the site normally. Its interesting to me that it can create objects in the folder in the first place, but then later, with largely the same permissions in place, it can't delete
files that were created by a different security principal - despite all the other inherited permissions being the same.