IIS Remote WebDeploy

To setup IIS remote WebDeploy:

Step 1 – Server side ( Windows server 2008 R2 only)

Follow this article to turn remote feature on, and set up new remote user. http://learn.iis.net/page.aspx/159/configuring-remote-administration-and-feature-delegation-in-iis-7/

Step 2 – Setup web deployment handler, to allow non-admin user be able to deploy remotely.

Follow this post: http://learn.iis.net/page.aspx/516/configure-the-web-deployment-handler/

  • In the RunAs section, select SpecificUser for the Identity Type, and the click the Set… button to specify a user account that will perform this operation. In order for this rule to work, the rule must run as a user that has access to write to the applicationHost.config file. It is recommended that you create an account (for example, “CreateAppUser”) that is not in the Administrators group and only grant it the minimum required permissions. To do this:
    • Create a user account.
    • Grant read permission to %windir%\system32\inetsrv\config.
    • Grant modify permission to %windir%\system32\inetsrv\config\applicationHost.config.
It will be easier to assgin all “contentPath, createApp, iisApp, setAcl” providers to the same RunAs user credential.
Application folder also needs to assign full control permission to delegate users.
Sometimes local account donesn’t work, e.g. app folder is on network sharing, we can always assign RunAs account to administrators group.

Step 3 – Turn on delegate request tracing.

This can help with debugging deployment issues.  Install FREB by adding a tracing feature to IIS, as described in this post:  http://www.iis.net/ConfigReference/system.webServer/tracing/traceFailedRequests

After install, check ‘Enable failed request tracing logs for the delegation server’:
IIS Magement service needs to restart to enable tracing.
Here are two pages for error code look up:

Step 4 – Client side install IIS Manager for Remote Administration extension for IIS7 manager.

http://www.iis.net/download/iismanager

After install finished,open iis7 manager.
File->connect, pick connect to application, type in server name/site name/application name, user/password, if problem occur, check tracing logs at server side to investigate the problem, usually it’s the delegation or permission setting missing.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s