I'm trying to configure an IIS 7.5 server to allow remote deployment by a domain user account.
I can achieve this if I create either a local account with Administrator privileges, or use a domain account with Administrator privileges, but for a regular domain account I can't figure out what I need to set.
The steps I've taken so far are:
- Create user account 'webdeploy' on domain controller
- Under 'IIS Manager Permissions' for the Default Web Site, I've gone through the 'Allow User…' wizard to allow the domain user access to the site.
- At the server level, under 'Management Service', I've enabled remote connections for Windows credentials only from all IP addresses.
- Under 'Management Service Delegation' I've created two rules, 'createApp' and 'contentPath, iisApp' and added the 'DOMAIN\webdeploy' user to each of these.
However, when trying to run msdeploy with the webdeploy account credentials, I receive a '401 Unauthorized' message, and see the following in the eventlog:
IISWMSVC_AUTHORIZATION_SERVER_NOT_ALLOWED
Only Windows Administrators are allowed to connect using a server connection. Other users should use the 'Connect To Site or Application' task to be able to connect.
Process:WMSvc
User=DOMAIN\webdeploy
Does this imply that my buildserver needs to store the credentials of a domain administrator in order to simply push web apps to the web server?
Best Answer
You need to specify the full Web Management Service url with a site parameter. For example, if you were previously using:
Then you would use this instead: