WebDeploy (401) Unauthorized error

I was finally able to get my automated build and deploy running using NTLM. I just wanted to summarize what it took to get it going in case it is helpful to anyone. This is with IIS 7.5.

1. Set the registry setting and restart Web Management Service (WMSVC):

   reg add HKLM\Software\Microsoft\WebManagement\Server /v WindowsAuthenticationEnabled /t REG_DWORD /d 1

2. Give the user running the TFS build service permission in the web site directory.

3. Here are the MSBuild arguments that I used. Replace the various names with your names. I was using DEV and Any CPU. I also needed to allow an untrusted certificate.

   /m /p:PublishProfile=DEV /p:Configuration=DEV /p:Platform="Any CPU" /p:DeployOnBuild=true /p:AllowUntrustedCertificate=true /p:authType=NTLM

4. In IIS Manager with the destination web site selected, open IIS Manager Permissions and allow the user running the TFS build service.

Tracing was very helpful in diagnosing the problems. You can turn on tracing in Management Service Delegation in IIS Manager. Initially I couldn't see Management Service Delegation in IIS Manager. To get to show I had to 'change' Web Deploy from Add Programs so that Management Service Delegation was installed. It looked like it was installed, but I reset the dropdown to install to my computer and completed the install. Then it appeared in IIS Manager.

If you configure delegation to "Allow administrators to bypass rules" and msdeploy command succeeds, then you are going through WMSvc and it is letting you through. Otherwise, from the response it seems that WMSvc is rejecting you and you are falling back to Web Deloy agent.

Set/add the following reg value to WMSvc reg key:

reg add HKLM\Software\Microsoft\WebManagement\Server /v WindowsAuthenticationEnabled /t REG_DWORD /d 1

Recycle WMSvc:

net stop wmsvc & net start wmsvc

Try again. If it doesn't succeed, can you post your msdeploy command line.

We have a machine that we have been deploying to as part of our build process. For no obvious reason, deploys stopped working and we could no longer remotely access any of the administrative shares (C$, ADMIN$, etc.). We found a fix for the administrative shares which also fixed the deployment problems.

We followed the step in this KB article to re-enable the administrative shares (still no idea why they suddenly stopped working).

http://support.microsoft.com/kb/947232

After we did that, msdeploy all of a sudden started working again as well. I didn't think msdeploy used administrative shares at all. I'm not even positive the two are related at all, but I thought I'd throw it out there in case it solves anyone else's problem.