Configuring MSDeploy in IIS 7

by William March 20, 2010 12:36 AM

I just finished upgrading this blog to the RC of .Net 4 and Visual Studio 2010 and part of the process was to configure 1-Click deploy inside Visual Studio (as demonstrated by Scott Hanselman and Scott Guthrie during the Mix10 keynote).  1-Click is a great feature of Visual Studio 2010 and uses MSDeploy (which has been available for a few months) to do the actual deployment.  I thought it might be useful to share some of the issues I encountered while configuring MSDeploy.

Server Setup

This site is hosted on a Virtual Private Server running Windows Server 2008 (IIS 7) which means I needed to install and configure the MSDeploy Agent on the server myself (if you have a shared hosting account that is compatible with MSDeploy you won’t need to do this). Note that before installing MSDeploy you should make sure that WMS (Web Management Service) is installed – this is only needed on IIS 7, I believe (IIS 6 uses the deploy agent service included in the MSDeploy installer).

After installing MSDeploy it needs to be configured.  First WMS needs to be configured and started (note that all instructions here are for IIS 7):

  1. Start IIS Manager.
  2. Select the server level node in the navigation tree on the left and then double click the “Management Service” icon in the main pane.
  3. Make sure “Enable remote connections” is checked, choose the account type you want to use (I used Windows Accounts only) and then click “Start” in the action pane on the right.

After starting WMS you can configure the user(s) you want to have remote access to your sites – I created a Windows account specifically for this (named “webdeploy”):

  1. In the navigation tree on the left select the site you want to grant remote access to and then double-click the “IIS Manager Permissions” icon.
  2. Click “Allow User…” on the right and select the user you want to grant access to the site, then click “OK”.
  3. Repeat this for each user and / or site you want to grant remote access to.
  4. Note that (at least if you are using Windows accounts) you need to grant “Full Access” in the file system to the folders that contain the websites you are granting remote access to.  I tried this first with only “Modify” permission but that generated errors.

Next I configured the remote service delegation rules for my site.  These rules allow you to control exactly what access you want your remote users to have (things like create applications, deploy content, deploy databases, set ACL’s, etc.):

  1. Select the server level node in the navigation tree and double-click the “Management Service Delegation” icon.
  2. Click on the “Add Rule…” link on the right.  You can now choose from some pre-configured templates or choose a blank rule to start from scratch.
  3. The templates I added were Deploy Applications with Content and Set Permissions for Applications.  I didn’t add the Deploy Databases template at this time because my database has already been deployed.
  4. Note that for the Set Permissions for Applications template you will need to supply a local account for this delegation service to run under. I created a Windows user account for this.  Note that whatever account you choose here will need the following file system permissions (ACLs):
    Path Permission
    %windows dir%\System32\inetsrv\config Read
    %windows dir%\System32\inetsrv\config\applicationHost.config Modify

At this point I attempted to test my configuration locally on the server using the following process:

  1. Right-click on “Start Page” in the navigation tree and select “Connect to a Site…”.
  2. For the server name use “localhost” and for the site name use a site you granted a user remote access to. 
  3. On the next page enter the username and password of a user who was granted remote access to the site.
  4. On the final page enter a name for the connection and press “Finish”.
  5. Select the new node that will now appear in the navigation tree for the site you specified in step 2 and click on “Export Application…” on the right.
  6. You can use the defaults in the wizard that appears, you are simply verifying that WMS and MSDeploy are configured properly on the server.
  7. After exporting the application, try importing it (select “Import Application…” on the right).  On he parameters screen you can choose a temporary sub-folder to import the application to (again, you are just making sure everything works) and then delete it after it is imported.

If the import and export worked without any errors then MSDeploy is correctly configured.  At this point you will have to enable port 8172 through any firewalls you have on the server.

One note:  After configuring IIS with the above process, when attempting to test the application import, I kept getting http 404 “Not Found” errors.  To fix this I had to navigate to the Management Service page at the server root, stop the service, add an “Allow” restriction for, and restart the service.  At this point I received a 500 “Server Error” so I stopped the service, removed the restriction, and restarted the service.  After all this the test worked.  I am not sure what this process changed that caused the test to work, however…

That’s all there is to configuring IIS 7 for remote deployment / 1-click deployment.  Next time I will look at the client configuration inside Visual Studio 2010.

Tags: , ,


Comments (4)

Stephen Dougherty
Stephen Dougherty United Kingdom
4/13/2010 6:55:51 AM #

Great post! Worked a treat for me.

One thing to add though is that I had to do some digging around to get the Management Service Delegation icon to appear. Finally enabled it by hitting change in programs and features under web deployment tool. It seems it is not enabled by default or wasn't with my configuration.


William United States
4/13/2010 7:37:09 AM #

@Stephen: Yes, I had the same issue when doing a subsequent installation on IIS7 at work.  I think the issue arises when you install MSDeploy before you install the Web Management Service -- when done in this order the MSDeploy installer doesn't give you the option to install the delegation support.

Thanks for you comment!

Bilbo Australia
8/25/2010 8:58:17 PM #

Why not just deploy via FTP? Seems to me like Microsoft love to create configuration hell...There's got to be a better way! I feel like I am going to cause my self hours of tracking down bugs this way....need to keep things simple...Frown It feels impossible...

I might add tho that this is a really helpful blog post Smile Thank you.

Martin Norway
9/6/2010 1:06:16 PM #

I also had problems setting this up, but I found out that I was running different versions of the MSDeploy on my dev box and my server. Everything worked out perfectly when I installed the latest version on both computers.

Add comment

  Country flag
CaptchaSpeak Captcha
  • Comment
  • Preview

Who is William?

William Jerla
William Jerla is the Director of Application Development at DiscoverTec, a Web Design and IT Services firm located in Jacksonville, Florida.
William is a Microsoft Certified Technology Specialist in ASP.Net 3.5 Web Applications.

Recent Posts