62

I have problem with MsDeploy to publish my website to remote IIS from Visual Studio.

I encountered the following error:

Microsoft.Web.Delegation.DeploymentAuthorizationException: Not able to log on the user '.\WDeployConfigWriter'. ---> System.Runtime.InteropServices.COMException: The user name or password is incorrect. (Exception from HRESULT: 0x8007052E) --- End of inner exception stack trace --- at Microsoft.Web.Deployment.LogonUserHandle.LogonUser(String userName, String domain, String password)

I tried to change WDeployConfigWriter's password in Local Users and Groups (lusrmgr.msc). Then, I open Management Service Delegation. I try to set credentials in edit rule for WDeployConfigWriter page and it's always fail with message "The spesified password is invalid. Type a new password".

I am working in Windows Server 2012.

Any help would be appreciate. Thanks!

Iswanto San
  • 17,245
  • 11
  • 56
  • 77
  • Possible duplicate of [Web deployment task build failed](http://stackoverflow.com/questions/6939150/web-deployment-task-build-failed) – avs099 Dec 22 '15 at 13:56

8 Answers8

107

I had this too but with a slightly different detail

Not able to log on the user '.\WDeployConfigWriter'. 
Logon failure: the specified account password has expired.

Full credit to this blog, the problem is that the Web Deploy installer creates users with expiring passwords that are used to elevate permissions during deployment. The fix is to:

  1. Use server manager on the accounts WDeployAdmin and WDeployConfigWriter to
    • reset the password
    • check password never expires
    • uncheck user must change password next logon
  2. Use IIS -> Management Service Delegation to reset the passwords for the rules where those accounts have been configured to elevate to a specific user
  3. Fixed!
fiat
  • 13,753
  • 6
  • 72
  • 94
  • 1
    In the IIS7.5 management console I then also had to go to the Server\Management Service Delegation and reset the password for all the rules with the User names WDeployConfigWriter or WDeployAdmin – Clint Oct 28 '14 at 04:23
  • 13
    It isn't always necessary to reset the password or modify anything in IIS. I am able to just check password never expires, and went to IIS and restarted the management service. – Bon Aug 12 '15 at 20:04
  • @Bon works in Server 2016. Still don't understand how it is possible for the management console to set itself up like this. Note: To restart click the server in IIS then select Management > Management Service > Restart – Simon_Weaver May 08 '17 at 19:51
  • This answer saved me. :) – Farb Jun 28 '18 at 05:12
  • 1
    Just wanted to note that in my instance, I was able to repair Microsoft Web Deploy from Programs and Features, which seemed to fix the issue. Then I just went into Computer Management and checked the "password never expires" box. – user949286 May 13 '19 at 22:49
  • I had the "Password never expires" option configured (I always do, when I setup Web Deploy), but somehow it managed to still run into this issue on one server recently. Very useful answer. – marsze Jan 20 '21 at 15:10
54

The easiest fix to this problem is:

  • Computer Management ->Local Users And Groups -> Users
  • Right click -> properties on WDeployAdmin
  • Uncheck "User must changed password at next logon
  • Check "Password never expires"
  • Do the same for WDeployConfigWriter
  • Done!

Similar to @fiat solution, but you don't really need to change the password.

randoms
  • 2,713
  • 1
  • 29
  • 46
13

Here are simple CMD commands:

WMIC USERACCOUNT WHERE "Name='WDeployConfigWriter'" SET PasswordExpires=FALSE
WMIC USERACCOUNT WHERE "Name='WDeployAdmin'" SET PasswordExpires=FALSE

It will set deploy users passwords to never expire

Gh61
  • 7,760
  • 4
  • 23
  • 35
1

The WDeploy* users are not intended to be used directly as part of your deployment process. Instead, they are used to implicitly elevate permissions in order to perform specific tasks (modifying IIS for WDeployConfigWriter, and GAC installations among others for WDeployAdmin).

I'd recommend creating a non-admin user specifically for your website. You can find the instructions for doing so at Installing and Configuring Web Deploy on iis.net. If you continue to have problems with the WDeployConfigWriter user, you're probably best off uninstalling Web Deploy and starting again.

Richard Szalay
  • 78,647
  • 19
  • 169
  • 223
  • 2
    This issue arises even if you use a specific non-admin local account for web deployment. The error was initially stating that my specific account was expired, even though it had 'password never expires'checked. Resetting the password didn't change anything, so I started with a fresh account and then I got the same exact message the OP listed. My guess is the Publish functionality is dependent on this account for tracing. This was also in the log: "A tracing deployment agent exception occurred that was propagated to the client....Not able to log on the user '.\WDeployConfigWriter'" – Bill Jul 17 '14 at 18:34
0

I had the same problem trying to changes the passwords in Management Service Delegation and it did not fix the problem. It turns out that I had to change the WDeployConfigWriter to a different user(ie Admin) change it back and then the password changes only took effect

Anton Oosthuizen
  • 11
  • 1
0

I had the same problem with Visual Studio 2017 with a different error message. The solution is also uncheck (WDeployConfigWriter) "User must changed password at next logon"

Publish failed
Publish has encountered an error.
Publish failed due to build errors. Check the error list for more details.

A diagnostic log has been written to the following location:
"C:\User\MyUser\AppData\Local\Temp\tmpXXXX.tmp"

The content of the log file

06.04.2018 19:56:13
System.AggregateException: One or more errors occurred. ---> System.Exception: Publish failed due to build errors. Check the error list for more details.
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Web.Publish.PublishService.VsWebProjectPublish.<>c__DisplayClass40_0.<PublishAsync>b__2()
   at System.Threading.Tasks.Task`1.InnerInvoke()
   at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.VisualStudio.ApplicationCapabilities.Publish.ViewModel.ProfileSelectorViewModel.<RunPublishTaskAsync>d__108.MoveNext()
---> (Inner Exception #0) System.Exception: Publish failed due to build errors. Check the error list for more details.<---

===================
live2
  • 2,620
  • 2
  • 25
  • 35
0

In my case, I got this error because either WDeployConfigWriter nor WDeployAdmin had been created during the installation of WebDeploy (3.6 / 4.) even if the installation ran through successfully.

Found out, that the servers rule for password complexity was more restricting that the generated one with the script in C:\Program Files\IIS\Microsoft Web Deploy V3\Scripts\AddDelegationRules.ps1 didn't meet the requirements. So I edited GenerateStrongPassword() in the PowerShell file and run it. The users then have been created successfully.

martinoss
  • 4,390
  • 2
  • 39
  • 47
0

There is some cases where setting "Password never expires" not is enough. Reinstalling webdeploy will fix the issue.

The other way to fix this is to set new passwords for the users WDeployAdmin and WDeployConfigWriter. User management

The next step is to set the new passwords in IIS > Management Service Delegation for those users. Management Service Delegation

Pär Sandgren
  • 11
  • 3