locked
Mvc 5 web publishing ssl problem RRS feed

  • Question

  • User-713088183 posted

    Hello, I have problem with asp.net deployment on IIS 8.5 and web deploy 3.6, from Vistual Studio 2015. I getting this:

    ERROR_CERTIFICATE_VALIDATION_FAILED
    Could not establish trust relationship for SSL/TLS secure channel

    Ok, I said fine and try use msdeploy from console with -allowUntrusted and it works fine.
    But VS has many options to setting publish and database updating. I would like to run it with VS 2015.

    In asp.net Core I can use something like this: <AllowUntrustedCertificates>true</AllowUntrustedCertificates> and it works well too. But ONLY for MVC Core.

    here is my msdeploy.bat with working -allowUntrusted flag

    set projectPath=%1
    set msdeployDir="C:\Program Files (x86)\IIS\Microsoft Web Deploy V3"
    %msdeployDir%\msdeploy^
     -verb:sync^
     -source:contentPath=%projectPath%^
     -dest:contentPath="myapp",ComputerName="https://server:8172/MsDeploy.axd?site=myapp",UserName='iis-deploy',Password='pass',AuthType='Basic'^
     -skip:objectName=node_modules^
     -skip:objectName=bower_components^
     -skip:objectName=css^
     -allowUntrusted

    And this is my event log in IIS:

    User: iis-deploy
    Client IP: 89.190.94.194
    Content-Type: application/msdeploy
    Version: 9.0.0.0
    MSDeploy.VersionMin: 7.1.600.0
    MSDeploy.VersionMax: 9.0.1962.0
    MSDeploy.Method: Sync
    MSDeploy.RequestId: 77b24e10-33a8-4d62-9e59-7fa65ea0808d
    MSDeploy.RequestCulture: cs-CZ
    MSDeploy.RequestUICulture: cs-CZ
    ServerVersion: 9.0.1955.0
    Skip: objectName="^configProtectedData$"
    Provider: auto, Path: 
    Tracing deployment agent exception. ID: 77b24e10-33a8-4d62-9e59-7fa65ea0808d. 19. 11. 2016 10:39:46.
    System.IO.EndOfStreamException: Unable to read beyond the end of the stream.
       at System.IO.BinaryReader.FillBuffer(Int32 numBytes)
       at System.IO.BinaryReader.ReadInt16()
       at Microsoft.Web.Deployment.PackageDeserializer.GetNextEntryType()
       at Microsoft.Web.Deployment.SerializationProvider..ctor(DeploymentBaseContext baseContext, PackageDeserializer deserializer)
       at Microsoft.Web.Deployment.PackageDeserializer.GetSerializationProvider()
       at Microsoft.Web.Deployment.DeploymentAgent.HandleSync(DeploymentAgentAsyncData asyncData, Nullable`1 passId, String user, String siteName)
       at Microsoft.Web.Deployment.DeploymentAgent.HandleRequestWorker(DeploymentAgentAsyncData asyncData)
       at Microsoft.Web.Deployment.DeploymentAgent.HandleRequest(DeploymentAgentAsyncData asyncData)
    

    Is generated WMSVC cert. really untrusted? And how is possible fix it? 
    Thank you.

    Saturday, November 19, 2016 10:54 AM

All replies

  • User-460007017 posted

    Hi petaskomasek,

    Now that the problem could be fixed with allowUntrusted flag, it is obviously that the wmsvc cert is not trusted. I think the only way to resolve this problem is purchase a trust certififcate from CA or you could try to add the certificate to the trusted area in  Microsoft Management Console.

    Please take the following steps to add the certificate to trusted area:

    • Click Start, Run, type MMC, and press ENTER.
    • Click File, Add/Remove Snap-in.
    • From the list of available snap-ins, select Certficates, then click Add.
    • When prompted, select the Computer Account option, and click Next.
    • Select the computer that you want to manage, click Finish, then click OK.
    • In the MMC, under Console Root, a node called Certificates has been added for the computer that you chose. Try to add the certificate to Trusted publisher and Trusted Root Certification Authorities.

    Best Regards,

    Yuk Ding

    Monday, November 21, 2016 9:51 AM