MsBuildBootstrap.exe - MSDeployPublish target - problems with SSL

we are running MSDeployPublish target using the MSBuild runner and we have problems with conneting to the IIS Management Service over SSL. The service is published using a trusted certificate from Comodo CA.

Running msdeploy.exe (v3) from command line correctly publishes website using secure connection.

[VSMSDeploy] Starting Web deployment task from source:manifest(E:\dev.server\TeamCity\buildAgent\temp\buildTmp\WebPublish\WebPackage.SourceManifest.xml) to Destination:auto().
[19:59:40][VSMSDeploy] C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets(3847, 5): Web deployment task failed.(Could not complete the request to remote agent URL 'https://buildserver:8172/msdeploy.axd?site=Website'.)  Could not complete the request to remote agent URL 'https://buildserver:8172/msdeploy.axd?site=Website'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
[19:59:40][VSMSDeploy] Publish failed to deploy.

(I replaced the actual URL of the server with the buildserver name)

Do you have any idea why the SSL certificate is not trusted while the publishing was ran from MsBuildBootstrap.exe?
Comment actions Permalink

Hi Josef

Probably your build agent is started under other user account, and cannot access this certificate.
Please change the service account, or install the certificate for the whole system.

Comment actions Permalink

Hi Michael,
I double checked the server configuration and I tracked down the problem to intermediate CA certificate that was missing in the Computer certificate store. IIS wasn't therefore sending full certificate chain which led to problems in the Web Deploy tool, although browsers were validating the certificate correctly.


Please sign in to leave a comment.