19

I am using msdeploy to push out website code to 4 different servers (test and production servers). Works fine on the first 3, but the 4th is giving me an ERROR_CERTIFICATE_VALIDATION_FAILED error. I am using the -allowUntrusted option.

"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -verb:sync -source:iisApp="E:\workspace\testDeploy\outproject\_PublishedWebsites\<webfolder>" -dest:iisApp="mycompany.com",ComputerName="https://<hostip>:8172/MsDeploy.axd",UserName="<userid>",Password="****",AuthType="Basic" -allowUntrusted -enableRule:AppOffline -skip:objectName=filePath,absolutePath="^.*<webfolder>\\web.*\.config$|^.*mycompany\.com\\web.*\.config"

Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED
More Infenter code hereormation: Connected to the remote computer ("<hostip>") using the specified process ("Web Management Service"), but could not verify the server's certificate. If you trust the server, connect again and allow untrusted certificates.  Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.
Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Error: The remote certificate is invalid according to the validation procedure.

Any idea what I am missing?

VingInMedina
  • 713
  • 1
  • 6
  • 16

8 Answers8

33

Adding <AllowUntrustedCertificate>True</AllowUntrustedCertificate> to my pubxml file seemed to fix the problem initially.

Upon re-publishing days later though, I got the same error. I went into the Publish Settings, re-entered my password and the publish succeeded.

I'm now thinking my initial problem was solved by re-entering my password, not by adding <AllowUntrustedCertificate>True</AllowUntrustedCertificate>.

Publish Screen

spottedmahn
  • 14,823
  • 13
  • 108
  • 178
  • 1
    I believe this is the correct workaround to what appears to be a bug in the publisher. No need to allow untrusted certificates as you say. – pcdev Aug 14 '17 at 05:33
  • I can't use the 'Report a Problem' feature in VS from the env where this happens. It would be great if someone could so hopefully MSFT will address it. – spottedmahn Aug 14 '17 at 14:19
  • [Web Deploy - could not verify server's certificate](https://developercommunity.visualstudio.com/content/problem/64779/web-deploy-could-not-verify-servers-certificate.html) – spottedmahn Aug 24 '17 at 18:55
  • 2nd Dev Community Problem Report: [Publish Web App -> could not verify the server’s certificate](https://developercommunity.visualstudio.com/content/problem/504914/publish-web-app-could-not-verify-the-servers-certi.html). They say it was fixed in 15.5 but I still have the problem in 16.1.0 Preview 3 . – spottedmahn May 13 '19 at 15:54
13

-allowUntrusted did not worked for me.

I used this:

/p:AllowUntrustedCertificate=True
Christian Rios
  • 417
  • 5
  • 15
13

Adding this solution as none of the others worked for me...

I had to add these lines to publish profile:

<UseMSDeployExe>True</UseMSDeployExe>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>

After adding those, publish still failed. Then I opened the publish profile settings, clicked validate connection, and saved. Only then did publish succeed.

drewmerk
  • 332
  • 4
  • 10
9

I fixed this by going into the publish settings, then clicking "Validate Connection" at the bottom. Then this error goes away.

ScottG
  • 10,711
  • 25
  • 82
  • 111
  • 1
    This is how I fixed the issue for myself. After clicking "validate", a dialog came up that asked me if I trusted the server certificate, and I said yes. – carlin.scott Aug 24 '20 at 19:15
7

The problem was with the password for the user on the destination system.

I saw on another post that someone moved the -allowUntrusted flag before the -dest entry. I tried that and I started getting a ERROR_USER_UNAUTHORIZED message. Everything was correct with the password as it was entered, but it started with an * character and also had a single quote in it. I generated a new password for the user that didn't use those special characters and changed it on the remote system. After that, everything worked fine.

I was able to run the command as shown in the initial post without any error.

If you are getting a ERROR_CERTIFICATE_VALIDATION_FAILED or ERROR_USER_UNAUTHORIZED and everything is set up properly, try changing the password assigned to the user on the destination system. It would seem that some passwords just won't work.

the Tin Man
  • 158,662
  • 42
  • 215
  • 303
VingInMedina
  • 713
  • 1
  • 6
  • 16
  • If you edit publish then press "Validate Connection" then you will be prompted to receive a certificate from the server. After receiving the certificate you will be able to publish without error – Golden Lion Aug 06 '20 at 15:32
2

Another Potential Solution - Deploying Web Jobs specifically

I know this is an old post, but I ran into this issue with VS 2019 when deploying my Azure Web Jobs. None of the above worked for me. What did end up working was re-authenticating using the tooling after updating the publishing profile. The way I resolved it was by right clicking the solution and selecting "Publish as Azure Webjob.." Even after creating a new publishing profile it still failed. I then added the following my publishing profile.

<_DestinationType>AzureWebSite</_DestinationType>    
<UseMSDeployExe>True</UseMSDeployExe>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>

I tried publishing it again and it failed. Then I re-authenticated by clicking the edit password link shown below.

VS2019 Publish Tooling

When you do, you'll see the following screen. Click on the "Attempt to retrieve credentials from Azure" link.

VS2019 Publish Tooling Retrieve Creds from Azure

Don't forget to hit the save button at the bottom after retrieving the creds from Azure. Once you do, go back and try publishing again. It should work just fine.

NOTE: If you just pulled down/created your publishing profile for the first time, do not click the edit button under the name of the Publishing profile and validate the connection that way as shown below.

Validate Connection using VS2019 Publishing Tooling

If you do, it may remove the username/password from the UI for the publishing tooling shown in my first image above. If it disappears, you need to start this process all over again by deleting your profile, creating a new one and finally following the steps above in order. I don't know why it does this, but just something I noticed.

nraduka
  • 129
  • 2
  • 7
1

I notice you used the IP address for the deployment server:

-dest:iisApp="mycompany.com",ComputerName="https://<hostip>:8172/MsDeploy.axd"

This caused the certificate validation error for me because the SSL certificate was issued for the domain name, not the IP address. Changing to domain name instead of IP address fixed it.

Doug
  • 2,400
  • 2
  • 18
  • 24
0

Just want to add my 50 cents and my solution so it may help someone else. what i did yo solve this is to use remote desktop to connect to the host machine and when asked to accept the machine certificate ( after input login and password ) i marked remember this at the bottom. hope this help someone

Liran
  • 591
  • 3
  • 13