Visual Studio 2013 年发布管理 - 部署代理 "Unknown username or bad password"
Release Management for Visual Studio 2013 - Deployment Agent "Unknown username or bad password"
我们在 Visual Studio 2013 年使用 Release Management,部署在 DEV、QA 和 Staging 服务器中运行顺利,它们都与 RM/Build 服务器位于同一域中。
尝试在 RM 服务器域之外的服务器上设置生产部署代理并遇到问题。
本地 "shadow" 帐户已在 RM 服务器和生产服务器上创建,两者具有相同的 username/password。部署代理已安装在生产服务器上,并且使用“./shadow_user”格式的用户名设置成功。
Release Management 客户端未显示生产服务器,RM 服务器上的事件查看器显示来自部署代理的大量安全审核失败。失败详细信息显示域的生产服务器名称而不是 RM 服务器名称(模拟失败)。具体消息为:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: shadow_User
Account Domain: PROD-SVR
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: PROD-SVR
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested
有什么解决这个问题的建议吗?
我们试过Windows凭据管理器,使用 RM 服务器影子帐户凭据,但没有区别。
而不是使用影子帐户方法。使用支持标准部署(无代理)的 VNext 版本,它将使用 WINRM 端口进行通信,唯一的要求是让机器在同一网络中。
解决方案是在生产服务器上使用影子帐户登录并将凭据添加到凭据管理器。之前使用不同的帐户登录,并且部署代理没有在其他凭据管理器实例中看到条目。
我们在 Visual Studio 2013 年使用 Release Management,部署在 DEV、QA 和 Staging 服务器中运行顺利,它们都与 RM/Build 服务器位于同一域中。
尝试在 RM 服务器域之外的服务器上设置生产部署代理并遇到问题。
本地 "shadow" 帐户已在 RM 服务器和生产服务器上创建,两者具有相同的 username/password。部署代理已安装在生产服务器上,并且使用“./shadow_user”格式的用户名设置成功。
Release Management 客户端未显示生产服务器,RM 服务器上的事件查看器显示来自部署代理的大量安全审核失败。失败详细信息显示域的生产服务器名称而不是 RM 服务器名称(模拟失败)。具体消息为:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: shadow_User
Account Domain: PROD-SVR
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: PROD-SVR
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested
有什么解决这个问题的建议吗?
我们试过Windows凭据管理器,使用 RM 服务器影子帐户凭据,但没有区别。
而不是使用影子帐户方法。使用支持标准部署(无代理)的 VNext 版本,它将使用 WINRM 端口进行通信,唯一的要求是让机器在同一网络中。
解决方案是在生产服务器上使用影子帐户登录并将凭据添加到凭据管理器。之前使用不同的帐户登录,并且部署代理没有在其他凭据管理器实例中看到条目。