1

我正在尝试使用 TFS(都运行更新 2)将部署代理连接到我的发布管理服务器。

发布管理服务器位于测试环境服务器的网络之外。可以通过 HTTP 访问它。测试环境在代理后面运行。我更改了配置文件的配置,以确保通过代理进行连接,添加以下内容:

<system.net>
    <defaultProxy enabled="true" 
                  useDefaultCredentials="true">       
                  <proxy usesystemdefault="True"
                         bypassonlocal="True"/>
  </defaultProxy>
</system.net>

我正在使用影子帐户将部署代理连接到发布管理服务器。

当我运行部署代理配置向导时,一切都成功了。日志文件显示没有错误。但是,在 Release Management Client 中扫描新服务器时,该服务器不显示。

我已将日志记录更改为详细,并在部署代理日志文件中找到以下信息:

9/3/2014 1:07:37 PM - Information - (3036, 5676) - Service is running under identity: <MACHINENAME>\<USERNAME>
9/3/2014 1:07:37 PM - Information - (3036, 5676) - Deployer service is starting.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - HeartBeat: Sending HeartBeat
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - HeartBeat: Starting Configuration Tests.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Information - (3036, 5676) - HeartBeat: Communication Tests terminated. Results are: 
 Test 1 of 7 failed:
Communication with the Deployment Controller Web Service was not successful. The error received is: Object reference not set to an instance of an object.
Test 2 of 7 failed:
Communication with the database through the Deployment Controller Web Service was not successful. The error received during the test is: Object reference not set to an instance of an object.
Test 3 of 7 failed:
The account running this Windows Service is not a valid user in the Release Management Server. Please add the user and try again. For cross-domain scenarios using Shadow Accounts, add the local Shadow Account user to the Release Management Server. The error received during the test is: Root element is missing.
Test 5 of 7 failed:
Root element is missing.
Test 6 of 7 failed:
Root element is missing.
Test 7 of 7 failed:
The Deployer user (<MACHINENAME>\<USERNAME>) does not have access to the crypto store. On the server where the deployment agent is installed, navigate to this folder %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys and give read/write access to <MACHINENAME>\<USERNAME>.

9/3/2014 1:07:37 PM - Information - (3036, 5676) - HeartBeat: HeartBeat timer is started.
9/3/2014 1:07:37 PM - Error - (3036, 5676) - Object already exists.
: \r\n\r\n   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at Microsoft.TeamFoundation.Release.Data.Helpers.CryptoHelper.GenerateKeySet(String containerName)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.DeploymentEventFetcherBase..ctor(Double interval, String dnsName, String serverIpAddress, Action`3 deploymentProcessor, String cryptoContainerName)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.DeploymentEventFetcher..ctor(Double interval, String dnsName, String serverIpAddress, Action`3 deploymentProcessor)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.DeploymentEventFetcher..ctor(Double interval)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Service.OnStart(String[] args)
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Error - (3036, 5676) - Object reference not set to an instance of an object.: \r\n\r\n   at Microsoft.TeamFoundation.Release.Data.Model.SystemSettings.LoadXml(Int32 id)
   at Microsoft.TeamFoundation.Release.Data.Model.ModelFactory.Load[T](Int32 id)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.HeartBeat.SetNewInterval()
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.HeartBeat.TimerElapsed(Object sender, ElapsedEventArgs e)
9/3/2014 1:08:04 PM - Information - (3036, 5840) - Deployer service is stopped.

日志文件显示所有通信检查均失败。出了什么问题?

更新

从 MachineKeys 文件夹中删除密钥 f92439b4a629bc3a41a69e308c... 后,权限错误消失。但是,我的部署代理仍然无法连接到服务器。这是日志文件显示的内容:

9/8/2014 8:37:40 AM - Information - (2712, 292) - Service is running under identity: <machinename>\<username>
9/8/2014 8:37:40 AM - Information - (2712, 292) - Deployer service is starting.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - HeartBeat: Sending HeartBeat
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - HeartBeat: Starting Configuration Tests.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Information - (2712, 292) - HeartBeat: Communication Tests terminated. Results are: 
 Test 1 of 7 failed:
Communication with the Deployment Controller Web Service was not successful. The error received is: Object reference not set to an instance of an object.
Test 2 of 7 failed:
Communication with the database through the Deployment Controller Web Service was not successful. The error received during the test is: Object reference not set to an instance of an object.
Test 3 of 7 failed:
The account running this Windows Service is not a valid user in the Release Management Server. Please add the user and try again. For cross-domain scenarios using Shadow Accounts, add the local Shadow Account user to the Release Management Server. The error received during the test is: Root element is missing.
Test 5 of 7 failed:
Root element is missing.
Test 6 of 7 failed:
Root element is missing.

9/8/2014 8:37:40 AM - Information - (2712, 292) - HeartBeat: HeartBeat timer is started.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Information - (2712, 292) - Deployment: Deployment Event Fetcher timer is started.
9/8/2014 8:37:40 AM - Information - (2712, 292) - Cleanup: Cleanup Service timer is started.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Error - (2712, 292) - Object reference not set to an instance of an object.: \r\n\r\n   at Microsoft.TeamFoundation.Release.Data.Model.SystemSettings.LoadXml(Int32 id)
   at Microsoft.TeamFoundation.Release.Data.Model.ModelFactory.Load[T](Int32 id)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.HeartBeat.SetNewInterval()
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.HeartBeat.TimerElapsed(Object sender, ElapsedEventArgs e)

我创建了影子帐户,当我在 Azure 虚拟机上安装代理并使用与在此方案中使用的相同凭据时,此设置正在运行。我想这个问题与客户站点的代理配置有关。

4

3 回答 3

1

要解决此问题,您需要确保用于配置发布管理服务器的凭据对 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys 具有修改权限。您可能必须先获得该文件夹中某些文件的所有权,然后才能授予自己修改权限。

它对我有用

大家好, 快速更新我找到了问题的解决方案。它与 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys 中的加密文件有关。您需要在 MachineKeys 中专门选择 Release Management 使用的文件,并对用于 RM 的帐户的该文件应用完全权限。如果您在文件夹级别执行此操作,即使您也告诉它,它也不会递归地应用权限。相信 SYSTEM 帐户对 MachineKeys 中的文件没有权限,因此当您尝试在文件夹级别更改权限时,它无法在此过程中访问这些文件,除非您单独手动覆盖文件的安全设置。希望这对某人有所帮助,因为这让我发疯了!

于 2017-03-03T20:20:11.257 回答
0

我不能代表发布管理代理,但任何遇到此错误的人都需要了解它与加密以及MachineKeys文件夹的权限和所有权有关 - 与此 RM 本身无关 - 因为尝试使用 RM 并不是唯一的可能导致此错误发生的事情,从这些方式中表现出的相同问题也证明了这一点:

http://www.pettijohn.com/2010/05/cryptographicexception-during.html

https://social.msdn.microsoft.com/Forums/en-US/af5fec51-2e2d-4993-b383-a963bb941a95/rsacryptoserviceprovider-and-usemachinekeystore-gives-object-already-exists?forum=clr

RSACryptoServiceProvider如果权限/所有权设置不正确, 只需尝试运行任何调用 的代码都会给出相同的错误 - 默认情况下不是这样:

设置的位置可以在几个不同的地方,具体取决于系统:

Windows 7:(
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys 仅在此处调整,对我有用)

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys(user3137856的贡献)

视窗 2000:
C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Crypto\RSA\MachineKeys

您将以管理员身份导航到该文件夹​​,以向您想要的组授予所有权和权限。该组将取决于您是否只需要管理员运行您的应用程序,这意味着您需要本地、计算机级Administrators组或所有用户,在这种情况下,您需要域级Everyone组。

您选择的任何一个组都需要对文件夹具有所有权和完全控制权,还需要对其中的文件拥有所有权和完全控制权。它需要从上面向下传播。

因此,您必须将文件夹的所有权设置为这两个组之一,但在设置所有者时选择“替换子容器和对象的所有者”。这使得其中的文件也具有正确的所有权。

然后,当您应用权限时,右键单击文件夹,选择属性 > 安全选项卡 > 高级按钮 > 更改权限按钮 > 选择组,选择“将所有子权限替换为此对象的可继承权限”,然后单击编辑。然后选中每个“允许”复选框,在每个对话框上单击“确定”。这会将权限应用于文件夹和其中的文件。

于 2017-03-07T22:12:33.987 回答
-1

我关于同一主题的文章http://www.msdevtips.com/2014/07/untrusted-domain-connectivity-in.html 。验证每个 stpes 并确保您已正确配置影子帐户。我确实从本地服务器发布到 Azure VM。

于 2014-09-12T09:20:55.273 回答