Fix: Release Management WebDeploy Deployment Fails: Access Denied

If you’re using WebDeploy and Release Management (as you should to release Web Applications) you may hit the following error: Info: Adding sitemanifest (sitemanifest).
Info: Creating application (Default Web Site/MyWebsite)
Error: An error occurred when reading the IIS Configuration File 'MACHINE/REDIRECTION'. The identity performing the operation was 'DOMAIN\tfsservice'.
Error: Filename: \\?\C:\Windows\system32\inetsrv\config\redirection.config
Error: Cannot read configuration file due to insufficient permissions

Seems that the WebDeploy command can’t access some files in c:\Windows\system32\inetsrv. It may be the irmsdeploy.exe MSDeploy wrapper that I’m using for doing WebDeploy in Release Management (see my post about how to do this), since logging into the machine and running the webdeploy.cmd file manually works just fine.

The Resolution

You have to add permissions for the release management agent identity to the folder, but this is a folder who’s owner identity is TrustedInstaller – meaning you have to change the owner to yourself first.

  • Right click the insetsrv folder in c:\windows\system32 and select Properties.
  • Click on the Security tab and click the “Advanced” button: image
  • Click on the owner tab and then on the Edit button: image
  • Select yourself (I logged in as TfsSetup which is in the local admin group on this machine), check “Replace owner on subcontainers and objects” checkbox and click “OK”: image
  • Close all the dialogs and then right-click the inetsrv folder again and click Properties. Now you can allow read access to the Release Management agent identity to this folder.

Once you’ve changed the permissions, you will need to reboot the machine. After the reboot, the WebDeploy through Release Management should work without a hitch.

Happy releasing!


© 2021. All rights reserved.