asp.net MSDeployEnableWebConfigEncryptRule fail to encrypt web.config

3
votes

I have added <MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule> to .pubxml file in order to encrypt web config file. However, when publishing, i got the following error. I do not know whether there is extra setting needed in the web.config file other than inserting <MSDeployEnableWebConfigEncryptRule>true</MSDeployEnableWebConfigEncryptRule> in .pubxml

Error: Web deployment task failed.(Fail to encrypt destination web.config. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG.)

Note: #ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG does not appears anywhere on the given link.

How could i resolve this error? (note: i do not wish to pre-encrypt the web.config file locally before publishing it)

2
c#asp.netasp.net-mvcasp.net-mvc-4
I too have this same problem.Rhys Stephens

2 Answers

2
votes

The problem seem to be that MSDeployEnableWebConfigEncryptRule doesn't work with MVC project that have multiple web.config files. Typically MVC project has Views/Web.Config file. This seems like a bug with MSDeploy.
My Workaround is to have a post deployment powershell script to perform same command on the destination server. See http://www.iis.net/learn/publish/using-web-deploy/web-deploy-powershell-cmdlets

Powershell Script Sample:

    Add-PSSnapin WDeploySnapin3.0
    $cmd = '%windir%\Microsoft.NET\Framework\v4.0.30319\ASPNET_REGIIS.exe -{0} {1} "{2}"' -f 'pef', 'connectionStrings', $destinationFolder
    New-WDPublishSettings -UserId $UserName -Password $Password -ComputerName $destination -AllowUntrusted -FileName server.publishsettings -AgentType MSDepSvc -Site $Website
    Invoke-WDCommand -Command $cmd  -DestinationPublishSettings server -Verbose
1
votes

I was getting this same message too. I looked in the Web Deployment logs in the Event Viewer > Microsoft Web Deploy. The Exception it was giving me was:

ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG Microsoft.Web.Deployment.DeploymentDetailedClientServerException: Failed to encrypt destination web.config: .... Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG. ---> System.Security.Cryptography.CryptographicException: Object already exists.

Googling this led me to this answer from "Just TFS": Release Management Agent not connecting

Which said "The Deployer user (\) does not have access to the crypto store. On the server where the deployment agent is installed, navigate to this folder %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys and give read/write access to \. – Just TFS Sep 3 '14 at 12:08"

So I attempted to give my MS Deployer user account read/write to that MachineKeys folder but it denied me access to do so. I ended up adding the deployer user account as a local Administrator and that did the trick.

Was able to deploy with it encrypting the web.config file successfully to the server.