search

BTDF / DeploymentFramework

The Deployment Framework for BizTalk is the most powerful and customizable, yet easy-to-use toolkit for deploying and configuring your BizTalk solutions.
MIT License
53 stars 24 forks source link

Deploy SSO issue #339

Closed tfabraham closed 6 years ago

tfabraham commented 6 years ago

I'm attempting to deploy SSO settings as per documentation. However I get this error in the output window in Visual Studio on deploy:- DeploySSO: ... Error persisting to SSO: System.Runtime.InteropServices.COMException (0xC0002A22): The account name is not valid or does not exist. See the event log (on computer 'xxxxxxxx') for more details. at Microsoft.BizTalk.SSOClient.Interop.ISSOConfigStore.SetConfigInfo(String applicationName, String identifier, IPropertyBag properties) at SSOSettingsFileManager.SettingsFileImport.SaveSettingsToSSO(String affiliateAppName, settings inSettings, String userGroupName, String adminGroupName) at SSOSettingsFileManager.SettingsFileImport.Main(String[] args)

C:\Program Files (x86)\MSBuild\DeploymentFrameworkForBizTalk\5.0\BizTalkDeploymentFramework.targets(1691,5): error MSB3073: The command ""C:\Program Files (x86)\Deployment Framework for BizTalk\5.1\Framework\DeployTools\SSOSettingsFileImport.exe" "......" /settingsFile:"xxxxx\Deployment\EnvironmentSettings\Exported_LocalSettings.xml" /userGroupName:"BizTalk Application Users" /adminGroupName:"BizTalk Server Administrators"" exited with code -1. [xxxxxxx\Deployment\Deployment.btdfproj] Done Building Project "xxxxx\Deployment\Deployment.btdfproj" (Deploy target(s)) -- FAILED. Build FAILED. Looking at the event log it seems despite the SettingsFileGenerator.xml file being read correctly and the following xml being set

The event log shows evidence of the wrong user name being used by BTDF when attempting to configure SSO. The user name appears to be a guid and the domain appears to be a placeholder. I am deploying locally so the domain should be the machine name if anything.

I've blanked out real user names and machine names but there are 3 errors in the event log:- SSO AUDIT Function: SetConfigInfo Tracking ID: bf099635-4464-4b79-87f4-9f1aa5b0e97d Client Computer: xxxxxxxxxxxxxxxxxxxxxxx (SSOSettingsFileImport.exe:8872) Client User: xxxxxxxxxxxxxxxxxxxxxxx Application Name: xxxxxxxxxxxxxxxxxxxxxxx Error Code: 0xC0002A1C, The account name is not valid or does not exist.

A mapping could not be created because the specified user is not a member of the Application Users account.

Domain Name: $ConfigStore$ User Name: {56D74464-67EA-464d-A9D4-3EBBA4090010} Application Name: xxxxxxxxxxxxxxxxxxxxxxx Application Users: BizTalk Server Administrators Error Code: 0xC0002A1C, The account name is not valid or does not exist.

Check group membership failed. Group Name: BizTalk Server Administrators Account Name: $ConfigStore${56D74464-67EA-464d-A9D4-3EBBA4090010} Additional Data: 533 Error Code: 0xC0002A1C, The account name is not valid or does not exist.

It seems that BTDF is not populating the account name properly but I'm stumped why.

Any ideas?

Ralph

This work item was migrated from CodePlex

CodePlex work item ID: '10637' Vote count: '1'

tfabraham commented 6 years ago

[tfabraham@5/29/2014] The group names being passed to SSO are: /userGroupName:"BizTalk Application Users" /adminGroupName:"BizTalk Server Administrators". Are those correct or incorrect? They are not domain-qualified. Are you doing the deploy through Visual Studio or an MSI? You can look in your EnvironmentSettings folder at the generated XML files and see if the correct group names are present.

tfabraham commented 6 years ago

[ralphweedon@5/30/2014] Yes those are correct. I am deploying locally and these are the correct groups.

I am currently deploying locally via Visual Studio. For other environments (shared dev, test, production) I will be using an MSI.

I have checked the generated XML files and the group names are correct.

The issue is that despite the correct groups being set a placeholder domain $ConfigStore$ and a guid based user name is used instead during the deployment. e.g. "$ConfigStore${56D74464-67EA-464d-A9D4-3EBBA4090010}", which obviously is an invalid user name? Or do you think the exception text is misleading?

tfabraham commented 6 years ago

[tfabraham@5/30/2014] I suspect it has something to do with your BizTalk configuration, because the Deployment Framework is issuing the correct command (from your log output):

"C:\Program Files (x86)\Deployment Framework for BizTalk\5.1\Framework\DeployTools\SSOSettingsFileImport.exe" "MyAppName" /settingsFile:"MyProject\Deployment\EnvironmentSettings\Exported_LocalSettings.xml" /userGroupName:"BizTalk Application Users" /adminGroupName:"BizTalk Server Administrators"

The proper group names are being passed yet SSO is still complaining about "the specified user is not a member of the Application Users account" and showing the GUID as an account name. I assume that you are running VS "as Administrator" or you'd have more problems.

Are you sure that your own user account is in the local BizTalk Application Users and SSO Affiliate/Administrators groups? Have you changed any accounts that BizTalk uses lately? Any changes to your own account?

tfabraham commented 6 years ago

[ralphweedon@5/30/2014] I'm a domain admin on this machine. I will try running Visual Studio as Administrator and see if that helps...

... just tried deploying in Visual Studio, running as administrator - same errors.

I've double checked whether my account is in the [machine name]\Biztalk Server Administrators and [machine name]\Biztalk Application Users groups and it is.

I should note that when I first got this I was using BTDF 5.0.

On deploying I got an error that (from memory parameter s was null in the msbuild\BizTalkDeploymentFramework.targets file - I think line 1689 in the 5.0 version.

These lines were causing the parameter s null problem:-

<!-- Make sure we can always access our project (and install path) at run time -->
<UpdateSSOConfigItem BizTalkAppName="$(BizTalkAppName)" SSOItemName="ProjectPath" SSOItemValue="$(MSBuildProjectDirectoryParent)" />
    <UpdateSSOConfigItem BizTalkAppName="$(BizTalkAppName)" SSOItemName="SourceSettingsFile" SSOItemValue="$(SettingsFilePath)" />

The only way to work round that error I found was to manually create an SSO App first in ENT SSO. If the app was already in existence then these UpdateSSOConfigItem calls did not fail during deploy.

However it seems that creating the app manually in the first place was the cause of the problems I've posted above:-

I have now upgraded to BTDF 5.5 and deleted the manually created SSO affiliate application (which did have the correct name and accounts).

On deploying from Visual Studio, I can now deploy without SSO deployment errors. (I just have a bounce error at the end). Thanks for looking into the issue and replying so quickly.

tfabraham commented 6 years ago

[tfabraham@5/30/2014] Great, glad to hear that you found a solution!

tfabraham commented 6 years ago

[UnknownUser@5/30/2014]

tfabraham commented 6 years ago

Issue closed by tfabraham with comment User found issue, not an issue with the Deployment Framework

Reason closed Not BTDF