Closed artisticcheese closed 6 years ago
jimmyca15
commented
7 years ago @artisticcheese,
In our new 1.1.1 release we improved the EXE installer to automatically download and install .NET Core to satisfy this requirement. The PowerShell script itself does not perform this action. If you are installing on a non-nano machine then the setup Exe is the way to go for installation. Are you trying to install on Nano Server?
I'll label this as a feature request for the PowerShell installation.
artisticcheese
commented
7 years ago I'm on server core inside Windows container.
artisticcheese
commented
7 years ago How do I troubleshoot installation since no debugging information is being emitted. For some reason installation fails to create SSL binding and assume the rest of the things when built under TFS Docker agent but succeeds when run on my local workstation.
PS C:\prep> Get-EventLog -LogName application -Newest 10 -InstanceId 1033
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
222 Jun 14 09:17 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft IIS Administration. Product Version: 1.1.1. Product..
210 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft .NET Core 1.1.2 - Host (x64). Product Version: 4.16..
202 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft .NET Core 1.1.2 - Host FX Resolver (x64). Product V..
198 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft .NET Core 1.1.2 - Runtime (x64). Product Version: 1..
192 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft .NET Core 1.0.5 - Host (x64). Product Version: 4.0...
184 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft .NET Core 1.0.5 - Host FX Resolver (x64). Product V..
180 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft .NET Core 1.0.5 - Runtime (x64). Product Version: 1..
171 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215..
167 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215. P..
162 Jun 14 09:16 Information MsiInstaller 1033 Windows Installer installed the product. Product Name: Microsoft ASP.NET Core Module. Product Version: 1.0.1972. Pro..
PS C:\prep> dir IIS:\SslBindings\
IP Address Port Host Name Store Sites
---------- ---- --------- ----- -----
0.0.0.0 8172 MYThe installer creates a log file in the %temp% directory.
Ex: _Microsoft_IIS_Administration_1.1.1_20170608090745_000_iis_administrationmsi.log
artisticcheese
commented
7 years ago here is entire contents of that folder. I can not understand what went wrong during installation that SSL was never bound. a.zip
jimmyca15
commented
7 years ago Here is the relevant section from the log file
CAQuietExec64: VERBOSE: Ok
CAQuietExec64: VERBOSE: Verifying .NET Core shared framework installed
CAQuietExec64: VERBOSE: Ok
CAQuietExec64: VERBOSE: Verifying AspNet Core Module is installed
CAQuietExec64: VERBOSE: Ok
CAQuietExec64: VERBOSE: Verifying that the Visual C++ Runtime is installed
CAQuietExec64: VERBOSE: Ok
CAQuietExec64: VERBOSE: Checking if port '55539' is available
CAQuietExec64: VERBOSE: Ok
CAQuietExec64: VERBOSE: Verifying that IIS Administrators group does not already exist
CAQuietExec64: Installation Requirements met
CAQuietExec64: VERBOSE: Creating new IIS Administration Certificate
CAQuietExec64: VERBOSE: Adding the certificate to trusted store
CAQuietExec64: VERBOSE: Binding Certificate to port 55539 in HTTP.Sys
CAQuietExec64: CreateService SUCCESS
CAQuietExec64: Service installed URI: https://localhost:55539
CAQuietExec64: The log shows that the installer created and bound the SSL certificate successfully. If this sequence failed the service would fail to get installed. To find out what is happening we would need to run some commands in the container such as
netsh http show sslcert
artisticcheese
commented
7 years ago I think issue is that IISAdmin.exe does not produce any output (dure to /q switch( and probably failed when run under TFS. I do not see MSI output in Temp folder at all on freshly built container. (log above when I manually run it second time inside already running image). So it again comes back to what started this thread which is reliable/modern way to deploy application in automatable manner (preferable with PackageManagement, chocolatey).
artisticcheese
commented
7 years ago I modified installation routine withing container to install DotNet core separately from IISAdministration and installing IISAdmininstration via setup.ps1 SSL is not bound to IIS, I can not see location where setup.ps1 logs if any information.
PS C:\prep> netsh http show sslcert
SSL Certificate bindings:
-------------------------
IP:port : 0.0.0.0:55539
Certificate Hash : 4cd2a9fc71691479ab4a649e6b8bf1074f8f3f48
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
IP:port : 0.0.0.0:8172
Certificate Hash : d723b6e53b2f4a415a40323e88f2e6b15fcd3b91
Application ID : {00000000-0000-0000-0000-000000000000}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
PS C:\prep> dir IIS:\SslBindings\
IP Address Port Host Name Store Sites
---------- ---- --------- ----- -----
0.0.0.0 8172 MY
PS C:\prep>@artisticcheese What is the issue in your scenario. The netsh command shows that the certificate was successfully bound for the IIS Administration API. Are you unable to communicate with the service over HTTPS or is the service not running at all?
artisticcheese
commented
7 years ago IIS is not showing binding as you can see from dir iis:\SSLBindings?
jimmyca15
commented
7 years ago The IIS Administration API's binding is independent of IIS. It should not show up in the list of bindings for IIS.
artisticcheese
commented
7 years ago It does show up in SSL Bindings when it's properly installed
PS C:\prep> dir IIS:\SslBindings\
IP Address Port Host Name Store Sites
---------- ---- --------- ----- -----
0.0.0.0 55539 MY
0.0.0.0 8172 MYNetsh
PS C:\prep> netsh http show sslcert
SSL Certificate bindings:
-------------------------
IP:port : 0.0.0.0:55539
Certificate Hash : f60e9fee5444373165d32765ff50fa7377c68640
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
IP:port : 0.0.0.0:8172
Certificate Hash : a883c74c9b49be45de70ab0ec88770084bc841e8
Application ID : {00000000-0000-0000-0000-000000000000}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
IISadmin.exe keeps getting stop from full blown installation inside docker which runs inside VSTS agent. Docker does not show any success/error messages
2017-06-15T02:25:05.1169589Z Step 7/14 : ADD http://go.microsoft.com/fwlink/?LinkId=829373 .\iisadmin.exe
2017-06-15T02:25:05.6749811Z
2017-06-15T02:25:08.1150721Z ---> 5e1c468ff800
2017-06-15T02:25:08.1470739Z Removing intermediate container 076553086f11
2017-06-15T02:25:08.1470739Z Step 8/14 : COPY .\artifacts\web.config C:\Program Files\IIS Administration\1.1.1\Microsoft.IIS.Administration\web.config
2017-06-15T02:25:10.5331644Z ---> 79bb1a50195a
2017-06-15T02:25:10.5711669Z Removing intermediate container 359a22d13ef7
2017-06-15T02:25:10.5711669Z Step 9/14 : RUN .\iisadmin.exe /install /q /norestart
2017-06-15T02:25:10.6411685Z ---> Running in 6a76bcede320
2017-06-15T02:26:04.5195638Z ---> 186b7ccefab1
I think the whole debacle is that both DotnetCore hosting and iisadmin.exe when executed with /q switch immediately return back and hence powershell or Docker does not know if it's finished executing or not. So we need switch which does not suppress any output but on the other hand does not return untill installation is over. Looks like no straight up solution to this https://community.spiceworks.com/topic/298861-install-an-exe-with-silent-switch
artisticcheese
commented
7 years ago Solution shall be as following for anybody in the same boat
start-process -Filepath .\iisadmin.exe -ArgumentList @("/install", "/q", "/norestart") -Wait, running it any other way will result parent process being killed after some indescriminate amount of time by docker engine or powershell itself.
jimmyca15
commented
7 years ago When you ran the installation step with the Start-Process command did it solve the issue you were experiencing?
artisticcheese
commented
7 years ago I was able to run it successfully both on workstation and inside VSTS agent so far, so for this 2 uses it does in fact solves the issue. Running it without it: just & .\iisadmin.exe inside powershell and via RUN .\iisadmin inside dockerfile both failed when run in VSTS agent.
I assume bootstrap poweshell script shall be providing all neccessary plubming for installation.