Question

我尝试使用TFS（所有正在运行的Update 2）将Deployment Agent连接到我的版本管理服务器。

版本管理服务器位于测试环境服务器的网络之外。它可以通过HTTP访问。测试环境在代理后面运行。我已经更改了配置文件的配置，以确保通过添加以下内容来连接代理：

<system.net>
    <defaultProxy enabled="true" 
                  useDefaultCredentials="true">       
                  <proxy usesystemdefault="True"
                         bypassonlocal="True"/>
  </defaultProxy>
</system.net>

我使用影子帐户将Deployment Agent连接到Release Management Server。

当我运行Deployment Agent配置向导时，一切都成功。日志文件显示没有错误。但是，在发布管理客户端中扫描新服务器时，服务器无法显示。

我已将日志记录更改为详细信息，并在Deployment Agent日志文件中找到以下信息：

9/3/2014 1:07:37 PM - Information - (3036, 5676) - Service is running under identity: <MACHINENAME>\<USERNAME>
9/3/2014 1:07:37 PM - Information - (3036, 5676) - Deployer service is starting.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - HeartBeat: Sending HeartBeat
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - HeartBeat: Starting Configuration Tests.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:37 PM - Information - (3036, 5676) - HeartBeat: Communication Tests terminated. Results are: 
 Test 1 of 7 failed:
Communication with the Deployment Controller Web Service was not successful. The error received is: Object reference not set to an instance of an object.
Test 2 of 7 failed:
Communication with the database through the Deployment Controller Web Service was not successful. The error received during the test is: Object reference not set to an instance of an object.
Test 3 of 7 failed:
The account running this Windows Service is not a valid user in the Release Management Server. Please add the user and try again. For cross-domain scenarios using Shadow Accounts, add the local Shadow Account user to the Release Management Server. The error received during the test is: Root element is missing.
Test 5 of 7 failed:
Root element is missing.
Test 6 of 7 failed:
Root element is missing.
Test 7 of 7 failed:
The Deployer user (<MACHINENAME>\<USERNAME>) does not have access to the crypto store. On the server where the deployment agent is installed, navigate to this folder %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys and give read/write access to <MACHINENAME>\<USERNAME>.

9/3/2014 1:07:37 PM - Information - (3036, 5676) - HeartBeat: HeartBeat timer is started.
9/3/2014 1:07:37 PM - Error - (3036, 5676) - Object already exists.
: \r\n\r\n   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at Microsoft.TeamFoundation.Release.Data.Helpers.CryptoHelper.GenerateKeySet(String containerName)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.DeploymentEventFetcherBase..ctor(Double interval, String dnsName, String serverIpAddress, Action`3 deploymentProcessor, String cryptoContainerName)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.DeploymentEventFetcher..ctor(Double interval, String dnsName, String serverIpAddress, Action`3 deploymentProcessor)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.DeploymentEventFetcher..ctor(Double interval)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Service.OnStart(String[] args)
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Initializing cache for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Verbose - (3036, 5676) - Loading profile for user <MachineName>\<UserName>.
9/3/2014 1:07:42 PM - Error - (3036, 5676) - Object reference not set to an instance of an object.: \r\n\r\n   at Microsoft.TeamFoundation.Release.Data.Model.SystemSettings.LoadXml(Int32 id)
   at Microsoft.TeamFoundation.Release.Data.Model.ModelFactory.Load[T](Int32 id)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.HeartBeat.SetNewInterval()
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.HeartBeat.TimerElapsed(Object sender, ElapsedEventArgs e)
9/3/2014 1:08:04 PM - Information - (3036, 5840) - Deployer service is stopped.

日志文件显示所有通信检查失败。出了什么问题？

更新

从MachineKeys文件夹中删除密钥f92439b4a629bc3a41a69e308c后，权限错误消失。但是，我的部署代理仍然无法连接到服务器。这是日志文件显示的内容：

9/8/2014 8:37:40 AM - Information - (2712, 292) - Service is running under identity: <machinename>\<username>
9/8/2014 8:37:40 AM - Information - (2712, 292) - Deployer service is starting.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - HeartBeat: Sending HeartBeat
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - HeartBeat: Starting Configuration Tests.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Information - (2712, 292) - HeartBeat: Communication Tests terminated. Results are: 
 Test 1 of 7 failed:
Communication with the Deployment Controller Web Service was not successful. The error received is: Object reference not set to an instance of an object.
Test 2 of 7 failed:
Communication with the database through the Deployment Controller Web Service was not successful. The error received during the test is: Object reference not set to an instance of an object.
Test 3 of 7 failed:
The account running this Windows Service is not a valid user in the Release Management Server. Please add the user and try again. For cross-domain scenarios using Shadow Accounts, add the local Shadow Account user to the Release Management Server. The error received during the test is: Root element is missing.
Test 5 of 7 failed:
Root element is missing.
Test 6 of 7 failed:
Root element is missing.

9/8/2014 8:37:40 AM - Information - (2712, 292) - HeartBeat: HeartBeat timer is started.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:40 AM - Information - (2712, 292) - Deployment: Deployment Event Fetcher timer is started.
9/8/2014 8:37:40 AM - Information - (2712, 292) - Cleanup: Cleanup Service timer is started.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Initializing cache for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Verbose - (2712, 292) - Loading profile for user <machinename>\<username>.
9/8/2014 8:37:45 AM - Error - (2712, 292) - Object reference not set to an instance of an object.: \r\n\r\n   at Microsoft.TeamFoundation.Release.Data.Model.SystemSettings.LoadXml(Int32 id)
   at Microsoft.TeamFoundation.Release.Data.Model.ModelFactory.Load[T](Int32 id)
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.HeartBeat.SetNewInterval()
   at Microsoft.TeamFoundation.Release.DeploymentAgent.Services.Deployer.HeartBeat.TimerElapsed(Object sender, ElapsedEventArgs e)

我创建了影子帐户，当我在Azure虚拟机上安装代理并使用与我在此方案中使用的相同凭据时，此设置正在运行。我想这个问题与客户站点的代理配置有关。

Answer 1

要解决此问题，您需要确保用于配置版本管理服务器的凭据对C：\ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys具有修改权限。在授予自己修改权限之前，您可能必须拥有该文件夹中某些文件的所有权。

它对我有用

大家好，快速更新我找到了问题的解决方案。它与C：\ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys中的加密文件有关。您需要专门选择MachineKeys中版本管理使用的文件，并对该文件应用对用于RM的帐户的完全权限。如果您在文件夹级别执行此操作，即使您也告诉它，它也不会递归地应用权限。相信SYSTEM帐户对MachineKeys中的文件没有权限，因此当您尝试更改文件夹级别的权限时，它无法在此过程中访问这些文件，除非您手动覆盖该文件的安全设置。单独的文件。希望这有助于某人因为这让我疯了！

Answer 2

我不能代表发布管理代理，但是任何得到此错误的人都需要了解它与加密和权限以及MachineKeys文件夹的所有权有关 - 与此RM本身无关 - 作为尝试使用RM并不是导致此错误发生的唯一因素，同样的问题也可以从这些方面得到证明：

http://www.pettijohn.com/2010/05/cryptographicexception-during.html

https://social.msdn.microsoft.com/Forums/en-US/af5fec51-2e2d-4993-b383-a963bb941a95/rsacryptoserviceprovider-and-usemachinekeystore-gives-object-already-exists?forum=clr

如果未正确设置权限/所有权，那么只是尝试运行调用RSACryptoServiceProvider的任何代码都会产生相同的错误 - 默认情况下不是这样：

设置此位置的位置可以在几个不同的位置，具体取决于系统：

Windows 7：
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys（在此处调整，仅适用于我）

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys（user3137856＆＃39; s贡献）

Windows 2000：
C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Crypto\RSA\MachineKeys

您可以作为管理员导航到该文件夹，以授予所需组的所有权和权限。该组将取决于您是否只希望管理员运行您的应用，这意味着您需要本地计算机级Administrators组或所有用户，在这种情况下，您需要域级Everyone基。

您选择的任一组都需要拥有该文件夹的“所有权”和“完全控制”权限，还需要拥有该文件夹中文件的所有权和完全控制权限。它需要从上面传播下来。

因此，您必须将文件夹的所有权设置为这两个组中的一个，但在设置所有者时选择＆＃34;替换子容器和对象上的所有者＆＃34; 。这使得其中的文件也具有正确的所有权。

然后，在应用权限时，右键单击该文件夹，选择属性＆gt;安全选项卡＆gt;高级按钮＆gt;更改权限按钮＆gt;选择该组，选择＆＃34;使用此对象的可继承权限替换所有子权限＆＃34;，然后单击编辑。然后选择每个＆＃34;允许＆＃34;复选框，在每个对话框中一直单击“确定”。这将对文件夹和文件中的文件应用权限。

Answer 3

关于同一主题的我的文章http://www.msdevtips.com/2014/07/untrusted-domain-connectivity-in.html。验证每个stpes并确保您已正确配置了shadow帐户。我确实从本地服务器发布到Azure VM。

发布管理代理未连接

更新

3 个答案: