Sunday, May 22, 2011

Administrative access in Team Build 2010 for creating IIS AppPools etc

I have recently been using the MSBuild Extension Pack over on codeplex available here: I came across an issue (build failing) recently where I was trying to write DNS entries to the local HOSTS file and also attempting to create IIS Application Pools and users etc using various tasks provided by the MSBuild Extension Pack.

I have separate build servers 1 for CI and 1 for Integration both of which run Team Build 2010 and the build service runs under a domain user account.

Of course attempting to do the above things require local administrative access to the machine on which you attemp to create App Pools, add DNS entries etc. So I fired up Computer Management and added the TFSBUILD service account to the local Administrators group.

After doing this, I queued a build and it still failed. After looking through the logs in more detail and checking Team Build configuration, all looked correct. I then logged onto the machine using the TFSBUILD account and attempted to perform an administrative action like edit the HOSTS file which I was successfully able to do. I also looked in the Event Log for any errors that might give me a clue as to why it was failing, but nothing there.

In the end I restarted the build controller, queued a build and it worked!

So I'm guessing that security permissions are cached in Team Build.

For information purposes, I'm running Team Build on separate Windows Server 2008 R2 machines from the databases and App Tiers. I'm also using the Upgrade Template so using core MSBuild 4.0 - not Workflow to execute the builds.

No comments: