WebDeploy - Not able to log on the user '.\WDeployConfigWriter'


I have problem with MsDeploy to publish my website to remote IIS from Visual Studio.

I encountered the following error:

Microsoft.Web.Delegation.DeploymentAuthorizationException: Not able to log on the user '.\WDeployConfigWriter'. ---> System.Runtime.InteropServices.COMException: The user name or password is incorrect. (Exception from HRESULT: 0x8007052E) --- End of inner exception stack trace --- at Microsoft.Web.Deployment.LogonUserHandle.LogonUser(String userName, String domain, String password)

I tried to change WDeployConfigWriter's password in Local Users and Groups (lusrmgr.msc). Then, I open Management Service Delegation. I try to set credentials in edit rule for WDeployConfigWriter page and it's always fail with message "The spesified password is invalid. Type a new password".

I am working in Windows Server 2012.

Any help would be appreciate. Thanks!

asked on Stack Overflow Sep 23, 2013 by Iswanto San

8 Answers


I had this too but with a slightly different detail

Not able to log on the user '.\WDeployConfigWriter'. 
Logon failure: the specified account password has expired. 

Full credit to this blog, the problem is that the Web Deploy installer creates users with expiring passwords that are used to elevate permissions during deployment. The fix is to:

  1. Use server manager on the accounts WDeployAdmin and WDeployConfigWriter to
    • reset the password
    • check password never expires
    • uncheck user must change password next logon
  2. Use IIS -> Management Service Delegation to reset the passwords for the rules where those accounts have been configured to elevate to a specific user
  3. Fixed!
answered on Stack Overflow Feb 19, 2014 by fiat • edited Mar 1, 2014 by fiat

The easiest fix to this problem is:

  • Computer Management ->Local Users And Groups -> Users
  • Right click -> properties on WDeployAdmin
  • Uncheck "User must changed password at next logon
  • Check "Password never expires"
  • Do the same for WDeployConfigWriter
  • Done!

Similar to @fiat solution, but you don't really need to change the password.

answered on Stack Overflow Nov 4, 2015 by randoms

Here are simple CMD commands:

WMIC USERACCOUNT WHERE "Name='WDeployConfigWriter'" SET PasswordExpires=FALSE
WMIC USERACCOUNT WHERE "Name='WDeployAdmin'" SET PasswordExpires=FALSE

It will set deploy users passwords to never expire

answered on Stack Overflow Nov 15, 2016 by Gh61

The WDeploy* users are not intended to be used directly as part of your deployment process. Instead, they are used to implicitly elevate permissions in order to perform specific tasks (modifying IIS for WDeployConfigWriter, and GAC installations among others for WDeployAdmin).

I'd recommend creating a non-admin user specifically for your website. You can find the instructions for doing so at Installing and Configuring Web Deploy on iis.net. If you continue to have problems with the WDeployConfigWriter user, you're probably best off uninstalling Web Deploy and starting again.

answered on Stack Overflow Oct 14, 2013 by Richard Szalay

I had the same problem trying to changes the passwords in Management Service Delegation and it did not fix the problem. It turns out that I had to change the WDeployConfigWriter to a different user(ie Admin) change it back and then the password changes only took effect

answered on Stack Overflow Sep 11, 2017 by Anton Oosthuizen

I had the same problem with Visual Studio 2017 with a different error message. The solution is also uncheck (WDeployConfigWriter) "User must changed password at next logon"

Publish failed
Publish has encountered an error.
Publish failed due to build errors. Check the error list for more details.

A diagnostic log has been written to the following location:

The content of the log file

06.04.2018 19:56:13
System.AggregateException: One or more errors occurred. ---> System.Exception: Publish failed due to build errors. Check the error list for more details.
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Web.Publish.PublishService.VsWebProjectPublish.<>c__DisplayClass40_0.<PublishAsync>b__2()
   at System.Threading.Tasks.Task`1.InnerInvoke()
   at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.VisualStudio.ApplicationCapabilities.Publish.ViewModel.ProfileSelectorViewModel.<RunPublishTaskAsync>d__108.MoveNext()
---> (Inner Exception #0) System.Exception: Publish failed due to build errors. Check the error list for more details.<---

answered on Stack Overflow Apr 6, 2018 by live2

In my case, I got this error because either WDeployConfigWriter nor WDeployAdmin had been created during the installation of WebDeploy (3.6 / 4.) even if the installation ran through successfully.

Found out, that the servers rule for password complexity was more restricting that the generated one with the script in C:\Program Files\IIS\Microsoft Web Deploy V3\Scripts\AddDelegationRules.ps1 didn't meet the requirements. So I edited GenerateStrongPassword() in the PowerShell file and run it. The users then have been created successfully.

answered on Stack Overflow Mar 23, 2020 by martinoss

There is some cases where setting "Password never expires" not is enough. Reinstalling webdeploy will fix the issue.

The other way to fix this is to set new passwords for the users WDeployAdmin and WDeployConfigWriter. User management

The next step is to set the new passwords in IIS > Management Service Delegation for those users. Management Service Delegation

answered on Stack Overflow Oct 22, 2020 by Pär Sandgren

User contributions licensed under CC BY-SA 3.0