Why does the Web Deploy Agent Service listen on port 80 and 8172
Asked Answered
C

1

10

On four Win Server 2008 R2 boxes, we have MS Deploy installed. It listens on port 80 and 8172 which throws into doubt all the other material out there on the web about how there's no need to change the port 80 default when running on IIS 7.

I can't understand it. Why is it using BOTH ports? I can't follow the instructions to move it to 8172 since it has something already registered there.

There are two problems it causes: 1) an extra attack surface I want to close 2) it keeps our load-balancer from detecting when IIS is stopped and customers get 404s from MsDepSvc!

It's so stupid.

Chloroprene answered 28/11, 2012 at 10:5 Comment(0)
C
17

I think I have worked this out.

There are two Web Deploys in the world. One that is installed with Web Management Service (WMSvc) and people call it Web Deploy anyway and use it via Visual Studio via :8172/msdeploy.axd and then there's Web Deploy, the extra thing you install to allow publishing from the public internet.

All this time, me and my colleagues and people I've worked with at different companies, have all been needlessly installing Web Deploy and then, not even using it.

That's my theory. And now I will go and disable MsDepSvc and see if it holds.

Update 1 - This is incorrect. Sort of.

On a new server, thinking that Web Deploy is built-in to WMSvc, I kept getting 404.7 errors from msdeploy.exe until I installed Web Deploy - because a nice fella named Richard said "Web Deploy registers a handler with WMSvc".

Ha! So deployment is not natively a part of WMSvc. And after installing Web Deploy, you end up with two deployment handlers, one in WMSvc and the other a dedicated Windows Service MsDepSvc and you can disable the MsDepSvc to prevent it sucking on port 80 and fooling your load-balancer into thinking the server is up when its down!

Getting a 404 from WMSvc via MSDeploy.exe

Chloroprene answered 28/11, 2012 at 14:24 Comment(4)
Yep. So MsDepSvc is on port 80 and used with IIS 6 and WMSvc hosts a deployment service that runs on 8172.Chloroprene
FYI, there's a good rundown on the various ways of executing a remote deployment on the Using Web Deploy Remotely page on technet.Harlamert
WebDeploy installs MsDepSvc.exe as one of the components (called "Remote Agent Service") that can be turned off, so you can remove it by using the WebDeploy installer to de-select that feature. This is an alternative approach to disabling it by disabling the "Web Deployment Agent Service" in the "Services" Administrative Tool.Olsson
For anyone that still hasn't solved this: Our company's setup needed both WMSvc and MsDepSvc running without using up port 80. So we did both the Registry edit and the netsh thing from #5867892 on port 8171 instead of 8172. This allowed both services to run without using up port 80.Jelly

© 2022 - 2024 — McMap. All rights reserved.