iisazure-devopstfs-2015ms-release-management

Trouble deploying multiple HTTPS sites to single host in TFS 2015


I'm trying to deploy multiple websites to a single host running IIS from TFS 2015. I'm trying to have all sites use the "Server Name Indication Required" option so that they all can run under the same IP address. (This setup works fine in IIS if I manually set everything up -- my question / problem comes from deploying from TFS 2015).

The FIRST site in the deploy chain works fine, but the any subsequent one seems to fail with the following error:

System.Exception:  SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists.

Each of the sites I'm deploying has a different SSL certificate and I've imported them all properly to the Local Machine\Personal store.

A screenshot of the release definition with the "IIS Web App Management" task highlighted is shown below.

enter image description here

Any suggestions on how to resolve this error within the release definition so that I can deploy cleanly without manual intervention?

I guess one thing I could try is to do ALL of the IIS management steps from PowerShell but was hoping to use the tools a little more fully rather than rolling new scripts to do what it seems that they SHOULD be able to do natively.

Any insight is appreciated.


Solution

  • I got things working - but I had to basically eliminate the binding configuration from the WinRM - IIS App Management tasks. I kept everything the same but specified NO binding information at all in those tasks, then added a target machine power shell script that looked like this (thumbprints and site domains changed):

    Import-Module WebAdministration
    
    if ($null -eq (Get-WebBinding | Where-Object {$_.BindingInformation -eq "*:443:iddev.mydomain.com"}))
    {
        New-WebBinding -Name "Identity-B2B" -Port 443 -Protocol "https" -HostHeader "iddev.mydomain.com" -SslFlags 1
        New-Item -Path "IIS:\SslBindings\!443!iddev.mydomain.com" -Thumbprint "88E811B7A9417DACAAAAAAAAAA1C36AA0BA238FF1E0F" -SSLFlags 1
    }
    
    if ($null -eq (Get-WebBinding | Where-Object {$_.BindingInformation -eq "*:443:iddev.myotherdomain.com"}))
    {    
        New-WebBinding -Name "Identity-B2C" -Port 443 -Protocol "https" -HostHeader "iddev.myotherdomain.com" -SslFlags 1
        New-Item -Path "IIS:\SslBindings\!443!iddev.myotherdomain.com" -Thumbprint "BE38195A2BBBBBBBBBBBBBBB1C2AB5762C9" -SSLFlags 1
    }