IISWebAppManagementOnMachineGroupV0 can't detect existing SSL bindings on Server 2022

[altwohill]

I have the following in my yaml pipeline:

  - task: IISWebAppManagementOnMachineGroup@0
    displayName: 'Deploy base website with binding: ${{ binding }}'
    inputs:
      IISDeploymentType: 'IISWebsite'
      ActionIISWebsite: 'CreateOrUpdateWebsite'
#... snipped 
      AddBinding: true
      Protocol: 'https'
      IPAddress: '*'
      Port: 443
      ServerNameIndication: true
      HostNameWithSNI: '${{ binding }}'

It works the first time but fails on repeat deployments on Server 2022 machines.

The issue doesn't occur on our Server 2019 and older machines.

I think the issue is due to some additional lines in the netsh output

Looking at

azure-pipelines-extensions/TaskModules/powershell/TaskModuleIISManageUtility/AppCmdOnTargetMachines.ps1

Line 186 in 78bf251

$isItSameBinding = $result.Get(4).Contains([string]::Format("{0}:{1}", $hostname, $port))

and

azure-pipelines-extensions/TaskModules/powershell/TaskModuleIISManageUtility/AppCmdOnTargetMachines.ps1

Line 201 in 78bf251

$isItSameCert = $result.Get(5).ToLower().Contains($certhash.ToLower())

I see the script is checking specific line numbers before proceeding.

On Server 2022 the checks always fail so it tries to add a new binding, which fails with the error

SSL Certificate add failed, Error: 183
Cannot create a file when that file already exists.


##[error]Process 'netsh' exited with code '1'.

[altwohill]

Ah, I see #993 would fix this

[danspam]

Just spent hours trying to figure out why the IIS web app manage task was failing. Totally broken on Server 2022

[jiggybyte]

This is still completely broken on Server 2022. Such a shame, there's a simple fix to the script (or just don't use hard coded lines, sheesh)

[saephraim]

I just ran into this same issue today. We have installed Windows Server 2022 to migrate sites to. This worked fine in Server 2012 R2.

[jabteles]

+1 preventing to migrate to Server 2022. No more workarounds.

[jbartlettii]

Seems to still be an issue, not really a viable workaround, but you can manually configure the cert or deploy the pipeline the first time with the cert, and then blow away the entire binding and the task shouldn't remove it afterwards so that code deploys and application updates still function but the binds, or certs will not. Just in case you are stuck on 2022 for whatever reason.

[rickjames961]

+1 preventing to migrate to Server 2022.

[LeftTwixWand]

Hi, we're working on it.

[mrunks]

I too am experiencing this problem. Is there any updates or ETA when a possible fix will be released ?

[LeftTwixWand]

Hey @mrunks my colleague is finished the development part and I hope to see the fix released in upcoming days.

[v-schhabra]

Hello @mrunks
The mentioned issue has been fixed in this PR #1220
Could you please use the IISWebAppManagementV3 version of the task and test if it is working fine?