Connected to the remote computer ("10.0.0.0") using the specified process ("Web Management Service"), but could not verify the server's certificate

Posted on
WebDeploy .NET msdeploy

If you see error message

ERROR_CERTIFICATE_VALIDATION_FAILED 
Connected to the remote computer ("10.0.0.0") using the specified process ("Web Management Service"), but could not verify the server's certificate. If you trust the server, connect again and allow untrusted certificates.

Then you have to allow untrusted certificate, there are two ways how to do it, see below.

See full log of issue:

[08:38:22][Step 1/1] ========================================
[08:38:22][Step 1/1] Deploy
[08:38:22][Step 1/1] ========================================
[08:38:22][Step 1/1] Executing: ../WebDeployPackage/ProjectName.deploy.cmd /Y /M:https://10.0.0.0:8172/MSDeploy.axd /U:Username
[08:38:22][Step 1/1] Waitting (max 30s) for process to finish ...
[08:38:22][Step 1/1] SetParameters from:
[08:38:22][Step 1/1] "D:\BuildAgent\work\57910644296a4e40\WebDeployPackage\ProjectName.SetParameters.xml"
[08:38:22][Step 1/1] You can change IIS Application Name, Physical path, connectionString
[08:38:22][Step 1/1] or other deploy parameters in the above file.
[08:38:22][Step 1/1] -------------------------------------------------------
[08:38:22][Step 1/1]  Start executing msdeploy.exe
[08:38:22][Step 1/1] -------------------------------------------------------
[08:38:22][Step 1/1]  "C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:package='D:\BuildAgent\work\57910644296a4e40\WebDeployPackage\ProjectName.zip' -dest:auto,computerName="https://10.0.0.0:8172/MSDeploy.axd",userName="Username",includeAcls="False" -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"D:\BuildAgent\work\57910644296a4e40\WebDeployPackage\ProjectName.SetParameters.xml" 
[08:38:23][Step 1/1] Info: Using ID 'f65f194a-338c-4ed3-98a8-238526f3b035' for connections to the remote server.
[08:38:23][Step 1/1] Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED
[08:38:23][Step 1/1] More Information: Connected to the remote computer ("10.0.0.0") using the specified process ("Web Management Service"), but could not verify the server's certificate. If you trust the server, connect again and allow untrusted certificates.  Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.
[08:38:23][Step 1/1] Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
[08:38:23][Step 1/1] Error: The remote certificate is invalid according to the validation procedure.
[08:38:23][Step 1/1] Error count: 1.
[08:38:24][Step 1/1] Executing: ../WebDeployPackage/ProjectName.deploy.cmd /Y /M:https://10.10.70.70:8172/MSDeploy.axd /U:Username
[08:38:24][Step 1/1] Waitting (max 30s) for process to finish ...
[08:38:24][Step 1/1] SetParameters from:
[08:38:24][Step 1/1] "D:\BuildAgent\work\57910644296a4e40\WebDeployPackage\ProjectName.SetParameters.xml"
[08:38:24][Step 1/1] You can change IIS Application Name, Physical path, connectionString
[08:38:24][Step 1/1] or other deploy parameters in the above file.
[08:38:24][Step 1/1] -------------------------------------------------------
[08:38:24][Step 1/1]  Start executing msdeploy.exe
[08:38:24][Step 1/1] -------------------------------------------------------
[08:38:24][Step 1/1]  "C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:package='D:\BuildAgent\work\57910644296a4e40\WebDeployPackage\ProjectName.zip' -dest:auto,computerName="https://10.10.70.70:8172/MSDeploy.axd",userName="Username",includeAcls="False" -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"D:\BuildAgent\work\57910644296a4e40\WebDeployPackage\ProjectName.SetParameters.xml" 
[08:38:24][Step 1/1] Info: Using ID '0648ded4-0ef5-4687-80c7-5e62ed330c41' for connections to the remote server.
[08:38:25][Step 1/1] Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED
[08:38:25][Step 1/1] More Information: Connected to the remote computer ("10.10.70.70") using the specified process ("Web Management Service"), but could not verify the server's certificate. If you trust the server, connect again and allow untrusted certificates.  Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.
[08:38:25][Step 1/1] Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
[08:38:25][Step 1/1] Error: The remote certificate is invalid according to the validation procedure.
[08:38:25][Step 1/1] Error count: 1.

Hot to solve the issue?

Are you doing deployment from Visual Studio using publish profile or you are using ProjectName.deploy.cmd script?

Deploy with Visual Studio

Open the publish profile (.pubxml) and add

<AllowUntrustedCertificate>True</AllowUntrustedCertificate> 

Deploy using ProjectName.deploy.cmd

Call ProjectName.deploy.cmd with argument -AllowUntrusted:True For example:

ProjectName.deploy.cmd /t /m:DestinationServerName /a:ntlm -AllowUntrusted:True

Or set the parametr as environment variable called “_MsDeployAdditionalFlags”