Web Deployment Tool (MS Deploy) is a great tool the IIS team has created to make it easier to manage, deploy, and migrate your web servers.
This can be done at a granular level where you are moving just an application or website, or you can even use it to replicate or sync multiple servers.
One issue I recently ran into that had me stumped had to do with syncing website certificates across multiple servers. Some servers or certificates would work but others were giving the error:
Error: Object of type 'cert' and path 'my\31fb711de260d2a' cannot be created
Error: No certificate found in store my with hash '31fb711de260d2a'
Error: Key not valid for use in specified state.
Error count: 1
I will walk you through the steps to get this error and why we were getting it. On the server you want to pull the certificate from you first run “netsh http show ssl” and get what is referred to as the hash. This will be needed when you run msdeploy to export the certificate.
The command I was using to copy one certificate to another machine is below. More information about the certificate provider can be found here.
msdeploy.exe -verb:sync -source:cert=(MY\31fb711de260d2a),computername=SourceServer -dest:cert=(MY\31fb711de260d2a),computername=DestinationServer
If you see these errors it can be one of a few issues. The most common one would be spelling the DestinationServer correctly and making sure you can connect to it. For us the issue was that when the SSL Certificate was installed the option "Mark this key as exportable" was not selected. Once I reinstalled the certificate with the "Mark this key as exportable" option everything worked without error.
63cf33d9-0334-4c36-8527-816bb6fbd5ef|1|5.0
MSDeploy, Tech
ms deploy, iis, certificates, web deployment tool