A quick blog post as I’ve been troubleshooting an issue with gallery publishing, and there wasn’t a lot of information available out there. My problem was that I would run through the wizard to deploy a preconfigured web application through the gallery which would work fine, but publishing would eventually fail. I had to break out some network traces to figure out what was going on in the end (along with the information in this page in the documentation)
So, what happens when you choose to deploy a new website using the gallery feature?
Once you’ve made the request, the first thing that happens is that an empty website is created. This is a call from the tenant API to the websites management server. As part of this process, a new directory is created on the file server for the content. If you’ve got your permissions wrong in any way, this process will fail and the whole thing falls over.
The content for the website is then downloaded. This content is downloaded from the tenant portal, and you can track what is happening by looking in C:\users\MgmtSvc-TenantSite\Appdata\Local\Temp. The download is a zip file with a random name (you can open it and inspect the contents if you like). If you need to track where the download is coming from, grab a copy of the XML source for the gallery feed. The link for the gallery feed is available in the settings tab of the web sites cloud page in the Azure Pack admin portal (the default is here). Look for the <installerURL> section of the application you’re looking for to find the download link.
Once the download is complete, the tenant portal makes a connection to the publisher on port 8172 (the default publishing port) to upload the content. The publisher writes the content to the file server as it receives it. Once this is complete the site is basically ready to use.
The things you’ll need to confirm are working to ensure website gallery resources work are:
- Internet access and internet name resolution from the tenant portal
- Tenant portal can resolve the IP address for the publisher. Depending on your topology this might need to be an internal IP address that the tenant portal can access, in which case you’ll need to plan for that in your DNS structure. You may end up with an internal DNS zone for the websites feature to use as well as a corresponding external DNS zone for tenants
- Tenant portal can access the publisher on port 8172
- Permissions on the file server are correct – if you’ve used the websites controller to deploy the file server you’ll be fine. If you’re using a NAS or a file cluster, then check your permissions are correct.
Hopefully this information will be useful for someone out there.