I am getting below error while deploying app service via Azure DevOps. I tried to search for this issue but could not found root cause of this.
Error :
2021-03-15T06:01:27.7479723Z ##[error]Error: Error Code: ERROR_COULD_NOT_CONNECT_TO_REMOTESVC
More Information: Could not connect to the remote computer ("web-app.scm.azurewebsites.net") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC.
Error: The remote server returned an error: (403) Forbidden.
Error count: 1.
'''
I tried everything until I spotted (after reading this) that my (dev) shared App Service service plan was out of storage space! When I upgraded it to a bigger one I could deploy again!
According to this document, the error is caused by that Web Deploy cannot connect to the remote service. Please refer to the follow points to troubleshoot your problem:
Please make sure Azure app service works fine. You can ping the remote machine.
That the msdepsvc(“Microsoft Web Deployment Agent Service”) or wmsvc(“Web Management Service”) service is started on the remote server.
Your firewall is not blocking incoming connections of your ports on the destination. If you used the default installation, then it would be 80 for msdepsvc and 8172 for wmsvc.
In addition, you could try to add -retryInterval:6000 -retryAttempts:10 to Additional Arguments in Azure App Service Deploy task as this thread stated.
BTW, if this issue still exists in Azure pipeline, please check if this issue exists locally. You could refer to this thread: Got 403 Error when doing Web Deployment and Web Deploy results in ERROR_COULD_NOT_CONNECT_TO_REMOTESVC for more guidance.
Thank you Edward for insightful explanation for possible root cause. Issue is resolved now.
Root cause was the agent pool selected did not have rights for deployment(IP are not whitelisted for production App service) since
We are not using agent provided by DevOps directly for production environment.
An instance that'd worked great for years starting giving me this error yesterday during Web Deploy. No changes from our side. No amount of poking around non-invasively solved it, but simply hitting the Restart button on the Azure app service Overview page put it to bed quite easily.
In short: Double-check your publish profile (each element).
Bit longer: In my case, my publish profile contained a ResourceGroup element which pointed to the wrong resource group. (I'm using WebPublishMethod: MSDeploy) I went over all elements and made sure they point to the correct resource, credentials and whatnot.
That seemed to solve the issue.
In my case, I had modified machine.config to captur traffic in Fiddler
<system.net>
<defaultProxy
enabled = "true"
useDefaultCredentials = "true">
<proxy autoDetect="false" bypassonlocal="false" proxyaddress="http://127.0.0.1:8888" usesystemdefault="false" />
</defaultProxy>
</system.net>
and this was interfering with the VS deployment to Azure
Related
I am deploying my ASP.NET Core 3.1 app to Azure App Service. While creating the new app service, I chose Linux as Operating System. In deployment center, when I deploy the app, it prompts me to enter a startup command. Everywhere I read about it it says startup command is optional. But when I deploy, it doesn't get further without this.
I have recently deployed other app services on windows and this was not the problem then. The startup command I am entering is dotnet <project.dll>. It deploys successfully. But after the deployment whenever I hit an API endpoint, it gives 500 Internal Server Error.
My question is:
What is the purpose of startup command? Why is this returns with 500 when deployed to linux.
S
It seems your startup command is correct refer to this.
You could check if this setting had been set already in Configuration, and check if the .dll file name is correct. As far as I known, this setting is necessary under Linux environment.
For 500 Internal Server Error, it's a error from server side, sometimes it means your web app is not prepared, and restart it would solve the problem.
If not solved, check the wwwroot file structure in kudu. ->.scm.azurewebsites.net If the file structure not correct, try another way to deploy.
Update
As your own reply, you connected your app to database. If issue still here, try add sql server policy like this:
I diagnosed the problem. My deployed app service is not whitelisted to access database. That is the reason for 500 Internal Server Error
In Azure, I turned on IP restrictions for:
Web App (Networking > Access Restrictions)
SQL server (Firewalls and virtual networks > Add client IP)
SQL database (Set server settings)
The solution still builds locally and in DevOps (aka Team Foundation Server).
However, Azure App Service Deploy now fails:
##[error]Failed to deploy App Service.
##[error]Error Code: ERROR_COULD_NOT_CONNECT_TO_REMOTESVC
More Information: Could not connect to the remote computer
("MYSITENAME.scm.azurewebsites.net") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer.
Error: The remote server returned an error: (403) Forbidden.
Error count: 1.
How can I deploy through the firewall?
Do I need a Virtual Network to hide Azure resources behind my whitelisted IP?
The REST site scm.azurewebsites.net must have Allow All, i.e. no restriction. Also, Same restrictions as ***.azurewebsites.net should be unchecked.
It does not need additional restriction because url access already requires Microsoft credentials. If restrictions are added, deploy will fail the firewall, hence the many complications I encountered.
I think the answer is incorrect as you might face data ex-filtration and that's the reason Microsoft provide the feature to lock down SCM portal (Kudu console)
There is also a security issue on Kudu portal as it can display the secret of your keyvault (if you use keyvault) and you don't want someone in your organisation to access the Kudu portal for example.
You have to follow this link
https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-devops
It will provide you Azure DevOPS IP range that you need to allow on the SCM Access restriction.
Update: To make it works as expected and to use App Service Access Restriction (same for an Azure Function), you need to use the Service Tags "AzureCloud" and not the Azure DevOPS IP range as it's not enough. on the Azure Pipeline logs, you can see the IP blocked so you can see that it's within the ServiceTags "AzureCloud" in the Service Tags JSON file
It's not really clear on the MS Doc but the reason is that they struggled to define a proper IP range for Azure DevOPS Pipeline so they use IPs from AzureCloud Service Tag.
https://www.microsoft.com/en-us/download/details.aspx?id=56519
In my case I was deploying using Azure DevOps and got the error. It turned out the app service where my API was being deployed to, had the box checked "Same restrictions as xxxx.azurewebsites.net", under access restrictions or IP restrictions. you need to allow scm.azurewebsites.net.
Try adding the application setting WEBSITE_WEBDEPLOY_USE_SCM with a value of false to your Azure App Service. This was able to solve my issues deploying to a private endpoint.
In my case it was because the daily quota was overpassed.
So the solution in this case is either wait or pay more (scale up) the app service
In my case this was because the wrong agent (Windows Hosting) was being used when I should have been using a self hosted internal agent... so I needed to change it at the following location
Our website has been hosted on Azure for a few years. Tonight it is throwing 503 Service unavailable errors. I cannot even load a url to a .jpg file. I have restarted the app and still nothing loads from the website. I cannot buy Azure support because I have bought and cancelled Azure support in the past. We are a 3 person business and depend on our small website and it is down and I don't know what to do. None of the trace logs make any sense to me.
I think 503 could mean that you reached a quota and Azure now respond with a 503 for requests. So I would check the Quotas section within your App Service Plan.
Also check:
Troubleshoot HTTP errors of "502 bad gateway" and "503 service unavailable" in Azure App Service
There are several things you can do to help remedy the situation.
Restart the application (please indicate what it is that will help
us)
Restart the instance that the application is running on.
Restore from a previous working backup of the site.
You should also add more information to your post so we can help, like what application you are using e.g. Apache, Nginx ect.
I've also had a similar problem. I had two deployment slots and in the first slot (production) which I had the latest code and in the second slot, I've missed deploying the latest code and configured traffic as 60-40 which gave me hard time finding it.
Once I've set 100% to the production slot it started working.
Just thought to share this in case it could be useful if you come across the same stuff in the future.
For me it was "Path mappings" in "Configuration".
As soon as i added a new Azure Storage Mount, the application broke.
Setting my Storage account -> Networking, to "Enabled from all networks" fixed the issue.
For us it was a result of the remote debugger. Disabling remote debugger and restarting the app service fixed the 503 error. I think one dev was remote-debugging while another was deploying the app and that seems to have caused an issue under the hood of the app service that broke port binding (we were seeing a stack track in logs about failing to bind to port).
I have a asp.net mvc5 site running off a azure website, its running off a D1 shared infrastructure.
In the last couple of days I've had a few issues when deploying to it. Its at times been unable to deploy. (i've hashed out my site name)
Error 26 Web deployment task failed. (Could not connect to the remote
computer ("#####.scm.azurewebsites.net") using the specified process
("Web Management Service") because the server did not respond. Make
sure that the process ("Web Management Service") is started on the
remote computer. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC.)
And now when I deploy I'm getting
Error 403 - This web app is stopped.
. When I look in the azure portal it says the site is running and I cannot see anything in the ftp logfiles\http\rawlogs\ which would indicate this issue. i.e. I can just see 200 responses from then the site was last responding.
Restarting the site via the portal doesnt seem to make a difference.
How can i diagnose the cause of this problem? and is it possible that it could be related to any changes i have made to my application rather than a server infrastructure issue?
You may be running into Quota issues if your site is in SHARED mode. Please try upgrading to STANDARD mode.
Here is a screen shot:
I was having the same problem. Our site wasn't in shared mode and scaling up/down to another service plan helped for a moment but the problem quickly recurred.
Turned out the staging environment was bad.
To fix the problem, I had to swap, delete the staging slot, and then wait ~30 minutes before I could recreate it (got errors saying the hostname still existed).
I also had the same deployment problem from Azure Devops and the site wasn't in shared mode.
Failed to deploy web package to App Service.
Error Code: ERROR_COULD_NOT_CONNECT_TO_REMOTESVC
More Information: Could not connect to the remote computer ("######.scm.azurewebsites.net") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC.
Error: The remote server returned an error: (403) Forbidden.
Error count: 1.
Error: C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe failed with return code: 4294967295
I wasn't able to get to the Kudu site (######.scm.azurewebsites.net) from my local machine but I was able to from a JumpBox VM in our Azure subscription.
After inspecting the settings at resources.azure.com I noticed that under the "web" settings:
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{SiteName}/config/web?api-version=2018-02-01
The "scmIpSecurityRestrictionsUseMain" value was set to "true". I set it back to "false" and was able to deploy and view Kudu locally again.
I can't seem to be able to deploy a site to a windows server 2012 r2 running IIS and Web Deploy in Azure VM. I have verified that the port is open, the credentials are correct and the site name as well. I tried using http: and https: also tried using msdeploy.axd end point and the MSDEPLOYAGENTSERVICE one nothing. Check is the services are running and if I can connect to the machine which at can on port 80 to the default site. Tried connecting from multiple connections I get the same result...
Could not connect to the remote computer ("<computer name>.cloudapp.net"). On the remote computer make sure that Web Deploy is installed and that the required process ("Web Deployment Agent Service") is started. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DESTINATION_NOT_REACHABLE. Unable to connect to the remote server.
After dealing with this for about an hour now, I figured out how to fix this on my Azure Virtual Machine.
First the obvious
Check that port 8172 (if you're using default settings) is open in your firewall
Check that the processes MsDepSvc and WMSVC are running.
Check that the site name is correct.
Management Service
In ISS, at the root level of the server, check your settings under Management Service.
It should have Enable Remote Connections checked:
Did you download the full package
This was the one that got me, I hadn't installed everything.
On the bottom of the WebDeploy page: http://www.iis.net/downloads/microsoft/web-deploy
You can download the full package, and then just install everything.
You don't mention if you have an endpoint configured for your Azure VM. If not, make sure you create an endpoint with a private port of 8172.
EDIT: Here is a troubleshooting guide for web deploy that includes the error message you've encountered. Additionally, from my own experience I have managed to mistype the site name and not install .NET and seeing similar errors.
Helpful but in the end in our case it was TLS mismatch. Check both machines can do TLS 1.2 if you are forcing it. Have put more detail here https://fuseit.zendesk.com/hc/en-us/articles/360000328595. Cheers