So I setup TFS continuous deployment and I'm running into a situation where my build compiles just alright but fails in the deployment phase when communicating with Azure. My log looks like
Get Default Azure Cloud Service Publish Profile
Set Project to build CSPack
Run MSBuild for Project
Run Visual Studio Test Runner for Test Sources
Publish Output
Deploy application to Azure
8/23/2012 7:20:04 AM - Preparing deployment for rcfoapi with SubscriptionID: mysubscriptionidhere.veryverylong.andkeepsgoing...
8/23/2012 7:20:04 AM - Connecting...
An attempted http request against URI https://management.core.windows.net:8443/mysubscriptionidhere.veryverylong.andkeepsgoing
/services/hostedservices/myrolenamehere?embed-detail=true
returned an error: (403) Forbidden.
Additional Exception Information:
Error Code: AuthenticationFailed
Message: The server failed to authenticate the request. Verify that the
certificate is valid and is associated with this subscription.
Typically, a response of (403) Forbidden from a Windows Azure
Management API means that the X509 certificate used to
authenticate the call is not valid. The certificate may have
been revoked or expired. Reconnect your Windows Azure
subscription to your Team Foundation account.
I tried the 'Disconnect from TFS' link in the Azure portal, then verified that the certificate in the 'certificates' section of the Azure portal. I confirmed using the fingerprint hash that the same certificate is also in my local computers' certificate store ('my' store). Then I relinked TFS back via the Azure portal.
But I still get the same error. Any idea?
Update:
I also tried a few additional steps, nothing seems to be working :(
Deleted the entire cloud service
Created a new cloud service (with same name)
VS2012 deployed to the cloud service on both production and staging (because I need to service operational for front use and back testing)
Verified the Windows Azure Tools certificate in the portal's cloud service 'certificate' section (which matches my local copy). I understand this will be different from the one between TFS and Azure
Went to TFSPreview.com => top left gear => project administration => services => no linked services seen
Went to user profiles => connections => OAuth connection listed (MANAGE-PROD CLOUDAPP by Windows Azure) => removed it
Within the Azure portal, linked the newly setup cloud service back to TFSPreview.com
Locally in VS2012, disconnected TFS ('team' => 'disconnect')
Locally in VS2012, logged out of TFS ('team' => 'connect' => 'sign out' at the bottom)
Signed back into TFS, connected to the team project
Made a trivial change => check in => triggered continuous deploy
=> Same error as before :?
Thanks
TFS Preview is not using the same cert you have on your local dev box. When you connect the accounts Azure gives TFS a different cert and it is possible that is the one that has expired or is no longer there. If you have multiple projects connected to Azure the only option is to go into the admin site on TFSPreview (the gear in the upper right) and disconnect all projects that are connected to that subscription and then rerun the connection wizard. This will ensure we get a new valid certificate for your azure subscription. When you reconnect the subscription to the project we will find the existing build definitions and not create new ones.
I had the same issue and for me the solution was to renew the certificate. See here: http://support.microsoft.com/kb/2780289
This can happen if your certificate needs to be renewed in the Azure control panel.
It can also happen if you don't have a staging or production environment deployed first. I'm not entirely sure why since it deploys a new one, but this fixed the issue for me just now.
Related
I'm trying to publish an asp.net core app from Visual Studio 2022 to an Azure App Service using Azure AD Microsoft Identity Platform for authentication. At the Microsoft identity platform screen, its showing an error:
Failed to add password. Unable to save changes because the credential
limit has been reached. Please delete a credential and try again.
I'm not seeing where I can "delete" credentials. I'm also not sure if this is from my Azure App Service, or local machine. I searched my App Service on Azure, but couldn't find anything related to this.
Any ideas?
We have tested this in our local environment it is working fine, Below statements are based on our analysis.
We have created an Asp .Net core (in Visual Studio 2022) with managed identity as an authentication type in our local environment.
I'm not seeing where I can "delete" credentials.
I'm also not sure if this is from my Azure App Service or the local machine. I searched my App Service on Azure, but couldn't find anything related to this.
Before publishing the project, if you are configuring the Microsoft identity platform then you see an option to store the secrets in our local environment as shown below.
If you want to list those secrets in our local machine
Run the following command from the directory in which the project file exists:
dotnet user-secrets list
Here is the sample output for reference:
You can refer to this documentation for more information about Safe storage of app secrets in development in ASP.NET Core
If you want to configure the Microsoft identity platform at the time of publishing you will get an option to store this client secret as Azure App setting
As shown in the above GIF, while creating the secret from vs you will select the app registration to which this client secret needs to append.
Once the client secret got created you can check the secret value in the portal by routing to Active Directory > App registrations> select app registration Name(that you choose while creating from vs) >certificates & secrets.
you can delete the secret/credentials from there.
I've been successfully deploying my node.js GAE web app for months using gcloud app deploy. It's been a month or so since my last deployment and I've made a few updates since then that I want to get out. So I did my usual
gcloud app deploy
and it uploaded the files and then failed, giving me this error:
(gcloud.app.deploy) Error Response: [5] failed to getGaiaID for "<SERVICE NAME WAS HERE"": generic::not_found: Account disabled: 810593457260
At first I thought it was a payment issue - but my payment info is up to date. The only major change to the code I recall is that between this deploy and the last deployment, I started versioning the project with git and pushing to github.
Does anyone have any ideas? In particular, is there any reason Git or GitHub .git would interfere with a gcloud deployment?
Thanks
So, oddly enough, my account ended up not being disabled. My last three attempts at deploying all occurred at unsecured network locations (airport, hotel, convention center). Apparently, Google gives a disabled account warning when you try to deploy over an unsecure network
Therefore the command gcloud app deploy will not be successful when performed over an unsecure internet network.
Later, attempting to make a deploy over unsecure networks disabled the project in GAE. Since billing was in good standing, they continued to serve my content (and bill for it) but changes to the service were disabled.
To enable them again, follow the instructions:
To enable a service account, at minimum the user must be granted the Service Account Admin role (roles/iam.serviceAccountAdmin) or the Editor basic role (roles/editor)
In the Cloud Console, go to the Service accounts page.
Select the project
Click the name of the service account that you want to enable
Under Service account status, click Enable service account, then click Enable to confirm the change.
Other resources:
How to understand the service accounts
How to create and manage service accounts
We are using Azure Devops 2019 (App and data tiers are on different servers),We have done a domain migration due to which we had to change Devops URL from https:\Devops.OldDomain.com to https:\Devops.NewDomain.com
Below are the steps followed
Changed URL on IIS Devops Site and applied a third party certificate for https ( made sure certificates are added to trusted Root Cert)
Changed Public URL (changed the url to new Devops Url) from Devops admin console ( verified the access point from tbl_AccessMapping and updated it to new url)
Restarted the Devops server
Below are the issues identified
1)I have noticed build agents stopped working\offline and when I try to setup new agents, I see below
"An error occurred while sending the request.Failed to connect. Try again or ctrl-c to quit"
tried changing agent file to correct url (yet no luck)
2)When I launch Azure devops admin console I see below error
When I try to add Devops url from visual studio (Visual studio is installed inside Devops server) I see below error
"TF400324:Azure Devops services are not available from server, The underlying connection was closed"
Am I missing anything? I understand that some communication is missing between Application and Data tire, but I could not identify whats going wrong
Try to clear the following caches:
Clear TFS caches %LOCALAPPDATA%\Microsoft\Team Foundation\x.0\Cache
Delete the contents of the Cache directory, including all subfolders.
Regarding VS, close all Visual Studio instances, delete %LOCALAPPDATA%.IdentityService.
Reset IIS by pressing Win+R, and input iisreset in the Run.
I have a portal account, and a devlops account. Both happen to use the same login/password.
In the portal.azure.com, I have a working web service.
Under the web services "deployment-Deployment center" I select azure repos, azure pipelines as the build provider, set master branch etc.
It created a pipeline in my devlops which worked, i.e. it did NuGet restore, build solution, test assemblies, publish symbols path, publish artifact.
Great.
But it did not deploy the new build.
Clicking on "releases" in pipleines in devops, it was trying to use "Azure web app deploy" and giving an error that msbuild doesnt use the right format or similar. So I changed it to "Azure App Service Deploy".
Now I get a new error: Error: 'credentials' cannot be null.
There is no field for credentials.
It is using a publish profile.
Any ideas how I fix this?
here is the offending task:
There is no option to configure the missing credentials?
If I go to portal, and look at the "Deployment center", I see this:
If I click on "deployment credentials" I see this:
Which all looks good.
Any idea where the "null" credentials comes from?
Have you tried adding a new service connection in Project Settings and selecting Service Connections there? Even updating the Service connection created by Azure Portal threw an error for me.
In my case the issue was I did not have proper access rights to allow the connection between my pipeline and the Azure App. I was listed as a Contributor on the subscription. I contacted our company Devops and she updated the service connection without any issues because she was listed as an Owner or User Access Administrator.
Use "Azure Web App" task instead. Create a service connection using the publish profile route then use it within the task. Make sure you tick off "Deploy to Slot or App Service Environment" and it should work.
Have a read on this. They updated the services. You need to follow the Action Required.
I have a newly created Azure Cloud Service. A sample project has been deployed and everything is working fine.
I now need remote desktop access to the service. After enabling Remote Desktop connections through the Azure Portal, downloading and running the generated .rdp file in windows I get the error:
An authentication has occured (Code: 0x80004005)
From windows Remote Desktop.
Signing information has been checked and double checked, same result on multiple computers.
So, steps taken:
Created Cloud service with roles
Enabled Remote Desktop through the Azure portal
Downloaded and run .rdp file
Has anyone else experienced this and/or have any solutions?
So I found the solution.
When enabling remote desktop in the Azure portal, I had chosen a username that was not my email.
If I use my Azure account email as username, everything works perfectly.
After testing, in fact any email will do.