TFS 2015. I am installing a VSO agent on build server. This agent needs to run under its own AD account. The agent installs fine but it appears offline in TFS. Logs contain the following error:
> 16:32:37.077613
> --------------------------------------------------------------------------- 16:32:37.077613
> Microsoft.VisualStudio.Services.WebApi.VssServiceResponseException:
> Unknown Host
>
> 16:32:37.077613 at
> Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage
> response)
>
> 16:32:37.077613 at
> Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__79.MoveNext()
>
> 16:32:37.077613 --- End of stack trace from previous location where
> exception was thrown ---
>
> 16:32:37.077613 at
> System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
>
> 16:32:37.077613 at
> System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
> task)
>
> 16:32:37.077613 at
> Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__76`1.MoveNext()
>
> 16:32:37.077613 --- End of stack trace from previous location where
> exception was thrown ---
>
> 16:32:37.077613 at
> System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
When I run the agent under my admin account order under network service account then it goes online. Also, in these cases the above exception doesn't appear in logs. I added service account user to service pool's Agent Pool Administartor and Agent pool Service Account groups but this didn't help. What permissions does it miss?
Related
Installed latest version of the Android Studio.
Android Studio Bumblebee | 2021.1.1 Canary 13
Build #AI-211.7628.21.2111.7762732, built on September 24, 2021
Runtime version: 11.0.11+9-b60-7590822 amd64
VM: OpenJDK 64-Bit Server VM by Oracle Corporation
Windows 10 10.0
GC: G1 Young Generation, G1 Old Generation
Memory: 1280M
Cores: 8
Registry: external.system.auto.import.disabled=true
Non-Bundled Plugins: org.jetbrains.kotlin (211-1.5.31-release-551-AS7442.40)
Unable to build the project: Build is failing everytime. Below is the error log:
Checked the proxy setting, seems not needed because SDK updates & Gradle sync are happening without any issues.
Please advice if I'm missing anything.
> Executing tasks: [:app:assembleDebug] in project C:\MyOrganizer
>
> IOException:
> https://dl.google.com/android/repository/addons_list-5.xml
> java.net.ConnectException: Connection refused: connect IOException:
> https://dl.google.com/android/repository/addons_list-4.xml
> java.net.ConnectException: Connection refused: connect IOException:
> https://dl.google.com/android/repository/addons_list-3.xml
> java.net.ConnectException: Connection refused: connect IOException:
> https://dl.google.com/android/repository/addons_list-2.xml
> java.net.ConnectException: Connection refused: connect IOException:
> https://dl.google.com/android/repository/addons_list-1.xml
> java.net.ConnectException: Connection refused: connect Failed to
> download any source lists! IO exception while downloading manifest:
> java.net.ConnectException: Connection refused: connect at
> java.base/java.net.PlainSocketImpl.connect0(Native Method) at
> java.base/java.net.PlainSocketImpl.socketConnect(PlainSocketImpl.java:101)
> at
> java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
> at
> java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
> at
> java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
> at java.base/java.net.Socket.connect(Socket.java:609) at
> java.base/java.net.Socket.connect(Socket.java:558) at
> java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:182) at
> java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
> at java.base/sun.net.www.http.HttpClient$1.run(HttpClient.java:526)
> at java.base/sun.net.www.http.HttpClient$1.run(HttpClient.java:524)
> at java.base/java.security.AccessController.doPrivileged(Native
> Method) at
> java.base/sun.net.www.http.HttpClient.privilegedOpenServer(HttpClient.java:523)
> at
> java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:564)
> at
> java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:265)
> at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:203)
> at
> java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1232)
> at
> java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081)
> at
> java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:189)
> at
> java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
> at
> com.android.sdklib.repository.legacy.remote.internal.DownloadCache.openUrl(DownloadCache.java:245)
> at
> com.android.sdklib.repository.legacy.remote.internal.DownloadCache.downloadAndCache(DownloadCache.java:622)
> at
> com.android.sdklib.repository.legacy.remote.internal.DownloadCache.openCachedUrl(DownloadCache.java:545)
> at
> com.android.sdklib.repository.legacy.LegacyDownloader.downloadAndStream(LegacyDownloader.java:65)
> at
> com.android.repository.impl.downloader.LocalFileAwareDownloader.downloadAndStream(LocalFileAwareDownloader.java:51)
> at
>
>
> * Get more help at https://help.gradle.org
>
> BUILD FAILED in 14s
Please advice a fix. Thanks
You should go to SDK Manager and install the new Platform-tools
Go to File -> Project Structure -> Modules and select the Properties Tab from the top of the right column
Choose your Build Tools Version and click on ok.
I have a self-hosted TFS for which I am trying to configure an agent on a Windows 10 machine. I run the configuration script. I enter the URL to my TFS instance, and I select the default authentication type. The script attempts to connect, but it returns with the error message: "TFS Resource not available for anonymous access. Client authentication required."
I can get to the URL I entered into the script through a web browser, so I know that the machine can access it. I used fiddler to monitor traffic, while the script was attempting to connect to the URL. Fiddler showed the URL (http://{mydomain}/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1) that the script was trying to connect to. When I click it, the URL opens in the browser. When I enter in my credentials, I get a JSON response that I don't get when the script tries to access that URL. The script's request returns an error page, according to fiddler. The script never asks me for my credentials, unlike my attempt to access the URL in fiddler through the browser.
I did check the configuration of the authentication of the IIS website on which my TFS URL is hosted. It has anonymous access enabled, windows authentication enabled with NTLM as the the provider, and other methods are disabled. I did try adding Negotiate as a windows authentication provider but that did not fix the problem.
I'm at a loss, regarding how to move past this issue. Any pointers, references, potential solutions, etc. would be greatly appreciated. Thanks.
Below is the code for the batch file that TFS provides for configuring an agent:
#echo off
rem ********************************************************************************
rem Unblock specific files.
rem ********************************************************************************
setlocal
if defined VERBOSE_ARG (
set VERBOSE_ARG='Continue'
) else (
set VERBOSE_ARG='SilentlyContinue'
)
rem Unblock the following types of files:
rem 1) The files in the root of the layout folder. E.g. .cmd files.
rem
rem 2) The PowerShell scripts delivered with the agent. E.g. capability scan scripts under "bin\"
rem and legacy handler scripts under "externals\vstshost\".
rem
rem 3) The DLLs potentially loaded from a PowerShell script (e.g. DLLs in Agent.ServerOMDirectory).
rem Otherwise, Add-Type may result in the following error:
rem Add-Type : Could not load file or assembly 'file:///[...].dll' or one of its dependencies.
rem Operation is not supported.
rem Reproduced on Windows 8 in PowerShell 4. Changing the execution policy did not appear to make
rem a difference. The error reproduced even with the execution policy set to Bypass. It may be a
rem a policy setting.
powershell.exe -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$VerbosePreference = %VERBOSE_ARG% ; Get-ChildItem -LiteralPath '%~dp0' | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -Recurse -LiteralPath '%~dp0bin', '%~dp0externals' | Where-Object { $_ -match '\.(ps1|psd1|psm1)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -LiteralPath '%~dp0externals\vstsom', '%~dp0externals\vstshost' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null"
if "%~1" equ "remove" (
rem ********************************************************************************
rem Unconfigure the agent.
rem ********************************************************************************
"%~dp0bin\Agent.Listener.exe" %*
) else (
rem ********************************************************************************
rem Configure the agent.
rem ********************************************************************************
"%~dp0bin\Agent.Listener.exe" configure %*
)
Console Output from the agent:
>> Connect:
Enter server URL > http://{mydomain}/
Enter authentication type (press enter for Integrated) >
Connecting to server ...
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect. Try again or ctrl-c to quit
Enter server URL > http://{mydomain}/
Enter authentication type (press enter for Integrated) > Negotiate
Enter user name > {myUserName}
Enter password > {myPassword}
Connecting to server ...
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect. Try again or ctrl-c to quit
Enter server URL >
Stack trace from the log file:
[2020-04-13 16:18:39Z ERR Terminal] Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: TF400813: Resource not available for anonymous access. Client authentication required.
at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.<SendAsync>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.<SendAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.Http.HttpClient.<FinishSendAsync>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__42`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.<ConnectAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.AgentServer.<ConnectAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.BuildReleasesAgentConfigProvider.<TestConnectionAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.<ConfigureAsync>d__7.MoveNext()
I've tried in an on-premise TFS deploying an agent, and found the default authentication type is Integrated, please try to use negotiate instead:
To fix this issue, I went into my TFS. Opened up IIS. Went to the web application that hosts the TFS portal. Clicked on authentication. Opened up the providers for Windows Authentication. I added negotiate to listed and moved it ahead of NTLM. I reset the website on which the application resides. If negotiate is not ahead of NTLM, any connection to my server URL would treated as though I automatically cancelled the authentication prompt.
I went back to the machine that I wanted to configure the agent. I ran the configure script as administrator. I entered the server URL. I told the configuration script to use negotiate as the authentication type. I entered my credentials. The connection worked. The rest of the process proceeded as it should have.
I have a stand-alone single server TFS 2017 RTM installation on SQL Express. It is not in any domain, but on my laptop. Have brought it up for my own usage (for learning too). Set it up to run on a self-signed certificate for SSL.
Thought of setting up a vNext build agent on the same machine. I remember somewhere in my brain that build machine should be not in the TFS app tier, to reduce surface attack. Well I don't really bother now about surface attacks. But rather I need a working TFS with build setup as well.
While configuring after entering the URL (https URL), I get prompted for authentication type. I typed Negotiate. After entering credentials, I get below error.
TF400813: Resource not available for anonymous access. Client authentication required.
Upon using Integrated for the authentication type, I get below error.
An error occurred while sending the request.
Failed to connect. Try again or ctrl-c to quit
When I use the http site for URL I get below error for both the authentication types.
Connecting to server ...
Found
Failed to connect. Try again or ctrl-c to quit
I am able to ping to my URL.
Below is the error log from _diag folder.
[2016-11-23 19:53:40Z INFO CredentialManager] Creating type Integrated
[2016-11-23 19:53:40Z INFO CredentialManager] Creating credential type: Integrated
[2016-11-23 19:53:40Z INFO IntegratedCredential] GetVssCredentials
[2016-11-23 19:53:40Z INFO ConfigurationManager] cred retrieved
[2016-11-23 19:53:40Z INFO Terminal] WRITE LINE: Connecting to server ...
[2016-11-23 19:53:41Z INFO CommandSettings] Flag 'unattended': 'False'
[2016-11-23 19:53:41Z ERR Terminal] WRITE ERROR (exception):
[2016-11-23 19:53:41Z ERR Terminal] Microsoft.VisualStudio.Services.WebApi.VssServiceResponseException: Found
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage response)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__42`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.<ConnectAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.AgentServer.<ConnectAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.<TestConnectAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.<ConfigureAsync>d__7.MoveNext()
Try to disable anonymous authentication and enable windows authentication for your TFS.
Since you set up TFS for your own usage, you can consider using Visual Studio Team Service instead of on-premise TFS. VSTS is free for 5 users.
Try using PAT for the authentication type, and get the personal access token, from the Security page in your profile menu. Using Selected scope - Agent Pools (read, manage)
See http://go.microsoft.com/fwlink/?LinkID=825113
The personal access token is used to register the agent. One final step is suppying the credentials for the Agent Service.
There are a few things that could have gone wrong.
After following Remko's answer and proceeding with "PAT" switch to "Negotiate" method, if you still cant get it working due to "An error occurred while sending the request", it is probably due to certificate issue. In such case, you can simply skip the certificate validation step which happens internally with curl by passing the parameter -sslskipcertvalidaion like below.
./config.sh --sslskipcertvalidation
Here's reference documentation : running agent with self-signed certificate
We have upgraded our TFS 2013 server to TFS 2015 and we are setting up the new build agents.
Prior to this we performed a trial run and got everything working reasonably well before we did the final conversion of our existing TFS database. The build agent worked perfectly fine.
To our surprise, our build agent no longer co-operates post-upgrade. Creating a trivial build definition and assigning it to the default queue results in an error being raised after 10-15 seconds.
We have tried re-deploying the build agent, play around with permissions and users, but to no avail.
All we get is this in the _diag\ logs:
11:18:09.699993 JobManager.StartJob(job.JobId = a9702f31-2dff-4057-8253-a32ebc106f32)
11:18:09.699993 JobInfo.ctor
11:18:09.699993 JobInfo.ctor - leave
11:18:09.699993 JobManager.StartJob - calling JobWriter.StartJob
11:18:09.699993 JobWriter.StartJob - enter
11:18:09.699993 JobWriter.StartJob - (SKIPPING)first renew
11:18:09.715619 JobWriter.StartJob - start continual renewing
11:18:09.715619 AuthorizationType : OAuth
11:18:09.731245 ---------------------------------------------------------------------------
11:18:09.731245 Microsoft.VisualStudio.Services.WebApi.VssServiceResponseException: Unauthorized
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage response)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__79.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__76`1.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Client.VssServerDataProvider.<ConnectAsync>d__39.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.Common.ConnectionHelper.GetConnection(Uri serverUri, VssCredentials credentials)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.JobWriter.StartJob()
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage response)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__79.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__76`1.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Client.VssServerDataProvider.<ConnectAsync>d__39.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.Common.ConnectionHelper.GetConnection(Uri serverUri, VssCredentials credentials)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.JobWriter.StartJob()
11:18:09.731245 ---------------------------------------------------------------------------
Running interactively or as a service makes no difference. I have enlisted the build agent's service user as a member of the 'Agent Pool Service Accounts' role.
I believe this is the offending request:
GET https://tfs:8443/tfs/DefaultCollection/_apis/connectionData?connectOptions=IncludeServices&lastChangeId=-1&lastChangeId64=-1 HTTP/1.1
User-Agent: VSServices/14.102.25423.0 (VsoAgent.exe) VsoAgent.exe/1.95.3
Accept-Language: en-US, nb-NO
X-TFS-FedAuthRedirect: Suppress
X-TFS-Session: 7a2e6368-a564-4231-bbd6-xxxxxxxxxx
X-VSS-Agent: VSS: b5d9c453-017f-407c-ac00-b479d0d0e8ed
Authorization: [huge bytesequence]
Host: tfs:8443
Accept-Encoding: gzip
This is rewarded with a 401. My own adminuser however is able to load this URI just fine.
My own admin user is the one I used when I set up the agent. I have also tried launching vsoagent.exe interactively from this user... But no go. Reading between the lines (and looking at some of the roles) there is a user that bares the name of the machine that the agent runs on. I guess this user was created at first and is the one that is actually used. How do I get this situation under control?
EDIT: If I run vsoagent.exe interactively from a user that is NOT included in the pool's list of "Agent Pool Service Accounts", then the agent immediately errs out with Access denied. admrunem needs Listen permissions for pool Regular to perform the action. For more information, contact the Team Foundation Server administrator.. Adding admrunem to the list gets me a little further, namely to the error message that I am trying to diagnose (The "unauthorized" exception). Note: It uses NTLM authorization at this point, then for the fatal call seems to switch to OAUTH.
Check that "Windows authentication" is enabled on Team Foundation Server IIS website. That fixed the issue for us.
Make sure the account that the agent is run under is in the "Agent Pool Service Account" role.
Make sure the queue is provisioned in the collection ( https://your-tfs-server:8080/tfs/your-collection/_admin/_AgentQueue ). If not - select "New queue.." and select the existing queue.
Make sure you deploy the Windows build agent by exactly following this article.
Try to change a domain account which is a member of the Build Agent Service Accounts group and belongs to "Agent Pool Service Account" role, to see whether the agent would work or not.
My configuration is SonarQube 3.1.1, Build Stability plugin 1.2, Jenkins 1.467
I have configured the settings for the build stability plugin at the project level as mentioned at http://docs.codehaus.org/display/SONAR/Build+Stability+Plugin
Console output for this analysis has the following error for this plugin :
> [INFO] [05:17:18.108] CI URL: Jenkins:http://<host>/job/<job-name>/
>
> [ERROR] [05:17:18.702] Received 403 when trying to access
> http://<host>/job/<job-name>//lastBuild/api/xml/
> org.sonar.api.utils.SonarException: Received 403 when trying to access
> http://<host>/job/<job-name>//lastBuild/api/xml/ at
> org.sonar.plugins.buildstability.ci.CiConnector.execute(CiConnector.java:132)
> ~[na:na] at
> org.sonar.plugins.buildstability.ci.CiConnector.executeGet(CiConnector.java:120)
> ~[na:na] at
> org.sonar.plugins.buildstability.ci.CiConnector.getLastBuild(CiConnector.java:68)
> ~[na:na] at
> org.sonar.plugins.buildstability.ci.CiConnector.getBuildsSince(CiConnector.java:106)
> ~[na:na] at
> org.sonar.plugins.buildstability.BuildStabilitySensor.analyse(BuildStabilitySensor.java:105)
> ~[na:na] at
> org.sonar.batch.phases.SensorsExecutor.execute(SensorsExecutor.java:64)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.phases.Phases.execute(Phases.java:93)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrap.ProjectModule.doStart(ProjectModule.java:139)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrap.Module.start(Module.java:83)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrap.BatchModule.analyze(BatchModule.java:115)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrap.BatchModule.doStart(BatchModule.java:105)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrap.Module.start(Module.java:83)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrap.BootstrapModule.doStart(BootstrapModule.java:111)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrap.Module.start(Module.java:83)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrapper.Batch.startBatch(Batch.java:73)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.batch.bootstrapper.Batch.execute(Batch.java:60)
> [sonar-batch-3.1.1.jar:na] at
> org.sonar.maven3.SonarMojo.execute(SonarMojo.java:142)
> [sonar-maven3-plugin-3.1.1.jar:na] at
> org.codehaus.mojo.sonar.Bootstraper.executeMojo(Bootstraper.java:104)
> [sonar-maven-plugin-2.2.jar:na] at
> org.codehaus.mojo.sonar.Bootstraper.start(Bootstraper.java:67)
> [sonar-maven-plugin-2.2.jar:na] at
> org.codehaus.mojo.sonar.SonarMojo.execute(SonarMojo.java:109)
> [sonar-maven-plugin-2.2.jar:na] at
> org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)
> [maven-core-3.0.4.jar:3.0.4] at
> org.apache.maven.cli.MavenCli.execute(MavenCli.java:537)
> [maven-embedder-3.0.4.jar:3.0.4] at
> org.apache.maven.cli.MavenCli.doMain(MavenCli.java:196)
> [maven-embedder-3.0.4.jar:3.0.4] at
> org.apache.maven.cli.MavenCli.main(MavenCli.java:141)
> [maven-embedder-3.0.4.jar:3.0.4] at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.6.0_33] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ~[na:1.6.0_33] at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ~[na:1.6.0_33] at java.lang.reflect.Method.invoke(Method.java:597)
> ~[na:1.6.0_33] at
> org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:290)
> [plexus-classworlds-2.4.jar:na] at
> org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:230)
> [plexus-classworlds-2.4.jar:na] at
> org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:409)
> [plexus-classworlds-2.4.jar:na] at
> org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:352)
> [plexus-classworlds-2.4.jar:na] [INFO] [05:17:18.704] Sensor
> org.sonar.plugins.buildstability.BuildStabilitySensor#1188d9a3 done:
> 597 ms
Link : http://<host>/job/<job-name>//lastBuild/api/xml/ is accessible through web browser and is a correct url.
I even provided -Dsonar.login=admin -Dsonar.password=admin in the sonar configuration of the build, but still the same error appears.
Any help is appreciated.
Looks like the Sonar authentication fails depending on the security you use on your Jenkins server. I believe it's possible to set sonar.build-stability.use_jsecuritycheck=true if Jenkins security realm is delegated to the servlet container (tomcat server.xml).
In my own case, I had no choice but using the standard security (Jenkins database), and I had trouble when I configured SonarQube Build Stability, even when I was sure to use the right URL with matching credentials.
Then I tried another Build Stability configuration, removing user and password, and including the credentials in URL :
Jenkins:http(s)://<user>:<pass>#<hostname>/job/<jobname>
...fail...
Finally I tried another url pattern, using the given api token (user configuration in jenkins) instead of password :
Jenkins:http(s)://<user>:<api-token>#<hostname>/job/<jobname>
This last try was a success. I even removed my SonarQube user from the global security list in Jenkins and just gave it read/discover right at project level, and it still worked.
It doesn't fill my deep desire to fill the "username/password" in the Sonar config (I WANT to use these fields...) anyway it's more secured than granting anonymous access. But still, there is a security token in the URL so the security is not as good as I want.
Hope it helped.
Edit
1) With the Jenkins Role Strategy plugin, the user needs the overall read permission in addition to the project read permission.
2) When Jenkins delegates authentication to servlet container and you set sonar.build-stability.user_jsecuritycheck=true in Sonar, you will probably get an error with Build Stability v1.2. A wrong url is generated when it tries to authenticate on Jenkins (one / is missing in the url, generating something like http://<my_host>/jenkinsloginEntry instead of http://<my_host>/jenkins/loginEntry). Should be fixed in v1.3.
I'm facing the same issue. If it can help, here a workaround: in Jenkins > Manage Jenkins > Configure Global Security, grant Anonymous user to read both Overall and Job.