Issue on installing a build agent for TFS 2017 - tfs

I have a stand-alone single server TFS 2017 RTM installation on SQL Express. It is not in any domain, but on my laptop. Have brought it up for my own usage (for learning too). Set it up to run on a self-signed certificate for SSL.
Thought of setting up a vNext build agent on the same machine. I remember somewhere in my brain that build machine should be not in the TFS app tier, to reduce surface attack. Well I don't really bother now about surface attacks. But rather I need a working TFS with build setup as well.
While configuring after entering the URL (https URL), I get prompted for authentication type. I typed Negotiate. After entering credentials, I get below error.
TF400813: Resource not available for anonymous access. Client authentication required.
Upon using Integrated for the authentication type, I get below error.
An error occurred while sending the request.
Failed to connect. Try again or ctrl-c to quit
When I use the http site for URL I get below error for both the authentication types.
Connecting to server ...
Found
Failed to connect. Try again or ctrl-c to quit
I am able to ping to my URL.
Below is the error log from _diag folder.
[2016-11-23 19:53:40Z INFO CredentialManager] Creating type Integrated
[2016-11-23 19:53:40Z INFO CredentialManager] Creating credential type: Integrated
[2016-11-23 19:53:40Z INFO IntegratedCredential] GetVssCredentials
[2016-11-23 19:53:40Z INFO ConfigurationManager] cred retrieved
[2016-11-23 19:53:40Z INFO Terminal] WRITE LINE: Connecting to server ...
[2016-11-23 19:53:41Z INFO CommandSettings] Flag 'unattended': 'False'
[2016-11-23 19:53:41Z ERR Terminal] WRITE ERROR (exception):
[2016-11-23 19:53:41Z ERR Terminal] Microsoft.VisualStudio.Services.WebApi.VssServiceResponseException: Found
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage response)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__42`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.<ConnectAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.AgentServer.<ConnectAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.<TestConnectAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.<ConfigureAsync>d__7.MoveNext()

Try to disable anonymous authentication and enable windows authentication for your TFS.
Since you set up TFS for your own usage, you can consider using Visual Studio Team Service instead of on-premise TFS. VSTS is free for 5 users.

Try using PAT for the authentication type, and get the personal access token, from the Security page in your profile menu. Using Selected scope - Agent Pools (read, manage)
See http://go.microsoft.com/fwlink/?LinkID=825113
The personal access token is used to register the agent. One final step is suppying the credentials for the Agent Service.

There are a few things that could have gone wrong.
After following Remko's answer and proceeding with "PAT" switch to "Negotiate" method, if you still cant get it working due to "An error occurred while sending the request", it is probably due to certificate issue. In such case, you can simply skip the certificate validation step which happens internally with curl by passing the parameter -sslskipcertvalidaion like below.
./config.sh --sslskipcertvalidation
Here's reference documentation : running agent with self-signed certificate

Related

Docker Windows Installation Failed / Library not registered [Windows 10 Pro]

I am trying to install Docker for Windows 10 Pro. I have downloaded the Docker Desktop Installer.exe and when I run it with Administrator role I got the follwing error when it starts the installation, just after downloading and unpackaging the files.
Installation failed
Library not registered.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.RefreshCache()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoMachineInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)
at System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at CommunityInstaller.CreateGroupAction.<DoAsync>b__33_0()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at CommunityInstaller.InstallWorkflow.<HandleD4WPackageAsync>d__29.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at CommunityInstaller.InstallWorkflow.<ProcessAsync>d__24.MoveNext(
I have changed my Windows user Group to Administrators and I also updated Windows 10.
Any help would be appreciated
Regards

Getting An Error When Trying To Configure A TFS Agent On Windows 10

I have a self-hosted TFS for which I am trying to configure an agent on a Windows 10 machine. I run the configuration script. I enter the URL to my TFS instance, and I select the default authentication type. The script attempts to connect, but it returns with the error message: "TFS Resource not available for anonymous access. Client authentication required."
I can get to the URL I entered into the script through a web browser, so I know that the machine can access it. I used fiddler to monitor traffic, while the script was attempting to connect to the URL. Fiddler showed the URL (http://{mydomain}/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1) that the script was trying to connect to. When I click it, the URL opens in the browser. When I enter in my credentials, I get a JSON response that I don't get when the script tries to access that URL. The script's request returns an error page, according to fiddler. The script never asks me for my credentials, unlike my attempt to access the URL in fiddler through the browser.
I did check the configuration of the authentication of the IIS website on which my TFS URL is hosted. It has anonymous access enabled, windows authentication enabled with NTLM as the the provider, and other methods are disabled. I did try adding Negotiate as a windows authentication provider but that did not fix the problem.
I'm at a loss, regarding how to move past this issue. Any pointers, references, potential solutions, etc. would be greatly appreciated. Thanks.
Below is the code for the batch file that TFS provides for configuring an agent:
#echo off
rem ********************************************************************************
rem Unblock specific files.
rem ********************************************************************************
setlocal
if defined VERBOSE_ARG (
set VERBOSE_ARG='Continue'
) else (
set VERBOSE_ARG='SilentlyContinue'
)
rem Unblock the following types of files:
rem 1) The files in the root of the layout folder. E.g. .cmd files.
rem
rem 2) The PowerShell scripts delivered with the agent. E.g. capability scan scripts under "bin\"
rem and legacy handler scripts under "externals\vstshost\".
rem
rem 3) The DLLs potentially loaded from a PowerShell script (e.g. DLLs in Agent.ServerOMDirectory).
rem Otherwise, Add-Type may result in the following error:
rem Add-Type : Could not load file or assembly 'file:///[...].dll' or one of its dependencies.
rem Operation is not supported.
rem Reproduced on Windows 8 in PowerShell 4. Changing the execution policy did not appear to make
rem a difference. The error reproduced even with the execution policy set to Bypass. It may be a
rem a policy setting.
powershell.exe -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$VerbosePreference = %VERBOSE_ARG% ; Get-ChildItem -LiteralPath '%~dp0' | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -Recurse -LiteralPath '%~dp0bin', '%~dp0externals' | Where-Object { $_ -match '\.(ps1|psd1|psm1)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -LiteralPath '%~dp0externals\vstsom', '%~dp0externals\vstshost' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null"
if "%~1" equ "remove" (
rem ********************************************************************************
rem Unconfigure the agent.
rem ********************************************************************************
"%~dp0bin\Agent.Listener.exe" %*
) else (
rem ********************************************************************************
rem Configure the agent.
rem ********************************************************************************
"%~dp0bin\Agent.Listener.exe" configure %*
)
Console Output from the agent:
>> Connect:
Enter server URL > http://{mydomain}/
Enter authentication type (press enter for Integrated) >
Connecting to server ...
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect. Try again or ctrl-c to quit
Enter server URL > http://{mydomain}/
Enter authentication type (press enter for Integrated) > Negotiate
Enter user name > {myUserName}
Enter password > {myPassword}
Connecting to server ...
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect. Try again or ctrl-c to quit
Enter server URL >
Stack trace from the log file:
[2020-04-13 16:18:39Z ERR Terminal] Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: TF400813: Resource not available for anonymous access. Client authentication required.
at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.<SendAsync>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.<SendAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.Http.HttpClient.<FinishSendAsync>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__42`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.<ConnectAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.AgentServer.<ConnectAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.BuildReleasesAgentConfigProvider.<TestConnectionAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.<ConfigureAsync>d__7.MoveNext()
I've tried in an on-premise TFS deploying an agent, and found the default authentication type is Integrated, please try to use negotiate instead:
To fix this issue, I went into my TFS. Opened up IIS. Went to the web application that hosts the TFS portal. Clicked on authentication. Opened up the providers for Windows Authentication. I added negotiate to listed and moved it ahead of NTLM. I reset the website on which the application resides. If negotiate is not ahead of NTLM, any connection to my server URL would treated as though I automatically cancelled the authentication prompt.
I went back to the machine that I wanted to configure the agent. I ran the configure script as administrator. I entered the server URL. I told the configuration script to use negotiate as the authentication type. I entered my credentials. The connection worked. The rest of the process proceeded as it should have.

Docker installation on Windows 10

I am trying to install Docker on Windows 10 Enterprise Edition but got following exception.
Installation failed
The Server service is not started.
at System.DirectoryServices.DirectoryEntry.RefreshCache()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoMachineInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)
at System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at CommunityInstaller.CreateGroupAction.<DoAsync>b__33_0()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at CommunityInstaller.InstallWorkflow.<HandleD4WPackageAsync>d__29.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at CommunityInstaller.InstallWorkflow.<ProcessAsync>d__24.MoveNext()
Please help me on this. Thanks
you have to go to services app and start server service if it disabled like the pic
you should start by double click on server service and choose automatic and press okay
and it will work with u
There can be any issues.
One issue could because the windows service Server was disabled.
FIX: Enable it and start on Service App.

Running Vsts agent on nano server

I am looking to run vsts agent on docker image with nano server on it. The container already has .Net Core installed on it. I downloaded vsts agent using the Download Agent and config.cmd command. Got the following error
An error occurred while sending the request. Failed to connect. Try again or ctrl-c to quit
Here are the details
Windows Version: Microsoft Windows [Version 10.0.14393]
.Net Core Version : 1.0.1
.Net Core Build : cee57bf6c981237d80aa1631cfe83cb9ba329f12
Looking at Diagnostics log, I get the following error
[2016-10-18 07:29:46Z ERR Terminal] System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: The parameter is incorrect
at System.Net.Http.WinHttpAuthHelper.SetWinHttpCredential(SafeWinHttpHandle requestHandle, ICredentials credentials, Uri uri, UInt32 authScheme, UInt32 authTarget)
at System.Net.Http.WinHttpAuthHelper.CheckResponseForAuthentication(WinHttpRequestState state, UInt32& proxyAuthScheme, UInt32& serverAuthScheme)
at System.Net.Http.WinHttpHandler.d__101.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.Http.HttpClient.d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.d__421.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.AgentServer.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.d__7.MoveNext()
[2016-10-18 07:29:46Z ERR Terminal] WRITE ERROR: Failed to connect. Try again or ctrl-c to quit
Can anyone help please?
I had it raised as an issue with the product team.
https://github.com/Microsoft/vsts-agent/issues/483
The scenario is not supported as yet. I.e VSTS agents can't run Windows Nano Server. Following are excerpt from the response the team
"It's likely not just this issue. The Windows build of the agent currently makes an assumption that Full .NET is installed. It has validation checks that verify that .NET >= 4.5 is installed. It sounds like it's missing validation to distinguish between .NET Full and .NET Core.
My understanding is that Nano doesn't have .NET Full, and only has .NET Core. We'll need to take a pass through the agent, given Nano constraints, and figure out what it means for an agent running on Nano."

TFS Build agent throws "unauthorized" exception

We have upgraded our TFS 2013 server to TFS 2015 and we are setting up the new build agents.
Prior to this we performed a trial run and got everything working reasonably well before we did the final conversion of our existing TFS database. The build agent worked perfectly fine.
To our surprise, our build agent no longer co-operates post-upgrade. Creating a trivial build definition and assigning it to the default queue results in an error being raised after 10-15 seconds.
We have tried re-deploying the build agent, play around with permissions and users, but to no avail.
All we get is this in the _diag\ logs:
11:18:09.699993 JobManager.StartJob(job.JobId = a9702f31-2dff-4057-8253-a32ebc106f32)
11:18:09.699993 JobInfo.ctor
11:18:09.699993 JobInfo.ctor - leave
11:18:09.699993 JobManager.StartJob - calling JobWriter.StartJob
11:18:09.699993 JobWriter.StartJob - enter
11:18:09.699993 JobWriter.StartJob - (SKIPPING)first renew
11:18:09.715619 JobWriter.StartJob - start continual renewing
11:18:09.715619 AuthorizationType : OAuth
11:18:09.731245 ---------------------------------------------------------------------------
11:18:09.731245 Microsoft.VisualStudio.Services.WebApi.VssServiceResponseException: Unauthorized
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage response)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__79.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__76`1.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Client.VssServerDataProvider.<ConnectAsync>d__39.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.Common.ConnectionHelper.GetConnection(Uri serverUri, VssCredentials credentials)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.JobWriter.StartJob()
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage response)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__79.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__76`1.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Client.VssServerDataProvider.<ConnectAsync>d__39.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.Common.ConnectionHelper.GetConnection(Uri serverUri, VssCredentials credentials)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.JobWriter.StartJob()
11:18:09.731245 ---------------------------------------------------------------------------
Running interactively or as a service makes no difference. I have enlisted the build agent's service user as a member of the 'Agent Pool Service Accounts' role.
I believe this is the offending request:
GET https://tfs:8443/tfs/DefaultCollection/_apis/connectionData?connectOptions=IncludeServices&lastChangeId=-1&lastChangeId64=-1 HTTP/1.1
User-Agent: VSServices/14.102.25423.0 (VsoAgent.exe) VsoAgent.exe/1.95.3
Accept-Language: en-US, nb-NO
X-TFS-FedAuthRedirect: Suppress
X-TFS-Session: 7a2e6368-a564-4231-bbd6-xxxxxxxxxx
X-VSS-Agent: VSS: b5d9c453-017f-407c-ac00-b479d0d0e8ed
Authorization: [huge bytesequence]
Host: tfs:8443
Accept-Encoding: gzip
This is rewarded with a 401. My own adminuser however is able to load this URI just fine.
My own admin user is the one I used when I set up the agent. I have also tried launching vsoagent.exe interactively from this user... But no go. Reading between the lines (and looking at some of the roles) there is a user that bares the name of the machine that the agent runs on. I guess this user was created at first and is the one that is actually used. How do I get this situation under control?
EDIT: If I run vsoagent.exe interactively from a user that is NOT included in the pool's list of "Agent Pool Service Accounts", then the agent immediately errs out with Access denied. admrunem needs Listen permissions for pool Regular to perform the action. For more information, contact the Team Foundation Server administrator.. Adding admrunem to the list gets me a little further, namely to the error message that I am trying to diagnose (The "unauthorized" exception). Note: It uses NTLM authorization at this point, then for the fatal call seems to switch to OAUTH.
Check that "Windows authentication" is enabled on Team Foundation Server IIS website. That fixed the issue for us.
Make sure the account that the agent is run under is in the "Agent Pool Service Account" role.
Make sure the queue is provisioned in the collection ( https://your-tfs-server:8080/tfs/your-collection/_admin/_AgentQueue ). If not - select "New queue.." and select the existing queue.
Make sure you deploy the Windows build agent by exactly following this article.
Try to change a domain account which is a member of the Build Agent Service Accounts group and belongs to "Agent Pool Service Account" role, to see whether the agent would work or not.

Resources