Error with Azure DevOps 2020 onPremise
andresof opened this issue · 2 comments
Hi,
I upgraded Azure DevOps on premise from version 2019 to 2020.1. Now we have problems with the Initialize Job task on release. The log is
2021-04-07T15:43:13.2796823Z ##[error]Downloading artifacts failed: System.AggregateException: One or more errors occurred. (You do not have permissions to perform this operation on the service connection. An Endpoint Administrator should add you to the Endpoint Readers group of this service connection.) ---> Microsoft.VisualStudio.Services.Security.AccessCheckException: You do not have permissions to perform this operation on the service connection. An Endpoint Administrator should add you to the Endpoint Readers group of this service connection.
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponseAsync(HttpResponseMessage response, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpMethod method, IEnumerable`1 additionalHeaders, Guid locationId, Object routeValues, ApiResourceVersion version, HttpContent content, IEnumerable`1 queryParameters, Object userState, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Agent.Worker.Release.ReleaseServer.GetReleaseArtifactsFromService(Int32 releaseId, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.Agent.Worker.Release.ReleaseJobExtension.GetReleaseArtifacts(IExecutionContext executionContext)
---> (Inner Exception #0) Microsoft.VisualStudio.Services.Security.AccessCheckException: You do not have permissions to perform this operation on the service connection. An Endpoint Administrator should add you to the Endpoint Readers group of this service connection.
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponseAsync(HttpResponseMessage response, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpMethod method, IEnumerable`1 additionalHeaders, Guid locationId, Object routeValues, ApiResourceVersion version, HttpContent content, IEnumerable`1 queryParameters, Object userState, CancellationToken cancellationToken)<---
2021-04-07T15:43:13.2851674Z ##[error]One or more errors occurred. (You do not have permissions to perform this operation on the service connection. An Endpoint Administrator should add you to the Endpoint Readers group of this service connection.)
So far, I tried the same thing in a developer stage azure devops 2019 and we don't have issues. So, I think that the extension have a compability problem. We are making the connection to a Azure Devops 2020.1 on cloud through token connection.
I am experiencing the exact same symptoms.
I first experienced it testing an upgrade from TFS 2017 (update 2) to DevOps Server 2020.0.1 last week. The artifact link was to a DevOps Server 2019 instance.
To investigate further, I created 2 new DevOps Server 2020.0.1 (x64) instances. The 1st instance is my repo\build server, the 2nd the "Deployment" server. I just completed testing and encountered the same error. The agent and worker logs (machine/user names masked) are attached.
Worker_20210408-022900-utc.log
Agent_20210408-021222-utc.log
The setup on the 2nd instance is:
Service connection
| Property | Value |
|---|---|
| Type | Azure Repos/Team Foundation Server |
| Authentication | Token Based Authentication (Full Access) |
| Connect URL | 1st instance |
| Security | Both the Endpoint Administrators group and my domain account are assigned the "Administrator" role. |
| Pipeline | Permissions: Any pipeline may use this resource |
| Project | Permissions: Only current project. |
Agent
| Property | Value |
|---|---|
| Version | 2.170.1 |
| Run mode | Command line via Run.cmd |
| User | My domain account |
Release pipeline
The test release pipeline has an ExternalTfsBuild artifact linked to a build on the 1st instance. The latest version of the TFS artifacts for Release Management extension is installed.
FYI, my issue was resolved by adding user: Project Collection Build Service (MyProject); to the "User" role of the service connection my release is accessing via the ExternalTfsBuild artifact link.