I have created a Azure Container Registry in my Azure subscription and wanted to use Azure Devops to build and push my containers. I am trying to create a service connection however when selecting my subscription the screen states "No registries found"
I also tried to create a pipeline using the Docker (Build and push an image to ACR) and this screen also cannot find my registry.
The registry exists and was created as a "Basic" SKU. I have tried other SKUs as well with no luck.
Any ideas of what I can do to be able to select my registry in Devops?
This could be caused by an expired token. Generally, we can try below ways to get it work (force refresh the token).
Go to Azure DevOps user profile page and switch to another directory, and then switch it back again. During the operation, it will force you to sign out and sign in again. Thus, it will refresh the token from AAD. If you have multiple directories here, then please do the same actions one by one, and then switch it back to the original directory (AAD) which you Azure DevOps organization needs to be backed to. After that try it again
Go to the affected ACR from Azure portal, then disable and re-enable admin account. (Click Update -> Enable/Disable the “Admin user” -> Save -> Disable/Enable the “Admin user” again -> Save). After that refresh the DevOps page and check if it works now.
Related
I'm trying to create a release pipeline in DevOps, that releases packages to LCS. The normal Dynamics 365 FO way of working. The issue is, I don't have an admin account without MFA that can be used to do this. Which roles or general setup, should I set on the AAD user, to be able to create the release? Currently I'm getting the AADSTS7000218 error.
I created a user that doesn't have MFA and I expect to add certain roles to be able to use this user for creating releases in DevOps.
In Azure DevOps, to create release pipeline you need "Edit release pipeline" permission set to Allow. And you need to be at least a Basic user.
And as per the document, AADSTS7000218 means The request body must contain the following parameter: 'client_assertion' or 'client_secret'. When authenticating to Azure AD to get an access token, the client application is not providing its “password” (in the form of either a client secret or a client assertion) as expected by Azure AD’s token endpoint.
You could try navigating to Azure Active Directory->App Registration and find Authentication in your application. And set "Allow public client flows" to "Yes" in Azure portal.
Here's another ticket has the similar issue, hope it can help.
I'm getting an error when I try to create a pipeline in our Azure DevOps. I've created a service connection for Azure US Gov to Azure Resource Manager that seems to have verified and saved successfully. Tried different browsers / incognito mode with no luck.
Error Message...
"You don’t appear to have an active Azure subscription."
Running version 18.181.31626.1 (Azure DevOps Server 2020 Update 1.1)
I've configured the service principal with contributor access. The connection appears to verify okay in DevOps when creating the service connection. In this example I'm selecting the option for Docker, though it appears to replicate against any of the options in the list. When selecting any of the options I see the pop out window on the side state "You don’t appear to have an active Azure subscription."
Please follow these steps to troubleshoot the error "You don’t appear to have an active Azure subscription".
1.Go to https://ms.portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade to check if your subscription status is active.
2.Go to https://ms.portal.azure.com/#blade/Microsoft_AAD_IAM/TenantPropertiesBlade to check whether the Security defaults is disabled.
Note
Remember to switch to your subscription aad in the steps above.
In addition, when the user is assigned the subscription (access level above contributor) for the first time, it needs time to sync the changes when logging in to Azure DevOps.
We are trying to create an AWS amplify app. For CI/CD we want to integrate it with Github. I understand amplify has a way to add a Github account(personal with username and password), but I am not able to find a way to add a Github Enterprise account( that doesn't have such username and password credentials).
Is there a way to add Github enterprise to amplify, like how Codebuild allows to connect.
A GHE (GitHub Enterprise) server does support GitHub Actions
So check first if activating an action like amplify-cli-action or (depending on what you want to do) amplify-preview-actions would help in your case.
In term of credentials, those actions would need:
Navigate to AWS Identity and Access Management console
Under Users -> Add New User. Fill in the user name(GithubCI) and set Programmatic Access for Access type.
In permissions, select Create a new group, in a dropdown select Create policy.
In a policy creation menu, select JSON tab and fill it with a next policy statement, then hit review and save
I created a number of organizations in Azure DevOps to experiment with.
They were all visible under existing Microsoft accounts (subscription accounts).
Then I created an Active Directory and linked one of the organizations to the newly-created directory.
After signoff and signon, the organization can no longer be found.
When I select the new directory in DevOps, there is only a default organization without my test project.
When I tried the same with another organization, this one also disappeared.
Where did my DevOps organization go?
And how can I get them back?
You can try the following two ways to see if the organizations can be displayed.
1.Please try to access https://aex.dev.azure.com/ and change domain to see if your organization lists here.
2.Sign out completely from Azure DevOps by completing the following steps. Closing your browser might not sign you out completely. Sign in again and select your other identity:
Close all browsers, including browsers that aren't running Azure
DevOps.
Open a private or incognito browsing session.
Go to this URL: https://aka.ms/vssignout.
You see a message that says, "Sign out in progress." After you sign
out, you're redirected to the Azure DevOps #dev.azure.microsoft.com
webpage. If the sign-out page takes more than a minute to sign you out, close the browser and continue.
Sign in to Azure DevOps again. Select your other identity.
I had a similar issue when I previously logged in using "Personal" account, created organisation, and when logged out and logged in again selected "Work or Department" account, so I wasn't able to see my organisations because they were created and visible only on "Personal" account 'plan'.
In the last 6 months I have been releasing with a pipeline in Azure DevOps, but today I receive the following error:
2019-09-25T14:24:38.4296875Z ##[section]Starting: Azure App Service Deploy: AS-ServiciosNegocio-API-UAT
2019-09-25T14:24:38.4419797Z ==============================================================================
2019-09-25T14:24:38.4419900Z Task : Azure App Service deploy
2019-09-25T14:24:38.4419986Z Description : Deploy to Azure App Service a web, mobile, or API app using Docker, Java, .NET, .NET Core, Node.js, PHP, Python, or Ruby
2019-09-25T14:24:38.4420053Z Version : 3.4.31
2019-09-25T14:24:38.4420117Z Author : Microsoft Corporation
2019-09-25T14:24:38.4420182Z Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment
2019-09-25T14:24:38.4420291Z ==============================================================================
2019-09-25T14:24:39.1630446Z Got connection details for Azure App Service:'AS-ServiciosNegocio-API-UAT'
2019-09-25T14:24:39.3091141Z ##[error]Error: Failed to get resource ID for resource type 'Microsoft.Web/Sites' and resource name 'AS-ServiciosNegocio-API-UAT'. Error: Could not fetch access token for Azure. Verify if the Service Principal used is valid and not expired.
2019-09-25T14:24:39.3140156Z ##[section]Finishing: Azure App Service Deploy: AS-ServiciosNegocio-API-UAT
If your existing service connection is the "Azure Resource Manager using service principal (automatic)" type (not manual), there's a simple but non-obvious way to renew the token.
Go to the service connection's settings page in Azure Devops as described in the other answers. (<YourDevAzureProject> Bottom Left → ⚙️ Project Settings → Pipelines subhead → Service Connections)
Click Edit and then Save without making any other changes. Assuming you have the right permissions, it will automatically get a new token.
NB: for some browsers you must enable pop-ups on dev.azure.com as it attempts to login to your azure account to get a list of resource groups.
(Figured this out from this forum comment.)
From reading others' comments/posts on this thread, the Azure UI might have changed so I'm posting the steps here for the later comers. I did what ecraig12345 suggested and it worked great!
Go to the deployment pipeline where the error occurs and click on Edit
Go to "Run on agent" task > Deploy Azure App Service
Click on the Manage hyperlink next to Azure Subscription label (see screenshot below)
Click on Edit
Click Save
Steps 1 - 3
Step 4
Step 5
If you look at the error message: "Verify if the Service Principal used is valid and not expired"
While I would have preferred more information, purely based on the above the likely scenario is the Key Used for the Service Connection has expired.
Visit you Azure DevOps org. and open the related Project and click on "Project
Settings" at the bottom left of the screen.
Click edit on the service connection in Azure DevOps and Click on the
link >> "To update using an existing service principal, use the full
version of the service connection dialog."
Copy the "Service principal client ID"
Now in the Azure Portal, Clic on Azure Active Directory and then Click on "App Registrations" to search for your application with the "client ID"
Go to "Certificate and Secrets" and check if your client certificate has expired.
If the cert is expired generate a new one and copy the key.
Go back to Azure DevOps "Service Connections", Click edit on the service connection in Azure DevOps and Click on the link >> "To update using an existing service principal, use the full version of the service connection dialog."
Update Service Principal Key with the copied value, Verify connection and click ok.
This should solve your issue
Although the route to the problem wasn't exactly the same (because devops changed so much again, probably), the answer from Venura was the root cause of my issue, and I was able to solve it thanks to this info.
steps I had to take:
In devops: go to releases
click correct project
edit
click on the stage that was failing
open the run agent task to deploy (should be an azure app service deploy)
click manage azure subscription
click manage service principal
in azure portal click on the expired registration
click on the red error that is has expired
click + new client secret
copy that new key
go back to devops
click edit on the screen of service connections (where we left at step 7) - (the subscript of the title here is Azure Resource Manager using service principal (manual))
paste that copied key in the field 'Service principal key'
click 'Verify and save'
That solved the issue, to confirm it was solved I just triggered a new release, which finally got through.
I followed JamesD's answer but when I got to step 13, there was nowhere for me to put the Service Principle Key that was generated. So I went back to square one and approached it a different way. Instead of trying to reuse the existing service connection that had exired, I created a new service connection and then changed my release pipelines to use that new service connection and things worked fine.
Here were my steps:
click on Project Settings in the lower left corner
On the left nav under the "Pipelines" section, click on "Service connections"
in the upper right corner, click on the button "New service connection"
select "Azure Resource Manager" and then "Next"
select "Service principle (automatic)" (this is the recommended option)
select the subscription from the drop down.
select the resource group from the drop down
give it a good name and hit save
then authenticate with your azure portal creds
Now you have a service connection created, lets go change the pipeline to use it
Go to your pipeline for the release and edit it
click on the Stage you want to edit (aim for the # tasks link)
click on Deploy Azure App Service
under the azure subscription drop down, select your new subscription entry you created above
then you will select the App Service name in that drop down
hit save and you are good to go
Now repeat for any other stages of the pipeline or any other failing release pipelines