I'm new to TFS2018 and i am trying to configure CI/CD Pipeline. My Build succeeded and in my release pipeline, i need to run powershell script on my deployment server and so i used RUN PowerShell on Target Machine task. I suppose, provided all required info correctly and ran the release but got the error at this task as follows
Connecting to remote server xxx.xxx.xx.xx failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
Please find my task config captured below
I tried adding my TFS2018 server as trustedHost on target server but still issue exists. Please suggest and help.
Add the TFS server machine to TrustedHost in Target machine through powershell.
Set-Item WSMan:localhost\client\trustedhosts -value ServerDC
Ensure credentials provided in this task is of admin role and at same time they have access w.r.to TFS in this case. If provided credentials does not have TFS admin previlage, the task cannot invoke agent to trigger VisualStudioRemoteDeployer.
This is what is called the double hop problem with PowerShell, usually it means you are trying to log on to a remote machine with different credentials then the credentials your user is running under. So in your case, is $(adminUserName) the same as the agent? If not then you could try and change that user to be the same as the agent. If not, then you need to do a little more then add the machine to trustedHost. Watch this video on SPN it might help https://www.youtube.com/watch?v=yFgdPcLOs-g and here is a detailed explanation on the double hop issue https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7
Related
A windows vm is configured that is residing the proxy and I can get the response from the VM's admin powershell prompt with the following command:
Get-PSRepository
But if I issue the very same command inside the Azure Devops pipeline I get the following instead:
WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «»
WARNING: Unable to download the list of available providers. Check your internet connection.
WARNING: Unable to find module repositories.
Finishing: PowerShell
I can check and get the proxy settings though from the powershell in the pipeline with the following command:
netsh winhttp show proxy
I guess you are hosting a self-host agent on the windows VM. Some tools will not automatically use the agent configured proxy settings as stated in the document Run a self-hosted agent behind a web proxy.
You can try setting an environmental variable as below at the beginning of the your powershell command to specifically set the proxy for your powershell task.
$env:http_proxy = "192.3.4.5:8080"
Please refer to this similar thread. If above script to set proxy env variable doesnot work, you can try command Set-InternetProxy -Proxy test:8080 in this blog.
Is there a way to run a powershell script from the actual TFS server during a release? I am running the build agent in a docker container and it's not joined to the domain so wmi won't allow the windows agent in the docker container to stop the app pool on the webserver before copying over new artifact files, even though I specify credentials before connecting. If I could run the powershell script from the TFS 2017 server this problem would be solved.
The error I get is:
019-08-30T13:49:44.6542238Z ##[error][<server>.<domain>.com] Connecting to remote server <server>.<domain>.com failed with the following error message
: The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the
client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added
to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the
TrustedHosts list might not be authenticated. You can get more information about that by running the following
command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (<server>.<domain>.com:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : ServerNotTrusted,PSSessionStateBroken
I kept ignoring the docker windows servercore tfs agent container thinking it must have something to do with the server I'm trying to copy files to but it wasn't. For some reason all I had to do was add the following to my tfs agent:
winrm set winrm/config/client #{TrustedHosts="machineA,machineB"}
Now everything works. I removed all trustedhosts from wsam and it still works. I guess because I'm using credentials in my powershell scripts...not sure but I'm happy.
I have an 'Azure File Copy' task in my Build Definition for Team Services (was Visual Studio Online). Whenever I run this I get an 'Access Denied' error. I've been trying to troubleshoot this for hours with no luck.
Copy started for machine: 'MACHINE NAME'
Copy status for machine 'MACHINE NAME' : 'Failed'
Connecting to remote server [IP ADDRESS] failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.To fix WinRM connection related issues, select the 'Enable Copy Prerequisites' option in the task. If set already, and the target Virtual Machines are backed by a Load balancer, ensure Inbound NAT rules are configured for target port (5986). Applicable only for ARM VMs. For more info please refer to http://aka.ms/azurefilecopyreadme
******************************************************************************
Finishing task: AzureFileCopy
******************************************************************************
Task AzureFileCopy failed. This caused the job to fail. Look at the logs for the task for more details.
******************************************************************************
Finishing Build
******************************************************************************
I've tried the following:
'Enable Copy Prerequisites' checkbox on build task
Assigning the user account directly to Microsoft.Powershell with 'Full Control' permissions using PSSession -ShowSecurityDescriptorUI
Added Computer to the TrustedHosts List
Made sure the necessary ports are unblocked (inbound and outbound)
Considering that this is a Microsoft SaaS product, connecting to a standard Azure VM using nothing but Microsoft Azure architecture, I'm surprised this is so difficult. I must be missing something simple!
Thanks in advance for any advice.
I made the mistake of using builtin\administrator as the username but after a couple of hours debugging the same error you're getting I found out that is a UPN and not allowed. I changed it to .\administrator and that worked!
Also check out this site for troubleshooting, it really goes into details with some of the things: http://www.hurryupandwait.io/blog/understanding-and-troubleshooting-winrm-connection-and-authentication-a-thrill-seekers-guide-to-adventure
EDIT: I overlooked "Prerequisites for executing build definitions is to have your build agent ready, here are steps to setup your build agent, you can find more details in this blog ." from these steps. I'm currently trying to get that build agent up and running on an Azure VM and will report back.
I'm following these steps to try and get CD and Selenium tests running through my Visual Studio Online TFbuild. I've had some helpful hints after sending some feedback via email, but I'm still not able to get past the file copy step.
I've created a Windows 10 Enterprise VM.
I've correctly set the ip address in my build test machines and am able to RDP into the machine.
I've successfully (after several attempts) gotten Remote Power shell working (though I'm not 100% certain winrm s winrm/config/client '#{TrustedHosts="Hosted Agent"}'). I got the name from https://{}.visualstudio.com/DefaultCollection/_admin/_AgentQueue or Build > edit build > General > Default Queue > Manage.
PS C:\users\cdd\Desktop> winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
This seems to be ready after
PS remoting is not supported when network connection type is public. Please check http://blogs.msdn.com/b/powershell/archive/2009/04/03/setting-network-location-to-private.aspx.
and echo "setting executionpolicy"
powershell -command "& Set-ExecutionPolicy -executionpolicy unrestricted -force"
echo "setting remoting"
powershell -command "& Enable-PSRemoting -force"
That's a lot of details, but I'm still stuck after that:
Copy started for - '{ip}:5985'
Copy status for machine '{ip}:5985' : 'Failed'
Failed to execute the powershell script. Consult the logs below for details of the error.
Failed to connect to the path \{ip} with the user cdd for copying.System error 53 has occurred.
The network path was not found.
For more info please refer to http://aka.ms/windowsfilecopyreadme
I have a few questions:
Do I have the correct name of the VM?
Do you have steps on how to get the VM setup to allow FileCopy?
I'm probably missing something else, I'm not familiar with PowerShell or getting this setup. What can I try to get the path available for my cdd adminstration user that I setup when I created the VM?
To copy files to an Azure VM machine, you should use the "Azure File Copy" step that provided in VSO build definition. It provides detailed setting for you to access to your Azure VM machine.
I am getting given error when I use powershell commandlets to connect azure app -
Get-HostedService : Could not establish secure channel for SSL/TLS with authority ‘management.core.windows.net’.
here is the links I follow -
http://msdn.microsoft.com/en-us/gg271300
http://wappowershell.codeplex.com/documentation
Based on my experience there could be two problems:
The certificate you are using is not able to create a secure SSL tunnel between your computer and Windows Azure Management Portal and you get error
I have seen OS specific problems related to SSPI and SCHANEL in which the SSL tunnel could not be created.
I also think the first links you have has old info and does not help in most cases. Lets try to solve problem first which is very easy. I am writing below understanding you have Powershell Cmdlets installed in your machine:
First download the publishconfig file from your Windows Azure portal as decribed here.
Now open your Windows Powershell for Windows Azure CmdLets (In Admin Mode)
After that enter these Powershell Commands directly:
PS > Import-Subscription <include your _filename_.publishsettings here>
PS > Select-Subscription <Enter The _name_of_your_subscription which will be listed after you run above command (Note - **SubscriptionName** is needed here>
PS > Get-HostedService <This should list all of services in your subscription>
Now you can manage the subscription from Powershell Cmdlets.
If you still have problems please let me know and I will provide info on 2).
Can you please file a bug for this here: http://github.com/WindowsAzure/azure-sdk-tools
The error message back from PowerShell should be friendlier in this case.
Also, you can now use Add-AzureAccount to obtain credentials rather than having to download and import a publishsettings file