Login/Register
Azure DevOps deployment agent can't connect due to SSL issues
Asked Answered
Solved azure-devopsazure-agent
T

1

8

Azure deployment agent doesn't work since a couple of days anymore due to SSL issues.

I got a couple of servers that can't connect to Azure DevOps anymore.

I found the following blog that tls 1.2 should be enabled.

https://devblogs.microsoft.com/visualstudio/azure-devops-requires-tls-1-2-on-all-connections-including-visual-studio/

I checked if we have the correct security protocols enabled.

C:\azagent\A2> [System.Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls, Tls12

I also followed the following to make sure TLS is enabled in the windows register. I added the values by hand because some didn't exists.

Path                                                                                          Name                        Value
----                                                                                          ----                        -----
HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319                                 SystemDefaultTlsVersions    1
HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319                                 SchUseStrongCrypto          1
HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319                                             SystemDefaultTlsVersions    1
HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319                                             SchUseStrongCrypto          1
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server    Enabled                     1
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server    DisabledByDefault           0
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client    Enabled                     1
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client    DisabledByDefault           0

I posted the log below because I don't know what's going on. Does anyone else have any idea?

Log:

[2022-02-05 18:38:37Z INFO AgentProcess] Agent package win-x64.
[2022-02-05 18:38:37Z INFO AgentProcess] Running on Windows (X64).
[2022-02-05 18:38:37Z INFO AgentProcess] RuntimeInformation: Microsoft Windows 6.3.9600.
[2022-02-05 18:38:37Z INFO AgentProcess] Version: 2.198.2
[2022-02-05 18:38:37Z INFO AgentProcess] Commit: d1b85881abfe7b5e575af095daf0ee27e099b904
[2022-02-05 18:38:37Z INFO AgentProcess] Culture: nl-NL
[2022-02-05 18:38:37Z INFO AgentProcess] UI Culture: en-US
[2022-02-05 18:38:37Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:37Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:37Z INFO AgentProcess] Validating directory permissions for: 'C:\azagent\A2'
[2022-02-05 18:38:37Z INFO PowerShellExeUtil] Generation: '1'
[2022-02-05 18:38:37Z INFO PowerShellExeUtil] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine', value name 'PowerShellVersion': '2.0'
[2022-02-05 18:38:37Z INFO PowerShellExeUtil] Unsupported version. Skipping.
[2022-02-05 18:38:37Z INFO PowerShellExeUtil] Generation: '3'
[2022-02-05 18:38:37Z INFO PowerShellExeUtil] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine', value name 'PowerShellVersion': '4.0'
[2022-02-05 18:38:37Z INFO PowerShellExeUtil] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine', value name 'ApplicationBase': 'C:\Windows\System32\WindowsPowerShell\v1.0'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework', value name 'InstallRoot': 'C:\Windows\Microsoft.NET\Framework64\'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'SOFTWARE\Microsoft\NET Framework Setup\NDP' contains sub keys:
[2022-02-05 18:38:37Z INFO AgentProcess]  'CDF'
[2022-02-05 18:38:37Z INFO AgentProcess]  'v2.0.50727'
[2022-02-05 18:38:37Z INFO AgentProcess]  'v3.0'
[2022-02-05 18:38:37Z INFO AgentProcess]  'v3.5'
[2022-02-05 18:38:37Z INFO AgentProcess]  'v4'
[2022-02-05 18:38:37Z INFO AgentProcess]  'v4.0'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727', value name 'Version': '2.0.50727.4927'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727', value name 'Install': '1'
[2022-02-05 18:38:37Z INFO AgentProcess] Testing directory: 'C:\Windows\Microsoft.NET\Framework64\v2.0.50727'
[2022-02-05 18:38:37Z INFO AgentProcess] Found version: 2.0.50727
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0', value name 'Version': '3.0.30729.4926'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0', value name 'Install': '1'
[2022-02-05 18:38:37Z INFO AgentProcess] Testing directory: 'C:\Windows\Microsoft.NET\Framework64\v3.0'
[2022-02-05 18:38:37Z INFO AgentProcess] Found version: 3.0
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5', value name 'Version': '3.5.30729.4926'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5', value name 'Install': '1'
[2022-02-05 18:38:37Z INFO AgentProcess] Testing directory: 'C:\Windows\Microsoft.NET\Framework64\v3.5'
[2022-02-05 18:38:37Z INFO AgentProcess] Found version: 3.5
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4', value name 'Version' is null.
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4', value name '' is null.
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'SOFTWARE\Microsoft\NET Framework Setup\NDP\v4' contains sub keys:
[2022-02-05 18:38:37Z INFO AgentProcess]  'Client'
[2022-02-05 18:38:37Z INFO AgentProcess]  'Full'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client', value name 'Version': '4.8.03761'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client', value name 'Install': '1'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client', value name 'InstallPath': 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client', value name 'Release': '528049'
[2022-02-05 18:38:37Z INFO AgentProcess] Type is System.Int32
[2022-02-05 18:38:37Z INFO AgentProcess] Interpreted version: 4.7.0
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full', value name 'Version': '4.8.03761'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full', value name 'Install': '1'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full', value name 'InstallPath': 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\'
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full', value name 'Release': '528049'
[2022-02-05 18:38:37Z INFO AgentProcess] Type is System.Int32
[2022-02-05 18:38:37Z INFO AgentProcess] Interpreted version: 4.7.0
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0', value name 'Version' is null.
[2022-02-05 18:38:37Z INFO AgentProcess] Key name 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0', value name '': 'deprecated'
[2022-02-05 18:38:37Z INFO AgentProcess] Found 5 versions:
[2022-02-05 18:38:37Z INFO AgentProcess]  2.0.50727
[2022-02-05 18:38:37Z INFO AgentProcess]  3.0
[2022-02-05 18:38:37Z INFO AgentProcess]  3.5
[2022-02-05 18:38:37Z INFO AgentProcess]  4.7.0
[2022-02-05 18:38:37Z INFO AgentProcess]  4.7.0
[2022-02-05 18:38:37Z INFO AgentProcess] Testing for min NET Framework version: '4.5'
[2022-02-05 18:38:37Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:37Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO CommandSettings] Configure {
  "AcceptTeeEula": false,
  "AddDeploymentGroupTags": false,
  "AddEnvironmentVirtualMachineResourceTags": false,
  "AddMachineGroupTags": false,
  "AlwaysExtractTask": false,
  "Agent": "IIS18",
  "CollectionName": null,
  "DeploymentGroup": false,
  "DeploymentGroupName": null,
  "DeploymentGroupTags": null,
  "DeploymentPool": false,
  "DeploymentPoolName": null,
  "EnvironmentVMResource": true,
  "EnvironmentName": "Logic4-Next - Production",
  "EnvironmentVMResourceTags": null,
  "GitUseSChannel": false,
  "DisableLogUploads": false,
  "MachineGroup": false,
  "MachineGroupName": null,
  "MachineGroupTags": null,
  "MonitorSocketAddress": null,
  "NotificationPipeName": null,
  "NotificationSocketAddress": null,
  "NoRestart": false,
  "OverwriteAutoLogon": false,
  "Pool": null,
  "ProjectName": "Logic4Desktop",
  "ProxyPassword": null,
  "ProxyUserName": null,
  "ProxyUrl": null,
  "Replace": false,
  "RunAsAutoLogon": false,
  "RunAsService": true,
  "RunOnce": false,
  "PreventServiceStart": false,
  "SslCACert": null,
  "SslClientCert": null,
  "SslClientCertArchive": null,
  "SslClientCertKey": null,
  "SslClientCertPassword": null,
  "SslSkipCertValidation": false,
  "Url": "https://dev.azure.com/organization/",
  "WindowsLogonAccount": null,
  "WindowsLogonPassword": null,
  "Work": "_work",
  "Auth": "PAT",
  "LaunchBrowser": false,
  "Password": null,
  "Token": "***",
  "Unattended": false,
  "UserName": null,
  "Help": false,
  "Version": false
}
[2022-02-05 18:38:38Z INFO AgentProcess] Arguments parsed
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO HostContext] Well known config file 'Proxy': 'C:\azagent\A2\.proxy'
[2022-02-05 18:38:38Z INFO VstsAgentWebProxy] No proxy setting found.
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO HostContext] Well known config file 'Certificates': 'C:\azagent\A2\.certificates'
[2022-02-05 18:38:38Z INFO AgentCertificateManager] No certificate setting found.
[2022-02-05 18:38:38Z INFO Agent] ExecuteCommand
[2022-02-05 18:38:38Z INFO ConfigurationStore] currentAssemblyLocation: C:\azagent\A2\bin\Agent.Listener.dll
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO ConfigurationStore] binPath: C:\azagent\A2\bin
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO ConfigurationStore] RootFolder: C:\azagent\A2
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO HostContext] Well known config file 'Agent': 'C:\azagent\A2\.agent'
[2022-02-05 18:38:38Z INFO ConfigurationStore] ConfigFilePath: C:\azagent\A2\.agent
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO HostContext] Well known config file 'Credentials': 'C:\azagent\A2\.credentials'
[2022-02-05 18:38:38Z INFO ConfigurationStore] CredFilePath: C:\azagent\A2\.credentials
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO HostContext] Well known config file 'Service': 'C:\azagent\A2\.service'
[2022-02-05 18:38:38Z INFO ConfigurationStore] ServiceConfigFilePath: C:\azagent\A2\.service
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO HostContext] Well known config file 'Autologon': 'C:\azagent\A2\.autologon'
[2022-02-05 18:38:38Z INFO ConfigurationStore] AutoLogonSettingsFilePath: C:\azagent\A2\.autologon
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO HostContext] Well known config file 'Options': 'C:\azagent\A2\.options'
[2022-02-05 18:38:38Z INFO ConfigurationStore] RuntimeOptionsFilePath: C:\azagent\A2\.options
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO HostContext] Well known config file 'SetupInfo': 'C:\azagent\A2\.setup_info'
[2022-02-05 18:38:38Z INFO ConfigurationStore] SetupInfoFilePath: C:\azagent\A2\.setup_info
[2022-02-05 18:38:38Z INFO Terminal] WRITE LINE: 
  ___                      ______ _            _ _
 / _ \                     | ___ (_)          | (_)
/ /_\ \_____   _ _ __ ___  | |_/ /_ _ __   ___| |_ _ __   ___  ___
|  _  |_  / | | | '__/ _ \ |  __/| | '_ \ / _ \ | | '_ \ / _ \/ __|
| | | |/ /| |_| | | |  __/ | |   | | |_) |  __/ | | | | |  __/\__ \
\_| |_/___|\__,_|_|  \___| \_|   |_| .__/ \___|_|_|_| |_|\___||___/
                                   | |
        agent v2.198.2             |_|          (commit d1b8588)

[2022-02-05 18:38:38Z INFO ConfigurationManager] CheckAgentRootDirectorySecure
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Bin': 'C:\azagent\A2\bin'
[2022-02-05 18:38:38Z INFO HostContext] Well known directory 'Root': 'C:\azagent\A2'
[2022-02-05 18:38:38Z INFO ConfigurationManager] ConfigureAsync
[2022-02-05 18:38:38Z INFO ConfigurationStore] IsConfigured()
[2022-02-05 18:38:38Z INFO ConfigurationStore] IsConfigured: False
[2022-02-05 18:38:38Z INFO ConfigurationManager] Is configured: False
[2022-02-05 18:38:38Z INFO CommandSettings] Flag 'sslskipcertvalidation': 'False'
[2022-02-05 18:38:38Z INFO ConfigurationManager] Testing for min NET Framework version: '4.6'
[2022-02-05 18:38:38Z INFO CommandSettings] Flag 'deploymentgroup': 'False'
[2022-02-05 18:38:38Z INFO CommandSettings] Flag 'deploymentpool': 'False'
[2022-02-05 18:38:38Z INFO CommandSettings] Flag 'environment': 'True'
[2022-02-05 18:38:38Z INFO ExtensionManager] Getting extensions for interface: 'Microsoft.VisualStudio.Services.Agent.Listener.Configuration.IConfigurationProvider'
[2022-02-05 18:38:38Z INFO ExtensionManager] Creating instance: Microsoft.VisualStudio.Services.Agent.Listener.Configuration.BuildReleasesAgentConfigProvider, Agent.Listener
[2022-02-05 18:38:38Z INFO ExtensionManager] Creating instance: Microsoft.VisualStudio.Services.Agent.Listener.Configuration.DeploymentGroupAgentConfigProvider, Agent.Listener
[2022-02-05 18:38:38Z INFO ExtensionManager] Creating instance: Microsoft.VisualStudio.Services.Agent.Listener.Configuration.SharedDeploymentAgentConfigProvider, Agent.Listener
[2022-02-05 18:38:38Z INFO ExtensionManager] Creating instance: Microsoft.VisualStudio.Services.Agent.Listener.Configuration.EnvironmentVMResourceConfigProvider, Agent.Listener
[2022-02-05 18:38:38Z INFO Terminal] WRITE LINE: 
[2022-02-05 18:38:38Z INFO Terminal] WRITE LINE: >> Connect:
[2022-02-05 18:38:38Z INFO Terminal] WRITE LINE: 
[2022-02-05 18:38:38Z INFO CommandSettings] Arg 'url': 'https://dev.azure.com/organization/'
[2022-02-05 18:38:38Z INFO EnvironmentVMResourceConfigProvider] url - https://dev.azure.com/organization/
[2022-02-05 18:38:38Z INFO ConfigurationManager] GetCredentialProvider
[2022-02-05 18:38:38Z INFO CommandSettings] Arg 'auth': 'PAT'
[2022-02-05 18:38:38Z INFO ConfigurationManager] Creating credential for auth: PAT
[2022-02-05 18:38:38Z INFO CredentialManager] GetCredentialProvider
[2022-02-05 18:38:38Z INFO CredentialManager] Creating type PAT
[2022-02-05 18:38:38Z INFO CredentialManager] Creating credential type: PAT
[2022-02-05 18:38:38Z INFO PersonalAccessToken] EnsureCredential
[2022-02-05 18:38:38Z INFO CommandSettings] Arg 'token': '***'
[2022-02-05 18:38:38Z INFO PersonalAccessToken] GetVssCredentials
[2022-02-05 18:38:38Z INFO PersonalAccessToken] token retrieved: 52 chars
[2022-02-05 18:38:38Z INFO PersonalAccessToken] cred created
[2022-02-05 18:38:38Z INFO ConfigurationManager] cred retrieved
[2022-02-05 18:38:38Z INFO VisualStudioServices] Starting operation Location.GetConnectionData
[2022-02-05 18:38:38Z WARN VisualStudioServices] Attempt 1 of GET request to https://dev.azure.com/organization/_apis/connectionData?connectOptions=1&lastChangeId=320929845&lastChangeId64=320929845 failed (Socket Error: ConnectionReset). The operation will be retried in 10,8320613 seconds.
[2022-02-05 18:38:49Z WARN VisualStudioServices] Attempt 2 of GET request to https://dev.azure.com/organization/_apis/connectionData?connectOptions=1&lastChangeId=320929845&lastChangeId64=320929845 failed (Socket Error: ConnectionReset). The operation will be retried in 13,2434562 seconds.
[2022-02-05 18:39:03Z WARN VisualStudioServices] Attempt 3 of GET request to https://dev.azure.com/organization/_apis/connectionData?connectOptions=1&lastChangeId=320929845&lastChangeId64=320929845 failed (Socket Error: ConnectionReset). The operation will be retried in 15,8216932 seconds.
[2022-02-05 18:39:18Z ERR  VisualStudioServices] Attempt 4 of GET request to https://dev.azure.com/organization/_apis/connectionData?connectOptions=1&lastChangeId=320929845&lastChangeId64=320929845 failed (Socket Error: ConnectionReset). The maximum number of attempts has been reached.
[2022-02-05 18:39:18Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2022-02-05 18:39:18Z INFO LocationServer] Unable to connect to https://dev.azure.com/organization/.
[2022-02-05 18:39:19Z ERR  LocationServer] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
 ---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
   --- End of inner exception stack trace ---
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.GetResult(Int16 token)
   at System.Net.FixedSizeReader.ReadPacketAsync(Stream transport, AsyncProtocolRequest request)
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Agent.LocationServer.ConnectAsync(VssConnection jobConnection)
[2022-02-05 18:39:19Z INFO CommandSettings] Flag 'unattended': 'False'
[2022-02-05 18:39:19Z ERR  Terminal] WRITE ERROR (exception):
[2022-02-05 18:39:19Z ERR  Terminal] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
 ---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
   --- End of inner exception stack trace ---
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.GetResult(Int16 token)
   at System.Net.FixedSizeReader.ReadPacketAsync(Stream transport, AsyncProtocolRequest request)
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Agent.LocationServer.ConnectAsync(VssConnection jobConnection)
   at Microsoft.VisualStudio.Services.Agent.Util.ServerUtil.GetConnectionData(String serverUrl, VssCredentials credentials, ILocationServer locationServer)
   at Microsoft.VisualStudio.Services.Agent.Util.ServerUtil.DetermineDeploymentType(String serverUrl, VssCredentials credentials, ILocationServer locationServer)
   at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.ConfigureAsync(CommandSettings command)
[2022-02-05 18:39:19Z ERR  Terminal] WRITE ERROR: Failed to connect.  Try again or ctrl-c to quit
[2022-02-05 18:39:59Z INFO CommandSettings] Arg 'url': 'https://dev.azure.com/organization/'
[2022-02-05 18:39:59Z INFO EnvironmentVMResourceConfigProvider] url - https://dev.azure.com/organization/
[2022-02-05 18:39:59Z INFO ConfigurationManager] GetCredentialProvider
[2022-02-05 18:39:59Z INFO CommandSettings] Arg 'auth': 'PAT'
[2022-02-05 18:39:59Z INFO ConfigurationManager] Creating credential for auth: PAT
[2022-02-05 18:39:59Z INFO CredentialManager] GetCredentialProvider
[2022-02-05 18:39:59Z INFO CredentialManager] Creating type PAT
[2022-02-05 18:39:59Z INFO CredentialManager] Creating credential type: PAT
[2022-02-05 18:39:59Z INFO PersonalAccessToken] EnsureCredential
[2022-02-05 18:39:59Z INFO CommandSettings] Arg 'token': '***'
[2022-02-05 18:39:59Z INFO PersonalAccessToken] GetVssCredentials
[2022-02-05 18:39:59Z INFO PersonalAccessToken] token retrieved: 52 chars
[2022-02-05 18:39:59Z INFO PersonalAccessToken] cred created
[2022-02-05 18:39:59Z INFO ConfigurationManager] cred retrieved
[2022-02-05 18:39:59Z INFO VisualStudioServices] Starting operation Location.GetConnectionData
[2022-02-05 18:39:59Z WARN VisualStudioServices] Attempt 1 of GET request to https://dev.azure.com/organization/_apis/connectionData?connectOptions=1&lastChangeId=320929845&lastChangeId64=320929845 failed (Socket Error: ConnectionReset). The operation will be retried in 10,8212117 seconds.
[2022-02-05 18:40:10Z WARN VisualStudioServices] Attempt 2 of GET request to https://dev.azure.com/organization/_apis/connectionData?connectOptions=1&lastChangeId=320929845&lastChangeId64=320929845 failed (Socket Error: ConnectionReset). The operation will be retried in 13,0277663 seconds.
[2022-02-05 18:40:11Z INFO Terminal] WRITE LINE: Exiting...
Tref answered 5/2, 2022 at 18:59 Comment(4)
Does this answer your question? Self-hosted build agent cannot connect to Azure DevOps Services, SSL connection could not be establishedFreehand
@Freehand No. As you can see in the logging as well Attempt 1 of GET request to https://dev.azure.com/organization/_apis/... I got the correct URL. But thanks for thinking with me!Tref
You're running Windows 2012 R2? Does this fix your issue? #70929856Rotor
That did the trick. Thanks @JamesZ!Tref
T
6

If people still encounter this, I found a script that checks all the problems and generates a solution that works :-)

Azure DevOps TLS 1.2 transition readiness checker

Azure DevOps Services (as many other Microsoft services) is undergoing transition to deprecate transport protocols TLS 1.0, TLS 1.1 and some TLS 1.2 cipher suites which are considered weak.

See announcement from Azure DevOps team here: https://devblogs.microsoft.com/devops/deprecating-weak-cryptographic-standards-tls-1-0-and-1-1-in-azure-devops-services/

The purpose of this project is to simplify the task of preparation for the transition. We gathered most frequently seen TLS-compatibility issues reported by our customers and made a script which detects them and points the user towards the mitigation.

Run the script:

AzureDevOpsTls12Analysis.ps1

Run in Powershell version 4 or higher. Windows-only, the script has been tested on Windows Server 2012 R2 and above.

What the script does:

  • performs a probe by opening a test secure connection to https://status.dev.azure.com. This site requires TLS 1.2 & strong cipher suites as will all Azure DevOps sites after the deprecation of TLS 1.0 and 1.1 protocols takes place.
    • The probe recognizes when the issue is network connectivity or DNS resolving problem vs. when it is caused by TLS incompatibility.
    • Successfull probe is a proof that the OS allows TLS 1.2 and at least one of the required cipher suites is available. This does not guarantee that all other software connecting to Azure DevOps from this computer will work without TLS issues.
  • performs an analysis of OS-level issues by looking at the selected Windows registry keys which enable/disable TLS 1.2 protocol and influence the set of usable cipher suites. OS-level configuration is shared by all the software which uses HTTPS/TLS stack provided by OS.
  • performs an analysis of .NET Framework: checks version of .NET framework installed and configuration in Windows registry.
    • Looks for presence of registry changes which enable .NET apps built against .NET Framework versions prior to 4.7 to leverage TLS capabilities suported by OS. Without these changes, old .NET apps will default to usage of TLS 1.0 even when TLS 1.2 is enabled by the OS.
    • If you don't intend to use legacy .NET programs that communicate over network on the computer, no need to apply these.

What the script does not:

  • The script does not execute any mitigations itself. It only prints mitigation advice which consists of URL of docs article and steps to be executed (either cmdlets to call or registry changes to make).
  • The script does not need elevated permissions to run.
  • The script cannot say if specific app will have TLS issues. There are apps which have TLS/SSL version of choice hard-code or configured.

Source and script:

https://github.com/microsoft/azure-devops-tls12

Tref answered 18/6, 2022 at 4:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.