30 November 2020 TFS, Azure DevOps Robert Muehsig

We did this update in May 2020, but I forgot to publish the blogpost… so here we are

Last year we updated to Azure DevOps Server 2019 and it went more or less smooth.

In May we decided to update to the “newest” release at that time: Azure DevOps Server 2019 Update 1.1

Setup

Our AzureDevOps Server was running on a “new” Windows Server 2019 and everything was still kind of newish - so we just needed to update the AzureDevOps Server app.

Update process

The actual update was really easy, but we had some issues after the installation.

Steps:

x

x

x

x

x

x

Aftermath

We had some issues with our Build Agents - they couldn’t connect to the AzureDevOps Server:

TF400813: Resource not available for anonymous access

As a first “workaround” (and a nice enhancement) we switched from HTTP to HTTPS internally, but this didn’t solved the problem.

The real reason was, that our “Azure DevOps Service User” didn’t had the required write permissions for this folder:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

The connection issue went away, but now we introduced another problem: Our SSL Certificate was “self signed” (from our Domain Controller), so we need to register the agents like this:

.\config.cmd --gituseschannel --url https://.../tfs/ --auth Integrated --pool Default-VS2019 --replace --work _work

The important parameter is -gituseschannel, which is needed when dealing with “self signed, but Domain ‘trusted’“-certificates.

With this setting everything seemed to work as expected.

Only node.js projects or toolings were “problematic”, because node.js itself don’t use the Windows Certificate Store.

To resolve this, the root certificate from our Domain controller must be stored on the agent.

[Environment]::SetEnvironmentVariable(“NODE_EXTRA_CA_CERTS”, “C:\SSLCert\root-CA.pem”, “Machine”)

Summary

The update itself was easy, but it took us some hours to configure our Build Agents. After the initial hiccup it went smooth from there - no issues and we are ready for the next update, which is already released.

Hope this helps!


Written by Robert Muehsig

Software Developer - from Dresden, Germany, now living & working in Switzerland. Microsoft MVP & Web Geek.
Other Projects: KnowYourStack.com | ExpensiveMeeting | EinKofferVollerReisen.de

If you like the content and want to support me you could buy me a beer or a coffee via Litecoin or Bitcoin - thanks for reading!