3
我們已將TFS 2013服務器升級到TFS 2015,並且正在設置新的構建代理。TFS構建代理引發「未授權」異常
在此之前,我們進行了一次試運行,並在我們對現有TFS數據庫進行了最終轉換之前,讓所有的工作合理地完成。構建代理工作得很好。
令我們驚訝的是,我們的構建代理不再合作升級後。創建一個簡單的構建定義並將其分配給默認隊列會導致在10-15秒後引發錯誤。
我們嘗試重新部署構建代理,玩弄權限和用戶,但無濟於事。
我們所得到的是這樣的_diag \日誌:
11:18:09.699993 JobManager.StartJob(job.JobId = a9702f31-2dff-4057-8253-a32ebc106f32)
11:18:09.699993 JobInfo.ctor
11:18:09.699993 JobInfo.ctor - leave
11:18:09.699993 JobManager.StartJob - calling JobWriter.StartJob
11:18:09.699993 JobWriter.StartJob - enter
11:18:09.699993 JobWriter.StartJob - (SKIPPING)first renew
11:18:09.715619 JobWriter.StartJob - start continual renewing
11:18:09.715619 AuthorizationType : OAuth
11:18:09.731245 ---------------------------------------------------------------------------
11:18:09.731245 Microsoft.VisualStudio.Services.WebApi.VssServiceResponseException: Unauthorized
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage response)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__79.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__76`1.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Client.VssServerDataProvider.<ConnectAsync>d__39.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.Common.ConnectionHelper.GetConnection(Uri serverUri, VssCredentials credentials)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.JobWriter.StartJob()
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponse(HttpResponseMessage response)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__79.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__76`1.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.VisualStudio.Services.Client.VssServerDataProvider.<ConnectAsync>d__39.MoveNext()
11:18:09.731245 --- End of stack trace from previous location where exception was thrown ---
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
11:18:09.731245 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.Common.ConnectionHelper.GetConnection(Uri serverUri, VssCredentials credentials)
11:18:09.731245 at Microsoft.TeamFoundation.DistributedTask.Agent.JobWriter.StartJob()
11:18:09.731245 ---------------------------------------------------------------------------
運行交互或作爲服務沒什麼區別。我已經將構建代理的服務用戶列爲「代理池服務帳戶」角色的成員。
我相信這是有問題的請求:
GET https://tfs:8443/tfs/DefaultCollection/_apis/connectionData?connectOptions=IncludeServices&lastChangeId=-1&lastChangeId64=-1 HTTP/1.1
User-Agent: VSServices/14.102.25423.0 (VsoAgent.exe) VsoAgent.exe/1.95.3
Accept-Language: en-US, nb-NO
X-TFS-FedAuthRedirect: Suppress
X-TFS-Session: 7a2e6368-a564-4231-bbd6-xxxxxxxxxx
X-VSS-Agent: VSS: b5d9c453-017f-407c-ac00-b479d0d0e8ed
Authorization: [huge bytesequence]
Host: tfs:8443
Accept-Encoding: gzip
這是用401我自己的管理用戶的回報卻是能夠加載此URI就好了。
我自己的管理員用戶是我設置代理時使用的用戶。我也嘗試從這個用戶交互式啓動vsoagent.exe ...但沒有去。在行之間進行閱讀(並查看一些角色),有一位用戶將運行代理的計算機的名稱刪除。我想這個用戶是最初創建的,並且是實際使用的用戶。我如何才能控制這種情況?
編輯:如果我從沒有包括在「代理池服務帳戶」的池的列表中的用戶身份運行vsoagent.exe交互,那麼代理商立即犯錯了與Access denied. admrunem needs Listen permissions for pool Regular to perform the action. For more information, contact the Team Foundation Server administrator.。在列表中添加admrunem讓我進一步瞭解了一點,即我試圖診斷的錯誤消息(「未授權」異常)。注意:此時它使用NTLM授權,然後致命的呼叫似乎切換到OAUTH。
我不完全理解「嘗試更改域帳戶」的含義。你的意思是將vsoagent作爲不同的域用戶運行? vsoagent/login:用戶,密碼?如果是這樣,那麼我已經嘗試了兩次列表中的每個項目。 任何想法JobWriter.StartJob()做什麼?我嘗試了反射器,但無法完全掌握HandleResponse()在哪裏拋出異常。 「未經授權」是一個相當模糊的錯誤信息。我假設它來自TFS服務器。有沒有審計記錄可以給我任何有用的線索? – 9Rune5
只需要明確,通過「構建代理服務帳戶」,您是否指該集合的「項目集合構建服務帳戶」組? (這個組沒有爲我的項目btw定義,只是收集我的項目的集合) – 9Rune5
是的。嘗試使用建立代理服務帳戶和代理池服務帳戶中的帳戶。 –