Azure Devops Agent Firewal

Copper Contributor

Hi,

I have been using Azure Self-Hosted Agent to deploy my applications.

But recently I get into a trouble, I am able to install the agent even on the status in DevOps I can see is available.

But when I run a release it fails on Download Build Artifacts task.

I'm guessing that since I have a proxy script and a firewall on my company I am not able to download the artifacts.

The question is, What do i have to unlock in my firewall or my proxy?

 

Thanks!

4 Replies

@grimaldo4750 

 

I thought you need to explain further, what kind of firewall rule and Proxy are using and how's on current setting?

@grimaldo4750 

 

Fixing network issues in your DevOps setup can be tricky, but here is what I have found online in order to possible solve them effectively:

 

1. Ensure that your proxy settings are correctly configured in Azure DevOps. Go to Project Settings -> Agent Pools -> Select your agent pool -> Agents -> Your agent -> Capabilities. Check if the HTTP_PROXY and HTTPS_PROXY variables are set correctly.

 

2. Identify the ports and URLs that need to be accessible through your company's firewall for Azure DevOps. Usually, Azure DevOps uses HTTPS (port 443) for communication. Make sure that traffic to Azure DevOps services is allowed.

 

3.  Check the logs and error messages. Common default locations include (directory of the self-hosted agent):

  • Windows: C:\agent
  • Linux: /home/{user}/agent 
  • Common log files might include agent.log, diag.log, or logs specific to the job/run ID where the artifact download failed.

Please share the logs, so that we can investigate the issue further. 

 

 

 

 

 

 

As far as I know, all kind of communication to outside network is disabled.
I am not able to download the service either.

I may need to check the port and the URLs.
The server capabilities seems correct.
dev.azure.com and the port 443 should work right?

Here's an example of the log

2023-12-12T21:27:20.3131088Z ##[section]Starting: Download artifact - Packing - Packing
2023-12-12T21:27:20.3808126Z ==============================================================================
2023-12-12T21:27:20.3808814Z Task : Download build artifacts
2023-12-12T21:27:20.3809202Z Description : Download files that were saved as artifacts of a completed build
2023-12-12T21:27:20.3809356Z Version : 0.232.0
2023-12-12T21:27:20.3809672Z Author : Microsoft Corporation
2023-12-12T21:27:20.3810001Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/download-build-artifacts
2023-12-12T21:27:20.3810142Z ==============================================================================
2023-12-12T21:27:21.1431552Z Error: in getBuildApi, so retrying => retries pending : 4
2023-12-12T21:28:06.2507104Z Error: in getBuildApi, so retrying => retries pending : 3
2023-12-12T21:30:21.3556241Z Error: in getBuildApi, so retrying => retries pending : 2
2023-12-12T21:36:21.5201366Z Error: in getBuildApi, so retrying => retries pending : 1
2023-12-12T21:42:21.6496151Z ##[error]Failed in getBuildApi with error: Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (node:_tls_wrap:1539:34)
at TLSSocket.emit (node:events:513:28)
at TLSSocket._finishInit (node:_tls_wrap:953:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:734:12) {
code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
}
2023-12-12T21:42:21.6663850Z ##[error]Error: unable to get local issuer certificate
2023-12-12T21:42:21.6700565Z ##[section]Finishing: Download artifact - Packing- Packing