Search code examples
azure-devopsazure-devops-self-hosted-agentazure-devops-server-2020

Unable to authenticate to Azure Devops Server on premise with Macos selft hosted agent

On my mac, I have a VM with Windows server 2019 and Azure Devops Server 2020 (update 1.1).

I can go to my dashboard (http://xxx.xxx.xxx.xxx/MyProjectCollection) correctly from Chrome on my mac, using the Windows server's admin login (Administrator) and password (IWontTellYou).

When I try to configure a self hosted agent (2.190.0) on my mac, I run ./config.sh in a terminal but I cannot validate the authentication process...

I cannot use PAT nor Alternate because my server is not on HTTPS. I cannot use Integrated because I am on mac. I use Negotiate, but I can't get authenticated :

Enter server URL > http://xxx.xxx.xxx.xxx/MyProjectCollection/
Enter authentication type (press enter for Negotiate) > Negotiate
Enter user name > Administrator
Enter password > *************
VS30063: You are not authorized to access http://xxx.xxx.xxx.xxx.
Failed to connect.  Try again or ctrl-c to quit

Why does it works on Chrome but mot with the self hosted agent ?

How can I authenticate please ?

Thanks for any help... I have reinstalled Windows Server and Azure Devops Server several times to try several configuration, including activating HTTPS using a self signed ssl certificate to use PAT, but nothing works :(

Edit : I've tryed with a Windows self hsoted agent on the server, here is the powershell output :

Enter server URL > http://xxx.xxx.xxx.xxx/MyProjectCollection
Enter authentication type (press enter for Integrated) > Negotiate
Enter user name > Administrator
Enter password > *************
Error reported in diagnostic logs. Please examine the log for more details.
    - C:\Users\Administrator\Downloads\vsts-agent-win-x64-2.181.2\_diag\Agent_20210820-064419-utc.log
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect.  Try again or ctrl-c to quit
Enter server URL > http://xxx.xxx.xxx.xxx/MyProjectCollection
Enter authentication type (press enter for Integrated) >
Connecting to server ...
Solution

  • The trick is to use a https URL and deactivate the sslhandshake.

    Tap the following command to configure the self hosted agent and ignore the https certificate validation :

    ./config.sh -–sslskipcertvalidation

    Then replace the http by https in your URL :

    Enter server URL > https://xxx.xxx.xxx.xxx/MyProjectCollection

    You can now use PAT authentication method to authenticate and configure the self hosted agent. Follow this doc to configure a PAT https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/windows-agent?view=azure-devops#authenticate-with-a-personal-access-token-pat

    As the PAT is used only one time to configure the self hosted agentm you can remove it once the configuration is successful.