TFSPreview.com and Azure certificates not playing well at deployment

1
votes

So I setup TFS continuous deployment and I'm running into a situation where my build compiles just alright but fails in the deployment phase when communicating with Azure. My log looks like

Get Default Azure Cloud Service Publish Profile
Set Project to build CSPack
Run MSBuild for Project
Run Visual Studio Test Runner for Test Sources
Publish Output
Deploy application to Azure
8/23/2012 7:20:04 AM - Preparing deployment for rcfoapi with SubscriptionID: mysubscriptionidhere.veryverylong.andkeepsgoing...
8/23/2012 7:20:04 AM - Connecting...
 An attempted http request against URI https://management.core.windows.net:8443/mysubscriptionidhere.veryverylong.andkeepsgoing
 /services/hostedservices/myrolenamehere?embed-detail=true 
 returned an error: (403) Forbidden.
Additional Exception Information:
Error Code: AuthenticationFailed
Message: The server failed to authenticate the request. Verify that the 
         certificate is valid and is associated with this subscription.
         Typically, a response of (403) Forbidden from a Windows Azure 
         Management API means that the X509 certificate used to 
         authenticate the call is not valid. The certificate may have 
         been revoked or expired. Reconnect your Windows Azure 
         subscription to your Team Foundation account.

I tried the 'Disconnect from TFS' link in the Azure portal, then verified that the certificate in the 'certificates' section of the Azure portal. I confirmed using the fingerprint hash that the same certificate is also in my local computers' certificate store ('my' store). Then I relinked TFS back via the Azure portal.

But I still get the same error. Any idea?

Update: I also tried a few additional steps, nothing seems to be working :(

  1. Deleted the entire cloud service
  2. Created a new cloud service (with same name)
  3. VS2012 deployed to the cloud service on both production and staging (because I need to service operational for front use and back testing)
  4. Verified the Windows Azure Tools certificate in the portal's cloud service 'certificate' section (which matches my local copy). I understand this will be different from the one between TFS and Azure
  5. Went to TFSPreview.com => top left gear => project administration => services => no linked services seen
  6. Went to user profiles => connections => OAuth connection listed (MANAGE-PROD CLOUDAPP by Windows Azure) => removed it
  7. Within the Azure portal, linked the newly setup cloud service back to TFSPreview.com
  8. Locally in VS2012, disconnected TFS ('team' => 'disconnect')
  9. Locally in VS2012, logged out of TFS ('team' => 'connect' => 'sign out' at the bottom)
  10. Signed back into TFS, connected to the team project
  11. Made a trivial change => check in => triggered continuous deploy

=> Same error as before :?

Thanks

3
azuretfscontinuous-deployment

3 Answers

0
votes

TFS Preview is not using the same cert you have on your local dev box. When you connect the accounts Azure gives TFS a different cert and it is possible that is the one that has expired or is no longer there. If you have multiple projects connected to Azure the only option is to go into the admin site on TFSPreview (the gear in the upper right) and disconnect all projects that are connected to that subscription and then rerun the connection wizard. This will ensure we get a new valid certificate for your azure subscription. When you reconnect the subscription to the project we will find the existing build definitions and not create new ones.

0
votes

I had the same issue and for me the solution was to renew the certificate. See here: http://support.microsoft.com/kb/2780289

0
votes

This can happen if your certificate needs to be renewed in the Azure control panel.

It can also happen if you don't have a staging or production environment deployed first. I'm not entirely sure why since it deploys a new one, but this fixed the issue for me just now.