Nuget restore fails on Azure Devops with message “unable to load the service index for source”

29
votes

I have a build for a .NET solution that is running in a private agent. The solution contains both .NET Core 2.1 and .NET Standard 2.0 projects.

Some of the nuget packages installed are the following:

  • NETStandard.Library v2.0.3
  • Microsoft.AspNetCore.Mvc v2.0.0
  • Microsoft.NETCore.App v2.1.5

The build fails when trying to restore the nuget packages with the following error:

"F:\Agent01\w\141\s\xxxxxxx.sln" (Restore target) (1) -> (Restore target) -> C:\Program Files\dotnet\sdk\2.1.500\NuGet.targets(114,5): error : Unable to load the service index for source https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json. C:\Program Files\dotnet\sdk\2.1.500\NuGet.targets(114,5): error : Response status code does not indicate success: 401 (Unauthorized).

Build task is the following:

Nuget restore build task

This is the content of %appdata%\NuGet\nuget.config file in the build agent:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    <add key="MyFeed" value="https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <MyFeed>
      <add key="Username" value="LocalBuildAgent" />
      <add key="ClearTextPassword" value="xxxxxxxxxxx" />
    </MyFeed>
  </packageSourceCredentials>
</configuration>

I already checked a few similar questions but so far I wasn't able to find a solution for my problem.

Some notes:

  • Personal Access Token is NOT expired
  • This particular build runs successfully in other build agents
  • There is at least 1 build with a "nuget restore" task that was run successfully using this agent (regular nuget restore task, NOT .NET Core)
  • Tried restarting the build agent, without success
  • Tried specifying a specific version of nuget before the restore, without success
  • .NET Core SDK latest version in the build agent is 2.1.500 (multiple versions installed)

What am I missing? How to fix this issue? Why can't I restore the packages using the dotnet restore command?

UPDATE:

Packages are restored without errors when using the old Nuget Restore task as follows:

Build definition

UPDATE 2:

I am able to restore the packages using the .NET Core task v1:

Screenshot - restore packages using the .NET Core task v1

Or using v2 task with argument --force:

Screenshot - restore packages using --force

4
c#.net-corenugetazure-devopsbuild-agent
have you got the url correct since the devopsification? I know things have moved, where does it say your source is in the artifacts tab? for example mine is now: pkgs.dev.azure.com/account/_packaging/feedname/nuget/v3/…, still looks similarLuke Duddridge
@LukeDuddridge yes, I believe the package source URL is correct.Rui Jarimba
I found the similar issue on the Github, it said this issue should be fixed at 4.8, but I found that you have use the 4.8.1. github.com/NuGet/Home/issues/5265. If you can reproduce this issue steadily, you can reopen this issue.Leo Liu-MSFT
@RuiJarimba using Nuget 4.8.1 solved my issue with this. I had the issue occur after we turned on the new devops url.cal5barton
What seemed to help me was using --force on dotnet restore or dotnet publish commandsMateusz Migała

4 Answers

17
votes

I found a solution - add the following package source to %appdata%\NuGet\nuget.config:

<add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />

Complete file looks like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    <add key="MyFeed" value="https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <MyFeed>
      <add key="Username" value="LocalBuildAgent" />
      <add key="ClearTextPassword" value="xxxxxxxxxxx" />
    </MyFeed>
  </packageSourceCredentials>
</configuration>

Also, check Regression in .NET SDK 500: 'dotnet tool install' fails with 401 (Unauthorized) when there is a private feed in NuGet.config #7524. This problem seems to be caused by .NET SDK 2.1.500.

Another workaround would be to uninstall that version:

The issue is not present in .NET Core SDK 2.1.400, e.g. it goes away when .NET Core SDK 2.1.500 is uninstalled, and reappears when SDK 2.1.500 is installed again.

2
votes

I had to change the nuget installer to 4.8.1 in order for this to work after switching VSTS url to the new Azure Devops url.

enter image description here

2
votes

Using the latest "Use .NET Core sdk 2.1.504" task worked for me. Seems there are some buggy versions of .NET Core sdk 2.1.5xx out there.

0
votes

I encountered the same issue but for a different reason - not having granted the PAT the appropriate access flags. The Packaging (Create, read, update, and delete feeds and packages) scope is required for the PAT, I had before only set the PAT to have a scope of Build (Artifacts, definitions, requests, queue a build, and updated build properties) having mistaken Artifacts as including private package feeds!

The user experience in VS (both 2015 and 2017) wasn't at all helpful though, both versions repeatedly popping-up the credentials dialog instead of giving more information about what the reason might be (apart from the 401 error response, the clue being in the 'Unauthorized' word though ...).

To summarize the steps to consume a private DevOps package feed -

  • In DevOps create a new PAT having the Packages scope as above
  • In DevOps also get the package source URL from the Connect to feed page under Artifacts > Packages (this is required for the -source parameter for 'nuget sources add')

  • Add the package source (with credentials) to your %APPDATA%\NuGet\NuGet.config using -

    nuget.exe sources add -name {your_package_feed_name} -source https://pkgs.dev.azure.com/{your_org}/_packaging/{your_feed}/nuget/v3/index.json -username PATForPackages -password {the_pat_value_you_got_from_azure_devops}

Note: nuget sources add will Base-64 encode the PAT into the packageSourceCredentials Password setting. Also being in your user profile the NuGet.config file is relatively secure provided you keep it secured there, the downside is that this is a host pre-requisite, a consequence of nuget not having in-built Azure DevOps authentication.