SSL_ERROR_SYSCALL in Azure Pipeline to access our internal TFS 2018 server

0
votes

I am trying since awhile to setup an Azure Pipeline to access our internal TFS 2018 server.

I created an "Other Git" Service Connection named: TFS_PRJ, I used this intranet URL: https://tfs.mycie.com/DefaultCollection/myProject/. For the authentication, I tried, my Windows domain account credentials as well as a PAT Token created in TFS with all access rights.

When I created the pipeline, I specified my self-hosted agent located on the same intranet and the master branch. Does this branch have an impact when accessing TFS? I can see in the logs: "Starting: Checkout TFS_PRJ@master to s". I don't see branches in TFS, should I create something in TFS to make it work?

When running the pipeline, I first have a timeout Run Pipeline

Then it runs and after 6-7 minutes, logs shows this error: fatal: unable to access 'https://tfs.myCie.com/DefaultCollection/myProject/': OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to tfs.myCie.com:443

I understood that to access this server, the agent should not use the proxy that is currently used in pipelines accessing GitHub. This bypass is usually done by using a proxy.pac file but I don't see how to use this file in agent configuration. To enable the proxy bypass with agent files, the .proxy file contains: http://abs-proxy.myCie.com:443 and the .proxybypass file contains: myCie.com

To test that the TFS server is accessible, I logged onto the agent server as the service account and in the IE Internet options, I added *.myCie.com to the trusted sites and then I was able to access https://tfs.mycie.com/DefaultCollection/myProject/. I am also able to ping the tfs.mycie.com server

So, I have several questions:

  • The branch part, is it normal to use the master branch while there is no branch in TFS or does it need something more?
  • When I run the pipeline, it gives a timeout as it can't connect to TFS but what account and what proxy does it try to use at this point? The one defined in the service connection?
  • About the SSL_ERROR_SYSCALL error, is it my syntax of the .proxybypass file that is wrong? "myCie.com", do you see anything thing else that could be done ?
  • Can there be some settings or access rights on the TFS server that I need to have or set ?

Update 1:

Thank you for this.
I created a YAML file in a Azure Repos with this content:

trigger:
- none

pool:
  name: 'myAgent'

steps:
- checkout: none

- task: CmdLine@2
  inputs:
    script: 'git clone -b master https://tfs.myCie.com/DefaultCollection/myProject'

Which returned:

Cloning into 'myProject'...
fatal: could not read Username for 'https://tfs.myCie.com': terminal prompts disabled

I should probably try with the PATToken in the URL...

On the agent, I added the Git folder of the agent to the path and ran:

git clone https://anything:[email protected]/defaultcollection/myProject

Which returned:

Cloning into 'myProject'...
fatal: Authentication failed for 'https://tfs.myCie.com/defaultcollection/myProject/'

Then I tried to clone it from the Team Explorer in VS2019.

I have found two lists of projects, tfs.myCie.com and "local Git repositories", I couldn't clone projects from tfs.myCie.com so I tried to clone in the local Git but it didn't worked, not sure it was the thing to do either...

I took this screenshot, could it be my TFS project that is not suited for this ?

enter image description here

1
tfsazure-pipelines

1 Answers

0
votes
  1. If you do not have other branch in TFS, it is normal to use the master branch, also we can specify branch name in the Get sources tab, please check the pic below.

enter image description here

  1. You could check the service connection in the project settings->Service connections. It accesses the TFS repo via service account, such as below.

enter image description here

  1. According to the error message OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to : It seems to be an issue in your network settings, maybe a proxy or a firewall blocking access to the remote repository.

You should check if your TFS server is behind the firewall or a proxy. If so, please turn it off and try again. Please also try running the clone command in a local machine directly to clone the affected repository to check if that works. If the server is behind a proxy, please try to set git configs for proxy something like this : git config --global http.proxy myproxy.com:8080

  1. You need configure the service account permission in the TFS Version Control.

Update1

Please check the sample, I disable the checkout step and add cmd to clone TFS 2018 repo, then publish it to Artifacts to check the content.

Note: The repo will save in the self-hosted agent folder, we could add task Power shell at the end and call script to delete the repo folder.

trigger:
- none

pool:
  name: Default


steps:
- checkout: none

- task: CmdLine@2
  inputs:
    script: 'git clone -b {branch name} {TFS repo URL}'
  
- task: CopyFiles@2
  inputs:
    SourceFolder: '$(Agent.BuildDirectory)'
    Contents: '**'
    TargetFolder: '$(build.artifactstagingdirectory)'

- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: '$(build.artifactstagingdirectory)'
    ArtifactName: 'drop'
    publishLocation: 'Container'

Result:

enter image description here

Update2

It’s mainly caused by the credentials have been remembered by Credential Manager. You should remove the credentials for https://tfs.myCie.com which have been stored in Credential Manager.

you can open Credential Manager -> Windows Credentials -> under Generic Credentials -> remove the credentials like git:https://tfs.myCie.com

In addition, please also delete the Visual Studio cache.

enter image description here

Note: You could also try to clone repo on a new machine.