Error: The remote server returned an error: (401) Unauthorized

[Bouke]

Hi Mario, thanks for the plugin. It used to work for us and was of great help. However our deployment showed the following error in the release log:

2018-04-23T18:18:46.0647509Z ##[section]Starting: Retain indefinitely current release
2018-04-23T18:18:46.0657494Z ==============================================================================
2018-04-23T18:18:46.0657494Z Task         : Retain indefinitely current release
2018-04-23T18:18:46.0657494Z Description  : This task will allow you to mark the current release to be retained indefinitely
2018-04-23T18:18:46.0657494Z Version      : 1.1.0
2018-04-23T18:18:46.0657494Z Author       : Mario Majcica
2018-04-23T18:18:46.0657494Z Help         : On a successful release to production, usually you will mark the release to be retained for certain amount of time. This task will automate the desired behaviour, by marking the current release to be retained indefinitely.
2018-04-23T18:18:46.0657494Z ==============================================================================
2018-04-23T18:18:47.5747743Z ##[error]The remote server returned an error: (401) Unauthorized.
2018-04-23T18:18:47.5907715Z ##[section]Finishing: Retain indefinitely current release

The "Manage releases" is set to "allow" for the build service. I'm not sure what to do about this, have you got any suggestions?

[mmajcica]

Hi @Bouke,

what is the identity on which your build agent is running? Are you able to share a screenshot of Permission window of 'All release definitions'?

[mmajcica]

If you are using TFS there is a project level build service account, like in the following example:

In order for the task to work, the specific project level build service also needs the 'Manage Releases' permission set.

[Bouke]

Sure! We're on VSTS. These are setup like this:

All release definitions:

My Release Definition:

[Bouke]

Don't know if relevant: we're using a self-hosted agent.

[mmajcica]

Are you using hosted or private agents? If private, what is the identity they are running on?

On Wed, 25 Apr 2018, 20:58 Bouke Haarsma, notifications@github.com wrote:

Sure! We're on VSTS. These are setup like this: All release definitions:

[image: screen_shot_2018-04-25_at_20_55_00] https://user-images.githubusercontent.com/235882/39266697-0676e13a-48cb-11e8-89fd-13a6d89af13f.png My Release Definition:

[image: screen_shot_2018-04-25_at_20_54_30] https://user-images.githubusercontent.com/235882/39266727-1b0f783c-48cb-11e8-9c7c-0606722921fd.png

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mmajcica/retain-release/issues/2#issuecomment-384397647, or mute the thread https://github.com/notifications/unsubscribe-auth/AC4ud2SuePSEvvlmJzf1LfEyAt9r15eyks5tsMdigaJpZM4TgocC .

[Bouke]

It's a private agent. I think you're referring to these credentials? What should be added here? "Release (read, write, execute and manage)"?

[mmajcica]

Well, you answered yourself here. Can you try flagging that Release (read, write, execute and manage) option, then use the newly created PAT key with your agent and then retry?

[mmajcica]

You can also try it via a script

$Pat = "fdxtop6poxvonnlndaz5xf4smah3uq6ja6rpxzg7rrtnponrtxta"
$collectionUrl = "https://mummy.vsrm.visualstudio.com"
$project = "TestProject"
$releaseId = "53"

$encodedCredentials = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$Pat"))

$uri = "$collectionUrl/$project/_apis/release/releases/$($releaseId)?api-version=3.0-preview.2"

Invoke-RestMethod -Uri $uri -Method Patch -ContentType "application/json" -Body "{keepforever:true}" -Headers @{ Authorization = "Basic $encodedCredentials"}

Just set the variables to match your case and fire it. If that account has sufficient permissions, your release should be marked as retained.

[mmajcica]

@Bouke any updates?

Thanks

[Bouke]

We don't deploy that often. I've updated the PAT -- will know in a week or so if it was successful. Thank you for your time!

[Bouke]

So I've updated the PAT (from the VSTS web interface), but after deploying the same error appears:

2018-05-14T15:21:08.1077285Z ##[error]The remote server returned an error: (401) Unauthorized.

Do I need to restart/reconfigure my VSTS agent before the new permissions take effect?

[mmajcica]

Hi,

sure you do. Reconfigure the agent with the new PAT.

[mmajcica]

@Bouke Did reconfigure of the agent did the trick?

[Bouke]

So I configured the agent with the new PAT, and as a test added the task to the Acceptance environment. All seemed well:

2018-05-22T09:45:15.1462495Z ##[section]Starting: Retain indefinitely current release (test)
2018-05-22T09:45:15.1462495Z ==============================================================================
2018-05-22T09:45:15.1462495Z Task         : Retain indefinitely current release
2018-05-22T09:45:15.1462495Z Description  : This task will allow you to mark the current release to be retained indefinitely
2018-05-22T09:45:15.1462495Z Version      : 2.1.0
2018-05-22T09:45:15.1462495Z Author       : Mario Majcica
2018-05-22T09:45:15.1462495Z Help         : On a successful release to production, usually you will mark the release to be retained for certain amount of time. This task will automate the desired behaviour, by marking the current release to be retained indefinitely.
2018-05-22T09:45:15.1462495Z ==============================================================================
2018-05-22T09:45:15.7392503Z Release '1.9.7.2399' is marked with Retain indefinitely flag.
2018-05-22T09:45:15.7462522Z ##[section]Finishing: Retain indefinitely current release (test)

However, when deploying to production yesterday it failed:

2018-05-22T21:03:13.2815591Z ##[section]Starting: Retain indefinitely current release
2018-05-22T21:03:13.2815591Z ==============================================================================
2018-05-22T21:03:13.2815591Z Task         : Retain indefinitely current release
2018-05-22T21:03:13.2815591Z Description  : This task will allow you to mark the current release to be retained indefinitely
2018-05-22T21:03:13.2815591Z Version      : 1.1.0
2018-05-22T21:03:13.2815591Z Author       : Mario Majcica
2018-05-22T21:03:13.2815591Z Help         : On a successful release to production, usually you will mark the release to be retained for certain amount of time. This task will automate the desired behaviour, by marking the current release to be retained indefinitely.
2018-05-22T21:03:13.2815591Z ==============================================================================
2018-05-22T21:03:14.8075062Z ##[error]The remote server returned an error: (401) Unauthorized.
2018-05-22T21:03:14.8234985Z ##[section]Finishing: Retain indefinitely current release

Comparing these logs, it appears that the versions are different? But how's that possible, given that both deployments were performed by the same VSTS agent?

[mmajcica]

As the version 1.1.0 shipped with the first version of the task, it was based on PS3 handler. Later, in the 2.x version, I implemented the logic of the task with the Node handler. Considering that the task may be used, after the upgrade, both versions should be on your TFS instance. Looks like that you updated the task you used for the PAT meanwhile in PROD still the old version is used. Can you verify in the list of tasks for the PROD if the latest version is used?

[Bouke]

The configuration is as follows:

[mmajcica]

Can you remove the extension, then verify with tfx-cli that task is not on your system? Can we get on chat somewhere, I would like you to get this solved.

[Bouke]

All of a sudden it switched over to version 2, without me doing anything. I'll keep monitoring, but so far so good. Thanks a lot for your time!