尝试在 Windows 10 上配置 TFS 代理时出错
Getting An Error When Trying To Configure A TFS Agent On Windows 10
我有一个自托管的 TFS,我正尝试在 Windows 10 机器上为其配置代理。我运行配置脚本。我将 URL 输入到我的 TFS 实例,并且我 select 默认身份验证类型。该脚本尝试连接,但 returns 并显示错误消息:"TFS Resource not available for anonymous access. Client authentication required."
我可以访问URL 我通过网络浏览器进入脚本,所以我知道机器可以访问它。我使用 fiddler 来监控流量,而脚本试图连接到 URL。 Fiddler 显示了脚本尝试连接的 URL (http://{mydomain}/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1)。单击它时,URL 在浏览器中打开。当我输入我的凭据时,我得到一个 JSON 响应,当脚本试图访问那个 URL 时我没有得到这个响应。根据 fiddler 的说法,脚本请求 returns 一个错误页面。该脚本从不询问我的凭据,这与我尝试通过浏览器访问 fiddler 中的 URL 不同。
我确实检查了托管我的 TFS URL 的 IIS 网站的身份验证配置。它启用了匿名访问,使用 NTLM 作为提供者启用了 windows 身份验证,并且禁用了其他方法。我确实尝试将 Negotiate 添加为 windows 身份验证提供程序,但这并没有解决问题。
关于如何解决这个问题,我不知所措。任何指针、参考、潜在的解决方案等都将不胜感激。谢谢
下面是TFS提供的用于配置代理的批处理文件的代码:
@echo off
rem ********************************************************************************
rem Unblock specific files.
rem ********************************************************************************
setlocal
if defined VERBOSE_ARG (
set VERBOSE_ARG='Continue'
) else (
set VERBOSE_ARG='SilentlyContinue'
)
rem Unblock the following types of files:
rem 1) The files in the root of the layout folder. E.g. .cmd files.
rem
rem 2) The PowerShell scripts delivered with the agent. E.g. capability scan scripts under "bin\"
rem and legacy handler scripts under "externals\vstshost\".
rem
rem 3) The DLLs potentially loaded from a PowerShell script (e.g. DLLs in Agent.ServerOMDirectory).
rem Otherwise, Add-Type may result in the following error:
rem Add-Type : Could not load file or assembly 'file:///[...].dll' or one of its dependencies.
rem Operation is not supported.
rem Reproduced on Windows 8 in PowerShell 4. Changing the execution policy did not appear to make
rem a difference. The error reproduced even with the execution policy set to Bypass. It may be a
rem a policy setting.
powershell.exe -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$VerbosePreference = %VERBOSE_ARG% ; Get-ChildItem -LiteralPath '%~dp0' | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -Recurse -LiteralPath '%~dp0bin', '%~dp0externals' | Where-Object { $_ -match '\.(ps1|psd1|psm1)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -LiteralPath '%~dp0externals\vstsom', '%~dp0externals\vstshost' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null"
if "%~1" equ "remove" (
rem ********************************************************************************
rem Unconfigure the agent.
rem ********************************************************************************
"%~dp0bin\Agent.Listener.exe" %*
) else (
rem ********************************************************************************
rem Configure the agent.
rem ********************************************************************************
"%~dp0bin\Agent.Listener.exe" configure %*
)
代理的控制台输出:
>> Connect:
Enter server URL > http://{mydomain}/
Enter authentication type (press enter for Integrated) >
Connecting to server ...
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect. Try again or ctrl-c to quit
Enter server URL > http://{mydomain}/
Enter authentication type (press enter for Integrated) > Negotiate
Enter user name > {myUserName}
Enter password > {myPassword}
Connecting to server ...
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect. Try again or ctrl-c to quit
Enter server URL >
来自日志文件的堆栈跟踪:
[2020-04-13 16:18:39Z ERR Terminal] Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: TF400813: Resource not available for anonymous access. Client authentication required.
at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.<SendAsync>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.<SendAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.Http.HttpClient.<FinishSendAsync>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__42`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.<ConnectAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.AgentServer.<ConnectAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.BuildReleasesAgentConfigProvider.<TestConnectionAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.<ConfigureAsync>d__7.MoveNext()
我试过在本地 TFS 中部署代理,发现默认身份验证类型是 Integrated,请尝试使用 negotiate 代替:
为了解决这个问题,我进入了我的 TFS。打开IIS。转至承载 TFS 门户的 Web 应用程序。点击验证。打开了 Windows 身份验证的提供程序。我将协商添加到列出并将其移动到 NTLM 之前。我重置了应用程序所在的网站。如果协商不在 NTLM 之前,任何与我的服务器的连接 URL 都会被视为我自动取消了身份验证提示。
我回到了我要配置代理的机器上。我 运行 以管理员身份配置脚本。我进入了服务器URL。我告诉配置脚本使用协商作为身份验证类型。我输入了我的凭据。连接成功了。该过程的其余部分按原样进行。
我有一个自托管的 TFS,我正尝试在 Windows 10 机器上为其配置代理。我运行配置脚本。我将 URL 输入到我的 TFS 实例,并且我 select 默认身份验证类型。该脚本尝试连接,但 returns 并显示错误消息:"TFS Resource not available for anonymous access. Client authentication required."
我可以访问URL 我通过网络浏览器进入脚本,所以我知道机器可以访问它。我使用 fiddler 来监控流量,而脚本试图连接到 URL。 Fiddler 显示了脚本尝试连接的 URL (http://{mydomain}/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1)。单击它时,URL 在浏览器中打开。当我输入我的凭据时,我得到一个 JSON 响应,当脚本试图访问那个 URL 时我没有得到这个响应。根据 fiddler 的说法,脚本请求 returns 一个错误页面。该脚本从不询问我的凭据,这与我尝试通过浏览器访问 fiddler 中的 URL 不同。
我确实检查了托管我的 TFS URL 的 IIS 网站的身份验证配置。它启用了匿名访问,使用 NTLM 作为提供者启用了 windows 身份验证,并且禁用了其他方法。我确实尝试将 Negotiate 添加为 windows 身份验证提供程序,但这并没有解决问题。
关于如何解决这个问题,我不知所措。任何指针、参考、潜在的解决方案等都将不胜感激。谢谢
下面是TFS提供的用于配置代理的批处理文件的代码:
@echo off
rem ********************************************************************************
rem Unblock specific files.
rem ********************************************************************************
setlocal
if defined VERBOSE_ARG (
set VERBOSE_ARG='Continue'
) else (
set VERBOSE_ARG='SilentlyContinue'
)
rem Unblock the following types of files:
rem 1) The files in the root of the layout folder. E.g. .cmd files.
rem
rem 2) The PowerShell scripts delivered with the agent. E.g. capability scan scripts under "bin\"
rem and legacy handler scripts under "externals\vstshost\".
rem
rem 3) The DLLs potentially loaded from a PowerShell script (e.g. DLLs in Agent.ServerOMDirectory).
rem Otherwise, Add-Type may result in the following error:
rem Add-Type : Could not load file or assembly 'file:///[...].dll' or one of its dependencies.
rem Operation is not supported.
rem Reproduced on Windows 8 in PowerShell 4. Changing the execution policy did not appear to make
rem a difference. The error reproduced even with the execution policy set to Bypass. It may be a
rem a policy setting.
powershell.exe -NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "$VerbosePreference = %VERBOSE_ARG% ; Get-ChildItem -LiteralPath '%~dp0' | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -Recurse -LiteralPath '%~dp0bin', '%~dp0externals' | Where-Object { $_ -match '\.(ps1|psd1|psm1)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null ; Get-ChildItem -LiteralPath '%~dp0externals\vstsom', '%~dp0externals\vstshost' | Where-Object { $_ -match '\.(dll|exe)$' } | ForEach-Object { Write-Verbose ('Unblock: {0}' -f $_.FullName) ; $_ } | Unblock-File | Out-Null"
if "%~1" equ "remove" (
rem ********************************************************************************
rem Unconfigure the agent.
rem ********************************************************************************
"%~dp0bin\Agent.Listener.exe" %*
) else (
rem ********************************************************************************
rem Configure the agent.
rem ********************************************************************************
"%~dp0bin\Agent.Listener.exe" configure %*
)
代理的控制台输出:
>> Connect:
Enter server URL > http://{mydomain}/
Enter authentication type (press enter for Integrated) >
Connecting to server ...
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect. Try again or ctrl-c to quit
Enter server URL > http://{mydomain}/
Enter authentication type (press enter for Integrated) > Negotiate
Enter user name > {myUserName}
Enter password > {myPassword}
Connecting to server ...
TF400813: Resource not available for anonymous access. Client authentication required.
Failed to connect. Try again or ctrl-c to quit
Enter server URL >
来自日志文件的堆栈跟踪:
[2020-04-13 16:18:39Z ERR Terminal] Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: TF400813: Resource not available for anonymous access. Client authentication required.
at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.<SendAsync>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.<SendAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.Http.HttpClient.<FinishSendAsync>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.<SendAsync>d__42`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.<GetConnectionDataAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.<ConnectAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.AgentServer.<ConnectAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.BuildReleasesAgentConfigProvider.<TestConnectionAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.<ConfigureAsync>d__7.MoveNext()
我试过在本地 TFS 中部署代理,发现默认身份验证类型是 Integrated,请尝试使用 negotiate 代替:
为了解决这个问题,我进入了我的 TFS。打开IIS。转至承载 TFS 门户的 Web 应用程序。点击验证。打开了 Windows 身份验证的提供程序。我将协商添加到列出并将其移动到 NTLM 之前。我重置了应用程序所在的网站。如果协商不在 NTLM 之前,任何与我的服务器的连接 URL 都会被视为我自动取消了身份验证提示。
我回到了我要配置代理的机器上。我 运行 以管理员身份配置脚本。我进入了服务器URL。我告诉配置脚本使用协商作为身份验证类型。我输入了我的凭据。连接成功了。该过程的其余部分按原样进行。