所有自托管代理都无法连接到 devops 站点
All self-hosted agents cannot connect to devops site
今天早上我们所有的自托管代理都无法连接到 DevOps,它们失败了:
...
[2022-01-31 23:38:04Z ERR VisualStudioServices] Attempt 4 of GET request to https://dev.azure.com/xxxxxxxxxx/_apis/connectionData?connectOptions=1&lastChangeId=123456789&lastChangeId64=123456789 failed (Socket Error: ConnectionReset). The maximum number of attempts has been reached.
[2022-01-31 23:38:04Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2022-01-31 23:38:04Z INFO AgentServer] Catch exception during connect. 2 attempt left.
[2022-01-31 23:38:04Z ERR AgentServer] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
尝试卸载代理时出现同样的错误。尝试在不同的文件夹中安装新代理会出现同样的错误。
- 代理版本为 2.193 和 2.194
- 所有服务器都是 Win2012,并且托管在我们自己的非 Azure 位置
- 错误信息中的URL可以从服务器上的浏览器成功访问
- 在代理文件夹中执行
run.cmd --diagnostics 显示没有 errors/issues
有什么我想检查的吗?
这应该是由TLS1.2引起的。
Azure DevOps services will no longer accept connections coming over
TLS 1.0 / TLS 1.1 and require TLS 1.2 at a minimum from January 31,
2022. This applies to all HTTPS connections to Azure DevOps Services including web API, and git connections to
https://dev.azure.com/orgname and https://orgname.visualsdtudio.com/.
详情请见Deprecating weak cryptographic standards (TLS 1.0 and TLS 1.1) in Azure DevOps。
因此,请确保机器使用的是 TLS 1.2 协议或更高版本。查看 https://aka.ms/enableTlsv2 了解有关如何在您的计算机中启用 TLS 的更多信息。
您可以参考此文档启用TLS 1.2:https://docs.microsoft.com/en-us/configmgr/core/plan-design/security/enable-tls-1-2
今天早上我们所有的自托管代理都无法连接到 DevOps,它们失败了:
...
[2022-01-31 23:38:04Z ERR VisualStudioServices] Attempt 4 of GET request to https://dev.azure.com/xxxxxxxxxx/_apis/connectionData?connectOptions=1&lastChangeId=123456789&lastChangeId64=123456789 failed (Socket Error: ConnectionReset). The maximum number of attempts has been reached.
[2022-01-31 23:38:04Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2022-01-31 23:38:04Z INFO AgentServer] Catch exception during connect. 2 attempt left.
[2022-01-31 23:38:04Z ERR AgentServer] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
尝试卸载代理时出现同样的错误。尝试在不同的文件夹中安装新代理会出现同样的错误。
- 代理版本为 2.193 和 2.194
- 所有服务器都是 Win2012,并且托管在我们自己的非 Azure 位置
- 错误信息中的URL可以从服务器上的浏览器成功访问
- 在代理文件夹中执行
run.cmd --diagnostics显示没有 errors/issues
有什么我想检查的吗?
这应该是由TLS1.2引起的。
Azure DevOps services will no longer accept connections coming over TLS 1.0 / TLS 1.1 and require TLS 1.2 at a minimum from January 31, 2022. This applies to all HTTPS connections to Azure DevOps Services including web API, and git connections to https://dev.azure.com/orgname and https://orgname.visualsdtudio.com/.
详情请见Deprecating weak cryptographic standards (TLS 1.0 and TLS 1.1) in Azure DevOps。
因此,请确保机器使用的是 TLS 1.2 协议或更高版本。查看 https://aka.ms/enableTlsv2 了解有关如何在您的计算机中启用 TLS 的更多信息。
您可以参考此文档启用TLS 1.2:https://docs.microsoft.com/en-us/configmgr/core/plan-design/security/enable-tls-1-2