azure-devopsazure-pipelinescicdvirtual-machine-scale-set

Virtual machine scale set and agent pool in Devops


I created the Agent pool using my VMSS at one of my customer.

Today customer complained the jobs are queued for so long and never runs. I went to check and I see this error:

We are unable to connect to your virtual machine scale set. Please go to the pool settings tab and verify your Azure Subscription settings.

I went to settings to see more details and to try to edit the Agent pool which is created by my user but I have this error:

VS30063: You are not authorized to access https://management.azure.com.

What is the issue? Im not sure if customer has removed some specific permissions from but I cant trouble shoot much. any ideas what could go wrong here? I still can access their Subscripion and RG tho.

enter image description here


Solution

  • VS30063: You are not authorized to access https://management.azure.com.

    I can reproduce the same issue when the service connection related service principal secret is expired.

    enter image description here

    You can navigate to Project Settings -> Service Connections -> Find related service connection: Data Analytics - Shared -> Click Manage App registration option to find the related Service Principal in Azure Portal.

    test

    Then you can select Certificates & secrets tab and check if the client secret is expired.

    To solve this issue, you can refer to the following steps to refresh the client secret.

    Automatically Type Service Principal ARM service connection

    Step1: Navigate to Project Settings -> Service Connections and find the target service connection.

    Step2: Edit the service connection and click the Save option

    For example:

    enter image description here

    In this case, the client secret will be refreshed automatically and the service connection can work again.

    If you are using Manually type Service Principal ARM service connection, you need to update the Service principal key field of the service connection.

    For example:

    enter image description here

    On the other hand, you can also consider creating a new manually type Service Principal ARM service connection with the existing Service Principal and client secret.