Classic release pipeline fails to download packages from DevOps package feed
I have a couple of classic DevOps release pipelines, which are inconsistently failing to download universal packages from our DevOps release feed. They used to both work fine, and now one of them fails with one release feed, while the other succeeds with the other release feed.
The one which reads from our NZ-Release feed consistently fails with what appears to be a timeout talking to the feed:
[command]C:\azagent\A1\_work\_tool\artifacttool\0.2.394\x64\ArtifactTool.exe universal download --feed CORRECTFEEDID --service https://vsrm.dev.azure.com/Hexagon-SI-Oceania/ --package-name hxgnnz --package-version 0.0.403 --path C:\azagent\A1\_work\r1\a/hxgnnz/ --patvar UNIVERSAL_DOWNLOAD_PAT --verbosity Error --filter ** --project CORRECTPROJECTID
2025-04-28T23:39:02.1378277Z {"@t":"2025-04-28T23:39:02.0823358Z","@m":"Encountered an unexpected error.","@i":"b8be900d","@l":"Error","@x":"Microsoft.VisualStudio.Services.Content.Common.AsyncHttpRetryHelper+RetryableException: Attempt timed out after 00:01:00
The timeout on the deployment process doing this artifact download job is set to 0, which claims to inherit the timeout from the parent pipeline. I can't find any evidence of a timeout being set on the parent, but in any case, as we'll see in a moment, creating a dummy release pipeline and upping the timeout to 10 has no effect.
The job is set to run on a deployment group, but logging in to one of the machines in that deployment group, and running the same command (but with a manually supplied UNIVERSAL_DOWNLOAD_PAT variable) succeeds in a handful of seconds:
>C:\azagent\A2\_work\_tool\artifacttool\0.2.394\x64\ArtifactTool.exe universal download --feed CORRECTFEEDID --service https://vsrm.dev.azure.com/Hexagon-SI-Oceania/ --package-name hxgnnz --package-version 0.0.403 --path C:\azagent\A1\_work\r1\a/hxgnnz/ --patvar UNIVERSAL_DOWNLOAD_PAT --verbosity Error --filter ** --project CORRECTPROJECTID
{"Version":"0.0.403","SuperRootId":...
The existing release pipeline which works is 100% identical command-line, except it draws from a different artifact feed (NZ-Test). In order to experiment with it, I created a new classic release pipeline, with just a single artifact:
and one job which downloads the artifact:
And this pipeline fails for either artifact feed, with the same timeout message, even though I've manually set the timeout to 10 minutes. In both cases, I can still login to a target machine and manually run the artifacttool command-line - with a manually-supplied PAT - and it works fine. The original NZ-Test pipeline which works, had by this time run again on its' regular schedule, and still works fine.
I'm wondering if there could be something wrong with the PAT supplied by the DevOps pipeline? But then you'd sort of expect it to get them all wrong, instead of the one still working while both the other old one and my new test consistently fail. I have no idea how to identify what PAT it might be using though.
Turned out to be a sneaky firewall issue. Thought I'd ruled that out by testing from the command-line, but it turns out there is some kind of hidden proxy that is used by Windows for our interactive logins, but not for the Azure agent. As for why it suddenly stopped working, we think maybe Microsoft changed / added some new ips that weren't covered by our old firewall exception
- Does anyone know how to use the Doxygen Tool in Azure DevOps?
- Failed to check the resource group status: 403 while deploying ARM template using CD pipeline through service principal/connection
- Azure DevOps is not notifying changes to Comments
- Connecting to an Azure Devops private NuGet in vs code
- Azure DevOps Pull work items in tree level in Excel
- Nesting Expressions in Azure DevOps
- Can Azure DevOps be used to install certificates?
- Devops self hosted agent - submodule checkout SSH host key verification failed
- Access Azure DevOps Artifact Feed from different organization
- Git: intermittent failure with remotes "Recv failure: Connection was reset"
- Why does the Azure Pipelines Build Agent not use the latest version?
- Creating a host key on newly created function app fails
- How can we specify the branch for Manual + PR builds in Resources:Repositories:Repository:Ref?
- ##[error]Error: Error: Failed to deploy web package to App Service. Conflict (CODE: 409)
- How to setup CICD for Azure Databricks using Azure DevOPS?
- How can I know if the pipeline is using a Microsoft-hosted agent or self-hosted agent
- What are the "Pre-job" and "Post-job" tasks appearing in Azure DevOps Pipeline Logs?
- Can Azure pipelines cache public images?
- /azure-pipeline.yml (Line: 52, Col: 9): Unexpected value 'outputs' - Error in Azure build pipeline
- Using renovate with Azure Devops and Azure feed - authentication issue
- How do I add a required reviewer when people of a given team create a pull request in DevOps?
- Azure DevOps API Add public key
- Azure DevOps how to edit Wiki page via REST API
- How can I report logged task time by user and day in Azure DevOps?
- Time tracking in Visual Studio Online
- TFS build write message to summary
- Are Azure DevOps pipeline variables automatically exported to the environment?
- Approving pipeline stage in Azure Devops via API
- How to add/update approvers for environments through REST API on Azure DevOps
- Get info about approvals and checks for Azure DevOps environments