81

I have a build for a .NET solution that is running in a self-hosted agent. The solution contains both .NET Core 2.1 and .NET Standard 2.0 projects.

Some of the nuget packages installed are the following:

  • NETStandard.Library v2.0.3
  • Microsoft.AspNetCore.Mvc v2.0.0
  • Microsoft.NETCore.App v2.1.5

The build fails when trying to restore the nuget packages with the following error:

"F:\Agent01\w\141\s\xxxxxxx.sln" (Restore target) (1) -> (Restore target) -> C:\Program Files\dotnet\sdk\2.1.500\NuGet.targets(114,5): error : Unable to load the service index for source https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json. C:\Program Files\dotnet\sdk\2.1.500\NuGet.targets(114,5): error : Response status code does not indicate success: 401 (Unauthorized).

Build task is the following:

Nuget restore build task

This is the content of %appdata%\NuGet\nuget.config file in the build agent:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    <add key="MyFeed" value="https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <MyFeed>
      <add key="Username" value="LocalBuildAgent" />
      <add key="ClearTextPassword" value="xxxxxxxxxxx" />
    </MyFeed>
  </packageSourceCredentials>
</configuration>

I already checked a few similar questions but so far I wasn't able to find a solution for my problem.

Some notes:

  • Personal Access Token is NOT expired
  • This particular build runs successfully in other build agents
  • There is at least 1 build with a "nuget restore" task that was run successfully using this agent (regular nuget restore task, NOT .NET Core)
  • Tried restarting the build agent, without success
  • Tried specifying a specific version of nuget before the restore, without success
  • .NET Core SDK latest version in the build agent is 2.1.500 (multiple versions installed)

What am I missing? How to fix this issue? Why can't I restore the packages using the dotnet restore command?

UPDATE:

Packages are restored without errors when using the old Nuget Restore task as follows:

Build definition

UPDATE 2:

I am able to restore the packages using the .NET Core task v1:

Screenshot - restore packages using the .NET Core task v1

Or using v2 task with argument --force:

Screenshot - restore packages using --force

Improve this question
13
  • have you got the url correct since the devopsification? I know things have moved, where does it say your source is in the artifacts tab? for example mine is now: pkgs.dev.azure.com/account/_packaging/feedname/nuget/v3/…, still looks similar Commented Nov 22, 2018 at 13:21
  • @LukeDuddridge yes, I believe the package source URL is correct. Commented Nov 22, 2018 at 14:16
  • I found the similar issue on the Github, it said this issue should be fixed at 4.8, but I found that you have use the 4.8.1. github.com/NuGet/Home/issues/5265. If you can reproduce this issue steadily, you can reopen this issue. Commented Nov 23, 2018 at 9:47
  • 2
    @RuiJarimba using Nuget 4.8.1 solved my issue with this. I had the issue occur after we turned on the new devops url. Commented Feb 13, 2019 at 22:58
  • 2
    What seemed to help me was using --force on dotnet restore or dotnet publish commands Commented Jul 14, 2020 at 5:32

11 Answers 11

Reset to default
73

For thoses comming here in 2021 for the same error message, adding the NuGetAuthenticate@1 task before the pack command may be the missing piece:

- task: NuGetAuthenticate@1

- task: DotNetCoreCLI@2
  inputs:
    command: 'pack'
    packagesToPack: $(projectPath)
    includesymbols: true
    includesource: true
    versioningScheme: 'off'
    verbosityPack: Normal
  displayName: 'Dotnet Pack'

Update response to use NuGetAuthenticate@1 instead of NuGetAuthenticate@0 in response to reflect Paul Hatcher revision in code.

Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

Its now 2022 - this just worked for me! In my case, I had a dotnet restore task right before a publish task. The restore task successfully pulled from my private artifact feeds and restored the projects without hassle. Before adding this, the publish task was failing with a 401. Any idea why I needed this for the publish command and not the restore command? I guess the question here is why could I pull but not push to the feed when the build service had contributor access to the artifacts feed?
Adding the task: NuGetAuthenticate@1 worked for me too
I also had to turn off "Limit job authorization scope to current project" in the project's Pipeline Settings.
I also needed to add the user that the NuGetAuthenticate task logged as a Reader at Artifacts, Feed Settings, Permissions.
it's 2024, I added NuGetAuthenticate@1 before NuGet Restore, worked like a charm!
|
22

I found a solution - add the following package source to %appdata%\NuGet\nuget.config:

<add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />

Complete file looks like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    <add key="MyFeed" value="https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <MyFeed>
      <add key="Username" value="LocalBuildAgent" />
      <add key="ClearTextPassword" value="xxxxxxxxxxx" />
    </MyFeed>
  </packageSourceCredentials>
</configuration>

Also, check Regression in .NET SDK 500: 'dotnet tool install' fails with 401 (Unauthorized) when there is a private feed in NuGet.config #7524. This problem seems to be caused by .NET SDK 2.1.500.

Another workaround would be to uninstall that version:

The issue is not present in .NET Core SDK 2.1.400, e.g. it goes away when .NET Core SDK 2.1.500 is uninstalled, and reappears when SDK 2.1.500 is installed again.

Improve this answer

1 Comment

In DevOps scenario I think NuGet.config must be place inside repo, correct?
8

The solution that worked for me is:

  • go to Azure Artifacts,
  • select the feed components that your aplication needs,
  • and in permissions, add the account of the Project Collection Build Service to this feed,

and voila, my build pipeline worked and restored correct the csproj.

Improve this answer

2 Comments

"viola" lol ha ha
For me, this approach not only works but also got rid of warning NU1900: Error occurred while getting package vulnerability data during restore. So it feels like this is the correct solution?
7

Here are the steps that helped me fix this same issue in Visual Studio when I was trying to build a solution that was using a NuGet package hosted in Azure DevOps.

  1. Make sure that you have Owner or Contributor permissions to the Feed in Azure DevOps.

enter image description here

  1. Then in Visual Studio make sure that you are signed in using the account that has the permissions from the previous step.

enter image description here

  1. Finally rebuild the solution.

Hopefully this fix your issue too!

Improve this answer

2 Comments

It helped me because I changed the password for the corporate account, so I just entered it and all packages was restored
Thanks! Signing in to Visual Studio and rebuilding fixed it for me. (I didn't realise I wasn't signed in on my new PC. Visual Studio 2022, Windows 11).
6

I encountered the same issue but for a different reason - not having granted the PAT the appropriate access flags. The Packaging (Create, read, update, and delete feeds and packages) scope is required for the PAT, I had before only set the PAT to have a scope of Build (Artifacts, definitions, requests, queue a build, and updated build properties) having mistaken Artifacts as including private package feeds!

The user experience in VS (both 2015 and 2017) wasn't at all helpful though, both versions repeatedly popping-up the credentials dialog instead of giving more information about what the reason might be (apart from the 401 error response, the clue being in the 'Unauthorized' word though ...).

To summarize the steps to consume a private DevOps package feed -

  • In DevOps create a new PAT having the Packages scope as above
  • In DevOps also get the package source URL from the Connect to feed page under Artifacts > Packages (this is required for the -source parameter for 'nuget sources add')

  • Add the package source (with credentials) to your %APPDATA%\NuGet\NuGet.config using -

    nuget.exe sources add -name {your_package_feed_name} -source https://pkgs.dev.azure.com/{your_org}/_packaging/{your_feed}/nuget/v3/index.json -username PATForPackages -password {the_pat_value_you_got_from_azure_devops}

Note: nuget sources add will Base-64 encode the PAT into the packageSourceCredentials Password setting. Also being in your user profile the NuGet.config file is relatively secure provided you keep it secured there, the downside is that this is a host pre-requisite, a consequence of nuget not having in-built Azure DevOps authentication.

Improve this answer

3 Comments

Can you screenshot the permissions you needed to add to get this working? Can you perhaps add a shot of where you initially missed the correct permissions? A diff?
Simple solution and worked perfectly after hours lost on trying to make SET VSS_NUGET_EXTERNAL_FEED_ENDPOINTS={} work, thanks
I had a similar problem in 2023: just didn't get Visual Studio 2022 to fetch my own Artifacts from DevOps with a valid Personal Access Token and integration with DevOps git repository working flawlessly Using your suggestion worked fine (quitting the build tin integration and re adding the NuGet sources manually) The command has slightly changed using dotnet nuget and now looks like: dotnet nuget add source https://pkgs.dev.azure.com/{your_org}/_packaging/{your_feed}/nuget/v3/index.json -n {your_package_feed_name} -u PATForPackages -p {the_pat_value_you_got_from_azure_devops}
5

A quick note for anyone who might visit this answer in 2023 - this issue can sometimes be completely intermittent. I had a working pipeline on Friday, but today, Monday it failed with this message.

While perusing this SO page, I happened to notice and correct a completely unrelated code issue (a comment that needed deleting) and checked that in while continuing to read the answers here. Imagine my surprise when on switching back to the build, it had completed.

So one possible answer is: just try running the build again.

Sigh.

Edit: Seems that at the time I had this problem, the service status for Azure Devops - Artefacts was "degraded". So check that before changing your pipeline.

Improve this answer

2 Comments

Returned to this months later with the same issue - and this time, lo and behold, the PAT had expired.
Fwiw it did seem to be intermittent for us too, but ended up appearing more and more consistent. I suspect that some other step authenticated and if running the pipeline again right after, that authentication just might still be valid, on occasion. Adding auth step solved it for us, as per this answer: stackoverflow.com/a/69990652/1073313
5

In my case, it was a silly thing: the Azure Devops PAT (personal access token) had expired.

By the way, I recommend specifying only the source in the nuget.config file, and then adding the credentials in this way:

dotnet nuget update source your-source-name -u "[email protected]" -p "PAT obtained from Azure devops with appropriate packaging permissions"

This adds the credential to a file in your user profile, and machine encoded, so it's quite safe. You shouldn't expose your PAT as clear text.

Remember that PATs expire by default in 1 month, or max, 12 months, if you change the default expiration.

Improve this answer

Comments

3

Using the latest "Use .NET Core sdk 2.1.504" task worked for me. Seems there are some buggy versions of .NET Core sdk 2.1.5xx out there.

Improve this answer

1 Comment

We are seeing this 401 error with dotnetcore-sdk:2.1.503 - must be fixed with 504 as confirmed with this posting. Tried using Devops Net Core SDK Task but it didn't work for me with self-hosted agent, but using Nuget Restore Task and manually assigning the nuget.config worked. Definitely an SDK tooling issue.
3

In our case our set up is one where we are running Azure DevOps Server 2020 on premises so we don't need to authenticate in the build pipeline YAML. The artifact/nuget repository is all part of the same system as our build server. The issue ended up being that Pipeline settings had limited our access to just the scope of the project. To fix it we did the following.

  1. In Azure DevOps go to the project home page.
  2. Click on the Gear Settings icon located on the bottom left of the page.
  3. Under the Pipelines section of the settings menu click on Settings.
  4. Under the General section of the Pipelines Settings page make sure that the Limit job authorization scope to the current project for non-release pipelines, Limit job authorization scope to the current project for release pipelines, and Limit job authorization scope to the referenced Azure DevOps repositories options are unselected. Screenshot below provides an example of what the selections should look like. enter image description here
Improve this answer

Comments

2

I had to change the nuget installer to 4.8.1 in order for this to work after switching VSTS url to the new Azure Devops url.

enter image description here

Improve this answer

3 Comments

Unfortunately, this will only work if you are targeting a single TargetFramework. If you are using TargetFrameworks with more than one, it will cause dotnet build to fail when using the --no-restore parameter. That said, if you remove the --no-restore parameter on dotnet build the credentials for Azure Artifacts seem to be cached from nuget restore so the restore using dotnet restore (or dotnet build without --no-restore) then functions and restores all of your TargetFrameworks.
Thanks @NightOwl888 for sharing this workaround. It worked for me, and I intend to use it. Another reason for the success of this workaround could be that dotnet restore obtains the packages from a cache instead of accessing the artifact feed using cached credentials. Just guessing though. I don't actually know why this works.
I think it is because of cached NuGet packages. It is not cached credentials because my logs show that dotnet restore is still unable to authenticate. On the other hand, before my program began depending on locally hosted NuGet packages, dotnet restore was taking about 72 seconds, but it only takes about 5 seconds when running after nuget. Furthermore, nuget only takes about 37 seconds, so running both is FASTER by about 40%!
-1

The problem is the configured source

You could have a nuget.config with multiple sources, some of those sources could be your company artifacts, which is the reason it is throwing an error

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="My Company" value="https://....index.json" /> <!-- remove this -->
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    
    
  </packageSources>
</configuration>

In my case I was trying to install a tool: dotnet tool install ZeroQL.CLI and I got that 401 error

I just removed those source temporary to let me install the tool, maybe the order matters.. I had my Company feed first

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.