PowerShellGetv2
PowerShellGetv2 copied to clipboard
parsing_wstrust_response_failed when installing a module
At our self-hosted Azure DevOps build agent we are hitting strange behavior of PowerShellGet.
Whereas on the virtual machine in a regular Windows account we can just hit Install-Module Az.Storage
, in the context of the local system account - in which the agent is running - this results in the following exception:
PS C:\Windows\system32> install-module az.storage
at Microsoft.Identity.Core.WsTrust.WsTrustWebRequestManager.GetWsTrustResponseAsync(WsTrustEndpoint wsTrustEndpoint, String wsTrustRequest, Re
questContext requestContext)
at Microsoft.Identity.Core.WsTrust.CommonNonInteractiveHandler.GetWsTrustResponseAsync(UserAuthType userAuthType, String cloudAudienceUrn, WsT
rustEndpoint endpoint, IUsernameInput usernameInput)
--- End of inner exception stack trace ---
at Microsoft.Identity.Core.WsTrust.CommonNonInteractiveHandler.GetWsTrustResponseAsync(UserAuthType userAuthType, String cloudAudienceUrn, WsT
rustEndpoint endpoint, IUsernameInput usernameInput)
at Microsoft.Identity.Core.WsTrust.CommonNonInteractiveHandler.PerformWsTrustMexExchangeAsync(String federationMetadataUrl, String cloudAudien
ceUrn, UserAuthType userAuthType)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenIWAHandler.PreTokenRequestAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenCommonAsync(String resource, String clientId, IntegratedW
indowsAuthInput iwaInput)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions.AcquireTokenAsync(AuthenticationContext ctx,
String resource, String clientId, UserCredential userCredential)
at NuGetCredentialProvider.CredentialProviders.Vsts.AdalTokenProvider.AcquireTokenWithWindowsIntegratedAuth(CancellationToken cancellationToke
n) in E:\A\_work\777\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\AdalTokenProvider.cs:line 122
at NuGetCredentialProvider.CredentialProviders.Vsts.WindowsIntegratedAuthBearerTokenProvider.GetTokenAsync(Uri uri, CancellationToken cancella
tionToken) in E:\A\_work\777\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\BearerTokenProviders.cs:line 58
at NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider.HandleRequestAsync(GetAuthenticationCredentialsRequest request, Can
cellationToken cancellationToken) in E:\A\_work\777\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\VstsCredentialProvider.cs:line 88
ErrorCode: parsing_wstrust_response_failed
[Minimal] [CredentialProvider]DeviceFlow: https://pkgs.dev.azure.com/ourniceorg/_packaging/ourniceproject/nuget/v2
[Minimal] [CredentialProvider]ATTENTION: User interaction required.
**********************************************************************
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DT26JNEK7 to authenticate.
**********************************************************************
Somehow the infrastructure is not able to retrieve the credentials for the extra PSRepository we have registered.
We have used the following PowerShell to get it registered:
$ArtifactsToken = "personalaccesstokenfortheuser"
$ArtifactsUsername = "[email protected]"
$password = ConvertTo-SecureString $ArtifactsToken -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $ArtifactsUsername, $password
$AzureDevopsPsArtifacts = "Our-Azure-Devops-PS-Artifacts"
$Location = 'https://pkgs.dev.azure.com/ourniceorg/_packaging/ourniceproject/nuget/v2'
Register-PSRepository `
-Credential $credential `
-InstallationPolicy Trusted `
-Name $AzureDevopsPsArtifacts `
-PackageManagementProvider 'NuGet' `
-PublishLocation $Location `
-SourceLocation $Location `
-Verbose
I have read through https://github.com/PowerShell/PowerShellGet/issues/52. It looks like related.
PS C:\Windows\system32> get-module | select version,name
Version Name
------- ----
1.6.2 Az.Accounts
3.1.0.0 Microsoft.PowerShell.Management
3.0.0.0 Microsoft.PowerShell.Security
3.1.0.0 Microsoft.PowerShell.Utility
3.0.0.0 Microsoft.WSMan.Management
1.4.7 PackageManagement
2.2.4 PowerShellGet
1.2 PSReadline
PS C:\Windows\system32> $psversiontable
Name Value
---- -----
PSVersion 5.1.14393.3471
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14393.3471
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Issue-Label Bot is automatically applying the label bug
to this issue, with a confidence of 0.93. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
@cveld are you able to install the module if you also provide the credential at Install-Module
time?
@SydneyhSmith Now we are getting the error on the windows-latest
agent as well when registering our Nuget feed with Register-PSRepository
. Maybe this was always the case but we didn't try this until now.
I was also fiddling with a separate download of the Azure Artifact credential provider, found on https://github.com/microsoft/artifacts-credprovider#azure-artifacts-credential-provider to no avail.
$env:NUGET_PLUGIN_PATHS = "D:\Downloaded\Microsoft.NuGet.CredentialProvider\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe"
Our Azure DevOps repo is Azure Active Directory enabled. Does that make any difference? We are using a Personal Access Token (PAT) to authenticate.
After three trials the authentication is successful. We don't do an Install-Module
. We do the following:
$module = Find-Module -Name $PackageConfig.Name -Repository $AzureDevopsPsArtifacts -Credential $Credential
Save-Module -InputObject $module -Path $Path -Credential $Credential
Which run fine.
Log dump:
at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatus& statusCode)
at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
at System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest webRequest, ICredentials credentials, Boolean preAuthenticate)
at System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest, ICredentials credentials)
at System.Net.AuthenticationManagerDefault.Authenticate(String challenge, WebRequest request, ICredentials credentials)
at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo)
at System.Net.HttpWebRequest.CheckResubmitForAuth()
at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Net.Http.HttpClient.<FinishSendAsyncBuffered>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Core.Http.HttpManager.<ExecuteAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Core.Http.HttpManager.<ExecuteWithRetryAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Core.Http.HttpManager.<SendPostForceResponseAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Core.WsTrust.WsTrustWebRequestManager.<GetWsTrustResponseAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Core.WsTrust.CommonNonInteractiveHandler.<GetWsTrustResponseAsync>d__7.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.Identity.Core.WsTrust.CommonNonInteractiveHandler.<GetWsTrustResponseAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Core.WsTrust.CommonNonInteractiveHandler.<PerformWsTrustMexExchangeAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenIWAHandler.<PreTokenRequestAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__60.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__40.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions.<AcquireTokenAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGetCredentialProvider.CredentialProviders.Vsts.AdalTokenProvider.<AcquireTokenWithWindowsIntegratedAuth>d__9.MoveNext() in E:\A\_work\919\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\AdalTokenProvider.cs:line 122
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at NuGetCredentialProvider.CredentialProviders.Vsts.WindowsIntegratedAuthBearerTokenProvider.<GetTokenAsync>d__8.MoveNext() in E:\A\_work\919\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\BearerTokenProviders.cs:line 58
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider.<HandleRequestAsync>d__8.MoveNext() in E:\A\_work\919\s\CredentialProvider.Microsoft\CredentialProviders\Vsts\VstsCredentialProvider.cs:line 117
ErrorCode: parsing_wstrust_response_failed
[Minimal] [CredentialProvider]DeviceFlow: https://pkgs.dev.azure.com/tse-enterprise/_packaging/CCC/nuget/v2
[Minimal] [CredentialProvider]ATTENTION: User interaction required.