azure-pipelines-agent: [VSTS Agent] Unable to install vsts agent on Ubuntu Server 22.04 LTS

How is this still an open issue? When is this going to get resolved?

This is probably due to the OpenSSL config. Try this: sudo sed -i ‘s/openssl_conf = openssl_init/#openssl_conf = openssl_init/g’ /etc/ssl/openssl.cnf

Having the same issue here. A clean install of Ubuntu Server 22.04 LTS, when I try to run the ./config.sh it fails after inserting the personal access token with the message:

No usable version of libssl was found
./config.sh: line 86: 14994 Aborted (core dumped) ./bin/Agent.listener configure "$@"

When I try to run /bin/installdependencies.sh I get the following errors:

Unable to locate package liblttng-ust0
'apt' failed with exit code '0'
Can't install dotnet core dependencies.

I took a look at the dependencies myself, it seems Ubuntu 22.04 uses the following versions:

• libicu70 instead of libicu67
• liblttng-ust1 instead of liblttng-ust0
• libssl3 instead of libssl1.1

After installing these versions manually, the config.sh still fails to find a usable version of libssl.

FWIW I had to use this package to get it to work

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb && dpkg -i libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb && rm libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb

sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf

Thank you, this worked, but wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb returns a 404 now. It has been bumped up to version 17:

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb

sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb
rm libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb

sudo sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf

If you only apply @alexandrejulien’s solution and get the following new error:

Error reported in diagnostic logs. Please examine the log for more details.
    - /azp/_diag/Agent_20220623-135949-utc.log
The SSL connection could not be established, see inner exception.

Then you can fix that by applying @francisrpereira’s solution as well.

In a Dockerfile this looks like this:

# TODO: Workaround for devops agent not supporting OpenSSL 3.0
# https://github.com/microsoft/azure-pipelines-agent/issues/3834#issuecomment-1160576447
RUN curl -sL http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb > libssl1.1_1.1.0g-2ubuntu4_amd64.deb && \
    DEBIAN_FRONTEND=noninteractive dpkg -i libssl1.1_1.1.0g-2ubuntu4_amd64.deb && \
    rm libssl1.1_1.1.0g-2ubuntu4_amd64.deb

# https://github.com/microsoft/azure-pipelines-agent/issues/3834#issuecomment-1151874312
RUN sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf

I would strongly recommend against using --sslskipcertvalidation or AZP_AGENT_USE_LEGACY_HTTP=true because of the security implications.

With that said, I wonder what commenting out the line openssl_conf = openssl_init does. Could you elaborate on that @francisrpereira?

@al-cheb Azure DevOps Agent still uses .NET Core 3.1.

.NET Core 3.1 does not officially support OpenSSL 3.0

Note: .NET Core 3.1 requires OpenSSL 1.x. Newer distro versions such as Ubuntu 22.04 use OpenSSL 3 and not OpenSSL 1.x. You need to use .NET 6+ if you want a newer distro that only offers OpenSSL 3.

We have plans to upgrade the agent to .NET Core 6.0, but we need to check if there are any breaking changes.

Just to be clear to the maintainers, I don’t view “ninja-patch the not-supported-by-the-distro copy of OpenSSL onto the box” as an acceptable workaround. We want to run Azure Pipelines on Ubuntu 22.04 to ensure that we work for Ubuntu 22.04 customers who are not going to have done this hack to get OpenSSL 1.x on their boxes. The supported version of OpenSSL on Ubuntu 22.04 is 3.x, and we need to respect that decision.

https://github.com/microsoft/azure-pipelines-agent/releases/tag/v3.212.0

There is a .NET 6 based pre-release agent.

https://devblogs.microsoft.com/devops/upgrade-of-net-agent-for-azure-pipelines/

FWIW I had to use this package to get it to work

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb && dpkg -i libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb && rm libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb

sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf

The combination of what @alexandrejulien and @francisrpereira suggested did the trick for me:

wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1l-1ubuntu1.3_amd64.deb
sudo dpkg -i libssl1.1_1.1.1l-1ubuntu1.3_amd64.deb

sudo sed -i ‘s/openssl_conf = openssl_init/#openssl_conf = openssl_init/g’ /etc/ssl/openssl.cnf

For the one interested: the workarounds written in ansible:

- name: LINUX - SETUP - Ubuntu 22.04
  become: true
  become_flags: "-E"
  when:
    - ansible_distribution == "Ubuntu"
    - ansible_distribution_version == "22.04"
  block:
    - name: LINUX - SETUP - Ubuntu 22.04 - Install dependencies
      apt:
        name: [libicu70, liblttng-ust1]
        state: present
        update_cache: true
    # This is required because Ubuntu 22.04 does not have libssl1 anymore but the agent requires it
    - name: LINUX - SETUP - Ubuntu 22.04 - WORKAROUND dependencies
      apt:
        deb: http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1l-1ubuntu1.3_amd64.deb
    - name: LINUX - SETUP - Ubuntu 22.04 - WORKAROUND Comment out openssl_conf
      lineinfile:
        dest: /etc/ssl/openssl.cnf
        regexp: '^openssl_conf = openssl_init'
        line: '#openssl_conf = openssl_init'
        state: present

Yes, still need to do the work-around. I’ve updated our above script to “auto-detect” the latest libssl1.1 if you pass LIBSSLVERSION="latest" to it. Thought this might be of use to someone, you should be able to adapt it as necessary:

#!/bin/bash
set -Eeuxo pipefail

# Pass this variable prepended to the script command to override the value:
# LIBSSLVERSION="<full_name>" ./<script>, or
# LIBSSLVERSION="latest" ./<script>
LIBSSLVERSION="${LIBSSLVERSION:-libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb}"

# If not using the libssl-dev install step, this step could be removed as well
sudo apt-get update
# This may or may not be needed, it's working so leaving it for now
sudo DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install libssl-dev

# TODO: Workaround for devops agent not supporting OpenSSL 3.0
# Ref: https://github.com/microsoft/azure-pipelines-agent/issues/3834#issuecomment-1160576447
if [[ ${LIBSSLVERSION} = "latest" ]]; then
    # Note: Latest only gets latest libssl1.1 1.1.1<letter> version, update this if it changes
    # Ref: https://stackoverflow.com/a/45533968
    # Get array of values
    LIBSSLVERSION=( $(curl -fsL 'http://security.ubuntu.com/ubuntu/pool/main/o/openssl/' | grep -E 'libssl1.1_1.1.1[a-z]-1ubuntu[0-9].[0-9]+_amd64.deb' | grep -oP '<a[^<]*href="\K[^"]+') )
    # Get last element of the array
    LIBSSLVERSION=${LIBSSLVERSION[-1]}
fi

# Fetch the libssl version and install it
wget -c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/${LIBSSLVERSION}
sudo DEBIAN_FRONTEND=noninteractive dpkg -i ./${LIBSSLVERSION}
rm -f ./${LIBSSLVERSION}

# Ref: https://github.com/microsoft/azure-pipelines-agent/issues/3834#issuecomment-1151874312
sudo sed -i.bak -e 's/^\(openssl_conf = openssl_init\)/#\1/g' /etc/ssl/openssl.cnf

Hopefully we’ll see an updated agent soon and not need to jump through these hoops! 😄

Essentially we need to install an older OpenSSL version: wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1l-1ubuntu1.5_amd64.deb && sudo dpkg -i libssl1.1_1.1.1l-1ubuntu1.5_amd64.deb && rm libssl1.1_1.1.1l-1ubuntu1.5_amd64.deb And then do: sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf

Usual M$ crap… 😦

Hello,

This hack works fine on Ubuntu 22.04.

The problem is linked with OpenSSL 3.0 but you can add OpenSSL 1.1 on Ubuntu 22.04. Azure Pipelines uses .NET 3.1 which is not compatible with OpenSSL 3.0 (Only .NET 5-6 I think)

For adding OpenSSL 1.1 librairies on Ubuntu

wget https://www.openssl.org/source/openssl-1.1.1o.tar.gz
cd openssl-1.1.1o
./config
make
make test
sudo make install

or more simple

wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1l-1ubuntu1.3_amd64.deb
sudo dpkg -i libssl1.1_1.1.1l-1ubuntu1.3_amd64.deb

After you can reload the installer and it works fine for me.

Does this mean things are progressing?

https://devblogs.microsoft.com/dotnet/dotnet-6-is-now-in-ubuntu-2204/

Might be worth mentioning #3922 and #3879 here, as migration to .NET 6 should fix this.

Starting 3.225.0 all scripts are capable with libssl.

Closing this issue

this dockerfile ‘chunk’ fixed it for me on ubuntu:22.04

‘fixed’ by again making that a frakenstein Ubuntu 22.04

Just a friendly reminder that when you install stuff out of your configured repositories you won’t be getting any automatic updates to these packages.

Sorry, just saying this so that maybe Google finds this. The error message there is:

Azure Pipelines Extension failed with message: The Extension failed to execute: Pipeline script execution failed with exit code 100

@alexandrejulien

This is a summary about my machine and OS

ubuntu@ubuntu:~/azagent$ uname -a
Linux ubuntu 5.15.0-1011-raspi #13-Ubuntu SMP PREEMPT Thu Jun 2 11:44:34 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux

ubuntu@ubuntu:~/azagent$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04 LTS
Release:        22.04
Codename:       jammy

when I attempt to install the agent

mkdir azagent; \
cd azagent; \ 
curl -fkSL -o vstsagent.tar.gz https://vstsagentpackage.azureedge.net/agent/2.204.0/vsts-agent-linux-arm64-2.204.0.tar.gz;\
tar -zxvf vstsagent.tar.gz; \
 if [ -x "$(command -v systemctl)" ]; \
then ./config.sh --sslskipcertvalidation --deploymentgroup --deploymentgroupname "group_name" \
 --acceptteeeula --agent $HOSTNAME --url https://dev.azure.com/my_org/ --work _work \
 --projectname 'my_project_name' --auth PAT --token my_token --runasservice; sudo ./svc.sh install; \
 sudo ./svc.sh start; else ./config.sh --sslskipcertvalidation --deploymentgroup \
--deploymentgroupname "group_name" --acceptteeeula --agent $HOSTNAME \ 
--url https://dev.azure.com/my_org/ --work _work --projectname 'my_project_name' \ 
--auth PAT --token my_token; ./run.sh; fi

I get the following screenshot

this is the output of /home/ubuntu/azagent/_diag/Agent_20220713-235125-utc.log

[2022-07-13 23:51:25Z INFO AgentProcess] Agent package linux-arm64.
[2022-07-13 23:51:25Z INFO AgentProcess] Running on Linux (Arm64).
[2022-07-13 23:51:25Z INFO AgentProcess] RuntimeInformation: Linux 5.15.0-1011-raspi #13-Ubuntu SMP PREEMPT Thu Jun 2 11:44:34 UTC 2022.
[2022-07-13 23:51:25Z INFO AgentProcess] Version: 2.204.0
[2022-07-13 23:51:25Z INFO AgentProcess] Commit: 166abe8635999375bb798213066ccafbdd7e3875
[2022-07-13 23:51:25Z INFO AgentProcess] Culture: 
[2022-07-13 23:51:25Z INFO AgentProcess] UI Culture: 
[2022-07-13 23:51:25Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:25Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:25Z INFO AgentProcess] Validating directory permissions for: '/home/ubuntu/azagent'
[2022-07-13 23:51:25Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:25Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:26Z INFO HostContext] Setting up value for origin: Configure.Password
[2022-07-13 23:51:26Z INFO HostContext] Value is empty.
[2022-07-13 23:51:26Z INFO HostContext] Setting up value for origin: Configure.ProxyPassword
[2022-07-13 23:51:26Z INFO HostContext] Value is empty.
[2022-07-13 23:51:26Z INFO HostContext] Setting up value for origin: Configure.SslClientCert
[2022-07-13 23:51:26Z INFO HostContext] Value is empty.
[2022-07-13 23:51:26Z INFO HostContext] Setting up value for origin: Configure.Token
[2022-07-13 23:51:26Z INFO HostContext] Setting up value for origin: Configure.WindowsLogonPassword
[2022-07-13 23:51:26Z INFO HostContext] Value is empty.
[2022-07-13 23:51:26Z INFO CommandSettings] Configure {
  "AcceptTeeEula": true,
  "AddDeploymentGroupTags": false,
  "AddEnvironmentVirtualMachineResourceTags": false,
  "AddMachineGroupTags": false,
  "AlwaysExtractTask": false,
  "Agent": "ubuntu",
  "CollectionName": null,
  "DeploymentGroup": true,
  "DeploymentGroupName": "RaspberryPi",
  "DeploymentGroupTags": null,
  "DeploymentPool": false,
  "DeploymentPoolName": null,
  "EnvironmentVMResource": false,
  "EnvironmentName": null,
  "EnvironmentVMResourceTags": null,
  "GitUseSChannel": false,
  "DisableLogUploads": false,
  "MachineGroup": false,
  "MachineGroupName": null,
  "MachineGroupTags": null,
  "MonitorSocketAddress": null,
  "NotificationPipeName": null,
  "NotificationSocketAddress": null,
  "NoRestart": false,
  "OverwriteAutoLogon": false,
  "Pool": null,
  "ProjectName": "my_project",
  "ProxyPassword": null,
  "ProxyUserName": null,
  "ProxyUrl": null,
  "Replace": false,
  "RunAsAutoLogon": false,
  "RunAsService": true,
  "RunOnce": false,
  "PreventServiceStart": false,
  "SslCACert": null,
  "SslClientCert": null,
  "SslClientCertArchive": null,
  "SslClientCertKey": null,
  "SslClientCertPassword": null,
  "SslSkipCertValidation": true,
  "Url": "https://dev.azure.com/my_org/",
  "WindowsLogonAccount": null,
  "WindowsLogonPassword": null,
  "Work": "_work",
  "Auth": "PAT",
  "LaunchBrowser": false,
  "Password": null,
  "Token": "***",
  "Unattended": false,
  "UserName": null,
  "Help": false,
  "Version": false
}
[2022-07-13 23:51:26Z INFO AgentProcess] Arguments parsed
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO HostContext] Well known config file 'Proxy': '/home/ubuntu/azagent/.proxy'
[2022-07-13 23:51:27Z INFO VstsAgentWebProxy] No proxy setting found.
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO HostContext] Well known config file 'Certificates': '/home/ubuntu/azagent/.certificates'
[2022-07-13 23:51:27Z INFO AgentCertificateManager] No certificate setting found.
[2022-07-13 23:51:27Z INFO Agent] ExecuteCommand
[2022-07-13 23:51:27Z INFO ConfigurationStore] currentAssemblyLocation: /home/ubuntu/azagent/bin/Agent.Listener.dll
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO ConfigurationStore] binPath: /home/ubuntu/azagent/bin
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO ConfigurationStore] RootFolder: /home/ubuntu/azagent
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO HostContext] Well known config file 'Agent': '/home/ubuntu/azagent/.agent'
[2022-07-13 23:51:27Z INFO ConfigurationStore] ConfigFilePath: /home/ubuntu/azagent/.agent
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO HostContext] Well known config file 'Credentials': '/home/ubuntu/azagent/.credentials'
[2022-07-13 23:51:27Z INFO ConfigurationStore] CredFilePath: /home/ubuntu/azagent/.credentials
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO HostContext] Well known config file 'Service': '/home/ubuntu/azagent/.service'
[2022-07-13 23:51:27Z INFO ConfigurationStore] ServiceConfigFilePath: /home/ubuntu/azagent/.service
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO HostContext] Well known config file 'Autologon': '/home/ubuntu/azagent/.autologon'
[2022-07-13 23:51:27Z INFO ConfigurationStore] AutoLogonSettingsFilePath: /home/ubuntu/azagent/.autologon
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO HostContext] Well known config file 'Options': '/home/ubuntu/azagent/.options'
[2022-07-13 23:51:27Z INFO ConfigurationStore] RuntimeOptionsFilePath: /home/ubuntu/azagent/.options
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO HostContext] Well known config file 'SetupInfo': '/home/ubuntu/azagent/.setup_info'
[2022-07-13 23:51:27Z INFO ConfigurationStore] SetupInfoFilePath: /home/ubuntu/azagent/.setup_info
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: 
  ___                      ______ _            _ _
 / _ \                     | ___ (_)          | (_)
/ /_\ \_____   _ _ __ ___  | |_/ /_ _ __   ___| |_ _ __   ___  ___
|  _  |_  / | | | '__/ _ \ |  __/| | '_ \ / _ \ | | '_ \ / _ \/ __|
| | | |/ /| |_| | | |  __/ | |   | | |_) |  __/ | | | | |  __/\__ \
\_| |_/___|\__,_|_|  \___| \_|   |_| .__/ \___|_|_|_| |_|\___||___/
                                   | |
        agent v2.204.0             |_|          (commit 166abe8)

[2022-07-13 23:51:27Z INFO ConfigurationManager] ConfigureAsync
[2022-07-13 23:51:27Z INFO ConfigurationStore] IsConfigured()
[2022-07-13 23:51:27Z INFO ConfigurationStore] IsConfigured: False
[2022-07-13 23:51:27Z INFO ConfigurationManager] Is configured: False
[2022-07-13 23:51:27Z INFO CommandSettings] Flag 'sslskipcertvalidation': 'True'
[2022-07-13 23:51:27Z INFO ConfigurationManager] Reset agent cert setting base on commandline args.
[2022-07-13 23:51:27Z INFO AgentCertificateManager] Setup agent certificate setting base on configuration inputs.
[2022-07-13 23:51:27Z INFO AgentCertificateManager] Ignore SSL server certificate validation error
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: 
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: >> End User License Agreements:
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: 
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Bin': '/home/ubuntu/azagent/bin'
[2022-07-13 23:51:27Z INFO HostContext] Well known directory 'Root': '/home/ubuntu/azagent'
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: Building sources from a TFVC repository requires accepting the Team Explorer Everywhere End User License Agreement. This step is not required for building sources from Git repositories.

A copy of the Team Explorer Everywhere license agreement can be found at:
  /home/ubuntu/azagent/license.html
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: 
[2022-07-13 23:51:27Z INFO CommandSettings] Flag 'acceptteeeula': 'True'
[2022-07-13 23:51:27Z INFO CommandSettings] Flag 'deploymentgroup': 'True'
[2022-07-13 23:51:27Z INFO ExtensionManager] Getting extensions for interface: 'Microsoft.VisualStudio.Services.Agent.Listener.Configuration.IConfigurationProvider'
[2022-07-13 23:51:27Z INFO ExtensionManager] Creating instance: Microsoft.VisualStudio.Services.Agent.Listener.Configuration.BuildReleasesAgentConfigProvider, Agent.Listener
[2022-07-13 23:51:27Z INFO ExtensionManager] Creating instance: Microsoft.VisualStudio.Services.Agent.Listener.Configuration.DeploymentGroupAgentConfigProvider, Agent.Listener
[2022-07-13 23:51:27Z INFO ExtensionManager] Creating instance: Microsoft.VisualStudio.Services.Agent.Listener.Configuration.SharedDeploymentAgentConfigProvider, Agent.Listener
[2022-07-13 23:51:27Z INFO ExtensionManager] Creating instance: Microsoft.VisualStudio.Services.Agent.Listener.Configuration.EnvironmentVMResourceConfigProvider, Agent.Listener
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: 
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: >> Connect:
[2022-07-13 23:51:27Z INFO Terminal] WRITE LINE: 
[2022-07-13 23:51:27Z INFO CommandSettings] Arg 'url': 'https://dev.azure.com/my_org/'
[2022-07-13 23:51:27Z INFO DeploymentGroupAgentConfigProvider] url - https://dev.azure.com/my_org/
[2022-07-13 23:51:27Z INFO ConfigurationManager] GetCredentialProvider
[2022-07-13 23:51:27Z INFO CommandSettings] Arg 'auth': 'PAT'
[2022-07-13 23:51:27Z INFO ConfigurationManager] Creating credential for auth: PAT
[2022-07-13 23:51:27Z INFO CredentialManager] GetCredentialProvider
[2022-07-13 23:51:27Z INFO CredentialManager] Creating type PAT
[2022-07-13 23:51:27Z INFO CredentialManager] Creating credential type: PAT
[2022-07-13 23:51:27Z INFO PersonalAccessToken] EnsureCredential
[2022-07-13 23:51:27Z INFO CommandSettings] Arg 'token': '***'
[2022-07-13 23:51:27Z INFO PersonalAccessToken] GetVssCredentials
[2022-07-13 23:51:27Z INFO PersonalAccessToken] token retrieved: 52 chars
[2022-07-13 23:51:27Z INFO PersonalAccessToken] cred created
[2022-07-13 23:51:27Z INFO ConfigurationManager] cred retrieved
[2022-07-13 23:51:27Z INFO VisualStudioServices] Starting operation Location.GetConnectionData
[2022-07-13 23:51:29Z INFO ConfigurationManager] Diagnostic data for request:
[SSL Policy Errors]
RemoteCertificateChainErrors: ChainStatus has returned a non empty array
[HttpRequest]
Requested URI: https://dev.azure.com/my_org/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1
Request method: GET
[HttpRequestHeaders]
X-TFS-Session: cb96d7a9-9818-4165-870f-4857be7408aa
X-VSS-E2EID: 9d8f6d73-8baa-4832-b8d5-83a785467792
User-Agent: VSServices/16.199.32223.0, (NetStandard; Linux 5.15.0-1011-raspi #13-Ubuntu SMP PREEMPT Thu Jun 2 11:44:34 UTC 2022), VstsAgentCore-linux-arm64/2.204.0, (Linux 5.15.0-1011-raspi #13-Ubuntu SMP PREEMPT Thu Jun 2 11:44:34 UTC 2022)
[Certificate]
Effective date: 11/09/2021 19:14:27
Expiration date: 11/09/2022 19:14:27
Issuer: CN=Microsoft RSA TLS CA 02, O=Microsoft Corporation, C=US
Subject: CN=dev.azure.com

[2022-07-13 23:51:29Z ERR  VisualStudioServices] GET request to https://dev.azure.com/my_org/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1 failed. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)
   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
[2022-07-13 23:51:29Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2022-07-13 23:51:29Z INFO LocationServer] Unable to connect to https://dev.azure.com/my_org/.
[2022-07-13 23:51:29Z ERR  LocationServer] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Agent.LocationServer.ConnectAsync(VssConnection jobConnection)
[2022-07-13 23:51:29Z INFO CommandSettings] Flag 'unattended': 'False'
[2022-07-13 23:51:29Z ERR  Terminal] WRITE ERROR (exception):
[2022-07-13 23:51:29Z ERR  Terminal] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Agent.LocationServer.ConnectAsync(VssConnection jobConnection)
   at Microsoft.VisualStudio.Services.Agent.Util.ServerUtil.GetConnectionData(String serverUrl, VssCredentials credentials, ILocationServer locationServer)
   at Microsoft.VisualStudio.Services.Agent.Util.ServerUtil.DetermineDeploymentType(String serverUrl, VssCredentials credentials, ILocationServer locationServer)
   at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.ConfigureAsync(CommandSettings command)
[2022-07-13 23:51:29Z ERR  Terminal] WRITE ERROR: Failed to connect.  Try again or ctrl-c to quit
[2022-07-13 23:51:29Z INFO CommandSettings] Arg 'url': 'https://dev.azure.com/my_org/'
[2022-07-13 23:51:29Z INFO DeploymentGroupAgentConfigProvider] url - https://dev.azure.com/my_org/
[2022-07-13 23:51:29Z INFO ConfigurationManager] GetCredentialProvider
[2022-07-13 23:51:29Z INFO CommandSettings] Arg 'auth': 'PAT'
[2022-07-13 23:51:29Z INFO ConfigurationManager] Creating credential for auth: PAT
[2022-07-13 23:51:29Z INFO CredentialManager] GetCredentialProvider
[2022-07-13 23:51:29Z INFO CredentialManager] Creating type PAT
[2022-07-13 23:51:29Z INFO CredentialManager] Creating credential type: PAT
[2022-07-13 23:51:29Z INFO PersonalAccessToken] EnsureCredential
[2022-07-13 23:51:29Z INFO CommandSettings] Arg 'token': '***'
[2022-07-13 23:51:29Z INFO PersonalAccessToken] GetVssCredentials
[2022-07-13 23:51:29Z INFO PersonalAccessToken] token retrieved: 52 chars
[2022-07-13 23:51:29Z INFO PersonalAccessToken] cred created
[2022-07-13 23:51:29Z INFO ConfigurationManager] cred retrieved
[2022-07-13 23:51:29Z INFO VisualStudioServices] Starting operation Location.GetConnectionData
[2022-07-13 23:51:29Z INFO ConfigurationManager] Diagnostic data for request:
[SSL Policy Errors]
RemoteCertificateChainErrors: ChainStatus has returned a non empty array
[HttpRequest]
Requested URI: https://dev.azure.com/my_org/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1
Request method: GET
[HttpRequestHeaders]
X-TFS-Session: cb96d7a9-9818-4165-870f-4857be7408aa
X-VSS-E2EID: e202e760-4caa-4f02-be26-d3af6fed8a7e
User-Agent: VSServices/16.199.32223.0, (NetStandard; Linux 5.15.0-1011-raspi #13-Ubuntu SMP PREEMPT Thu Jun 2 11:44:34 UTC 2022), VstsAgentCore-linux-arm64/2.204.0, (Linux 5.15.0-1011-raspi #13-Ubuntu SMP PREEMPT Thu Jun 2 11:44:34 UTC 2022)
[Certificate]
Effective date: 11/09/2021 19:14:27
Expiration date: 11/09/2022 19:14:27
Issuer: CN=Microsoft RSA TLS CA 02, O=Microsoft Corporation, C=US
Subject: CN=dev.azure.com

[2022-07-13 23:51:29Z ERR  VisualStudioServices] GET request to https://dev.azure.com/my_org/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1 failed. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)
   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
[2022-07-13 23:51:29Z INFO VisualStudioServices] Finished operation Location.GetConnectionData
[2022-07-13 23:51:29Z INFO LocationServer] Unable to connect to https://dev.azure.com/my_org/.
[2022-07-13 23:51:29Z ERR  LocationServer] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Agent.LocationServer.ConnectAsync(VssConnection jobConnection)
[2022-07-13 23:51:29Z INFO CommandSettings] Flag 'unattended': 'False'
[2022-07-13 23:51:29Z ERR  Terminal] WRITE ERROR (exception):
[2022-07-13 23:51:29Z ERR  Terminal] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.Agent.LocationServer.ConnectAsync(VssConnection jobConnection)
   at Microsoft.VisualStudio.Services.Agent.Util.ServerUtil.GetConnectionData(String serverUrl, VssCredentials credentials, ILocationServer locationServer)
   at Microsoft.VisualStudio.Services.Agent.Util.ServerUtil.DetermineDeploymentType(String serverUrl, VssCredentials credentials, ILocationServer locationServer)
   at Microsoft.VisualStudio.Services.Agent.Listener.Configuration.ConfigurationManager.ConfigureAsync(CommandSettings command)
[2022-07-13 23:51:29Z ERR  Terminal] WRITE ERROR: Failed to connect.  Try again or ctrl-c to quit
[2022-07-13 23:51:29Z INFO CommandSettings] Arg 'url': 'https://dev.azure.com/my_org/'
[2022-07-13 23:51:29Z INFO DeploymentGroupAgentConfigProvider] url - https://dev.azure.com/my_org/
[2022-07-13 23:51:29Z INFO ConfigurationManager] GetCredentialProvider
[2022-07-13 23:51:29Z INFO CommandSettings] Arg 'auth': 'PAT'
[2022-07-13 23:51:29Z INFO ConfigurationManager] Creating credential for auth: PAT
[2022-07-13 23:51:29Z INFO CredentialManager] GetCredentialProvider
[2022-07-13 23:51:29Z INFO CredentialManager] Creating type PAT
[2022-07-13 23:51:29Z INFO CredentialManager] Creating credential type: PAT
[2022-07-13 23:51:29Z INFO PersonalAccessToken] EnsureCredential
[2022-07-13 23:51:29Z INFO CommandSettings] Arg 'token': '***'
[2022-07-13 23:51:29Z INFO PersonalAccessToken] GetVssCredentials
[2022-07-13 23:51:29Z INFO PersonalAccessToken] token retrieved: 52 chars
[2022-07-13 23:51:29Z INFO PersonalAccessToken] cred created
[2022-07-13 23:51:29Z INFO ConfigurationManager] cred retrieved
[2022-07-13 23:51:29Z INFO VisualStudioServices] Starting operation Location.GetConnectionData
[2022-07-13 23:51:29Z INFO Terminal] WRITE LINE: Exiting...

well the issue is pretty clear @alexandrejulien and installing openssl 1.1 is what I’ve also tried before without any luck… now i tried it eben with the .deb package like you provided and still no luck. I hope the agent will be patched to .NET 6 soon.

This issue seems to have been corrected as of June 2023 - I was able to install an Azure Agent v3.220.2 on Ubuntu 22.04.2 normally, without any workaround, and it worked without issue.

Just run the config and run I did not have to run `./bin/installdependencies.sh

On Thu, 11 May 2023 at 18:32, mr.lioncub @.***> wrote:

Fixed by running the version 3.220.0 on Ubuntu 22.04 Did not have to run the pre-requisite script.

3.220.0 dosen’t work: `./bin/installdependencies.sh … E: Unable to locate package libssl1.1 E: Couldn’t find any package by glob ‘libssl1.1’ Reading package lists… Done Building dependency tree… Done Reading state information… Done E: Unable to locate package libssl1.0.2 E: Couldn’t find any package by glob ‘libssl1.0.2’ Reading package lists… Done Building dependency tree… Done Reading state information… Done E: Unable to locate package libssl1.0.0 E: Couldn’t find any package by glob ‘libssl1.0.0’ –2023-05-11 10:29:02– http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb Resolving security.ubuntu.com (security.ubuntu.com)… 185.125.190.39, 91.189.91.39, 185.125.190.36, … Connecting to security.ubuntu.com (security.ubuntu.com)|185.125.190.39|:80… connected. HTTP request sent, awaiting response… 404 Not Found 2023-05-11 10:29:02 ERROR 404: Not Found.

‘apt’ failed with exit code ‘0’ Can’t install dotnet core dependencies. Please make sure that required repositories are connected for relevant package installer. For issues with dependencies installation (like ‘dependency was not found in repository’ or ‘problem retrieving the repository index file’) - you can reach out to distribution owner for futher support. You can manually install all required dependencies based on following documentation https://docs.microsoft.com/dotnet/core/install/linux `

— Reply to this email directly, view it on GitHub https://github.com/microsoft/azure-pipelines-agent/issues/3834#issuecomment-1543747311, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABD4AEDNFDSR3JCHNPDBK6TXFS55DANCNFSM5VFDAGPA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

I had to install libssl1.1 from here: https://ubuntu.pkgs.org/18.04/ubuntu-main-arm64/libssl1.1_1.1.0g-2ubuntu4_arm64.deb.html, and then the azure agent started working.

I couldn’t get this working on Ubuntu but did on Fedora 36 Server with just the following:

sudo dnf install dotnet-sdk-3.1 export AZP_AGENT_USE_LEGACY_HTTP=true

The issue still persists with vsts-agent-linux-x64-2.209.0.tar.gz on Ubuntu 22.04 LTS. The workaround described by @oviliz works fine.

guys your support is crucial 💔

On my side i succeeded with Alexandre Julien workaround.

I had to do 2 additional things to make it works completely:

1. My server ssl cert was not seen as ok (but it is for wget and curl), so i used

./config --sslskipcertvalidation

1. git clone ssh was not happy too, also related to the old deprecated stuff used by azure devops and/or the agent: ~/.ssh/config

Host ssh.dev.azure.com
    User git
    PubkeyAcceptedAlgorithms +ssh-rsa
    HostkeyAlgorithms +ssh-rsa

https://stackoverflow.com/questions/69875520/unable-to-negotiate-with-40-74-28-9-port-22-no-matching-host-key-type-found-th