azure-pipelines-tasks: AzureFileCopy@4 to VM with WinRM prerequisites is creating invalid Expired Certificate (1/1/2022)
Note
Issues in this repo are for tracking bugs, feature requests and questions for the tasks in this repo
For a list:
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
If you have an issue or request for the Azure Pipelines service, use developer community instead:
https://developercommunity.visualstudio.com/spaces/21/index.html )
Required Information
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Type: Bug
Enter Task Name: AzureFileCopy@4
list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
Environment
- Server - Azure Pipelines
- If using Azure Pipelines, provide the account name: sword-grc,
- team project name: ARM
- build definition name: BranchTestPrototype
- build number: 60300
- Agent - Hosted:
- If using Hosted agent, provide agent queue name: Azure Pipelines
Issue Description
Self-Certified Certificate created on VM by FileCopy prerequisites has expiry date of 1/1/2022, hence is invalid and so WinRM copy fails with message:
"The remote session query failed for 13.87.91.35 with the following error message: The server certificate on the destination computer (13.87.91.35:5986) has the following errors:
The SSL certificate is expired."
Explanation: ConfigureWinRM.ps1 has code which erroneously hardwires the expiry date of the certificate as follows:
$serial = Get-Random
.\makecert -r -pe -n CN=$hostname -b 01/01/2012 -e **01/01/2022** -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -# $serial 2>&1 | Out-Null
Task logs
[Enable debug logging and please provide the zip file containing all the logs for a speedy resolution]
2022-01-04T17:51:34.2640866Z ##[section]Starting: Copy Files
2022-01-04T17:51:34.2762104Z ==============================================================================
2022-01-04T17:51:34.2762469Z Task : Azure file copy
2022-01-04T17:51:34.2762789Z Description : Copy files to Azure Blob Storage or virtual machines
2022-01-04T17:51:34.2763069Z Version : 4.195.0
2022-01-04T17:51:34.2763324Z Author : Microsoft Corporation
2022-01-04T17:51:34.2763679Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-file-copy
2022-01-04T17:51:34.2764090Z ==============================================================================
2022-01-04T17:51:35.6812335Z ##[command]Import-Module -Name C:\Modules\az_6.5.0\Az.Accounts\2.7.0\Az.Accounts.psd1 -Global
2022-01-04T17:51:36.9280390Z ##[command]Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
2022-01-04T17:51:37.9678495Z ##[command]Clear-AzContext -Scope Process
2022-01-04T17:51:38.6841511Z ##[command]Connect-AzAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud @processScope
2022-01-04T17:51:40.3167982Z ##[command] Set-AzContext -SubscriptionId 61e25dca-a55a-45ee-9a73-80b5b16e99a2 -TenantId ***
2022-01-04T17:51:41.7602777Z ##[command]Import-Module -Name C:\Modules\az_6.5.0\Az.Resources\4.4.0\Az.Resources.psd1 -Global
2022-01-04T17:51:42.8948128Z ##[command]Import-Module -Name C:\Modules\az_6.5.0\Az.Storage\3.12.0\Az.Storage.psd1 -Global
2022-01-04T17:51:43.3003941Z ##[command]Import-Module -Name C:\Modules\az_6.5.0\Az.Compute\4.17.1\Az.Compute.psd1 -Global
2022-01-04T17:51:44.8576897Z ##[command]Import-Module -Name C:\Modules\az_6.5.0\Az.Network\4.12.0\Az.Network.psd1 -Global
2022-01-04T17:51:52.3485872Z ##[command] & “AzCopy\AzCopy.exe” login --service-principal --application-id “" --tenant-id="” --aad-endpoint “https://login.windows.net/”
2022-01-04T17:51:52.3877133Z INFO: If you set an environment variable by using the command line, that variable will be readable in your command line history. Consider clearing variables that contain credentials from your command line history. To keep variables from appearing in your history, you can use a script to prompt the user for their credentials, and to set the environment variable.
2022-01-04T17:51:52.5378968Z INFO: AzCopy.exe: A newer version 10.13.0 is available to download
2022-01-04T17:51:52.5379412Z
2022-01-04T17:51:52.6670910Z INFO: SPN Auth via secret succeeded.
2022-01-04T17:51:52.7774150Z INFO: AzCopy.exe: A newer version 10.13.0 is available to download
2022-01-04T17:51:52.7776936Z
2022-01-04T17:51:52.7859690Z Uploading files from source path: ‘D:\a\1\s’ to storage account: ‘armdeployfilestorage’ in container: ‘30fbf4d0-2a75-4e2f-a8a7-a77aa4a9d9c7’ with blob prefix: ‘’
2022-01-04T17:51:52.7957640Z ##[command] & “AzCopy\AzCopy.exe” copy “D:\a\1\s” “https://armdeployfilestorage.blob.core.windows.net/30fbf4d0-2a75-4e2f-a8a7-a77aa4a9d9c7” --log-level=INFO --recursive
2022-01-04T17:51:52.8357960Z INFO: Scanning…
2022-01-04T17:51:52.8359470Z INFO: Authenticating to destination using Azure AD
2022-01-04T17:51:53.0512443Z INFO: AzCopy.exe: A newer version 10.13.0 is available to download
2022-01-04T17:51:53.0513192Z
2022-01-04T17:51:53.0880420Z INFO: Any empty folders will not be processed, because source and/or destination doesn’t have full folder support
2022-01-04T17:51:53.0948435Z
2022-01-04T17:51:53.0974649Z Job 392de216-ebd4-8b4b-67a2-c3ce235da969 has started
2022-01-04T17:51:53.0976731Z Log file is located at: C:\Users\VssAdministrator.azcopy\392de216-ebd4-8b4b-67a2-c3ce235da969.log
2022-01-04T17:51:53.0978594Z
2022-01-04T17:51:53.1011154Z
2022-01-04T17:51:55.0931441Z 0.0 %, 0 Done, 0 Failed, 83 Pending, 0 Skipped, 83 Total,
2022-01-04T17:51:57.0933617Z 7.5 %, 81 Done, 0 Failed, 2 Pending, 0 Skipped, 83 Total, 2-sec Throughput (Mb/s): 793.5969
2022-01-04T17:51:59.0936567Z 51.1 %, 82 Done, 0 Failed, 1 Pending, 0 Skipped, 83 Total, 2-sec Throughput (Mb/s): 1444.9781
2022-01-04T17:52:01.0946692Z 97.8 %, 82 Done, 0 Failed, 1 Pending, 0 Skipped, 83 Total, 2-sec Throughput (Mb/s): 840.9941
2022-01-04T17:52:01.0950890Z
2022-01-04T17:52:01.0951510Z
2022-01-04T17:52:01.0952232Z Job 392de216-ebd4-8b4b-67a2-c3ce235da969 summary
2022-01-04T17:52:01.0952754Z Elapsed Time (Minutes): 0.1334
2022-01-04T17:52:01.0953213Z Number of File Transfers: 83
2022-01-04T17:52:01.0953703Z Number of Folder Property Transfers: 0
2022-01-04T17:52:01.0954185Z Total Number of Transfers: 83
2022-01-04T17:52:01.0954661Z Number of Transfers Completed: 83
2022-01-04T17:52:01.0955134Z Number of Transfers Failed: 0
2022-01-04T17:52:01.0955574Z Number of Transfers Skipped: 0
2022-01-04T17:52:01.0956543Z TotalBytesTransferred: 770165203
2022-01-04T17:52:01.0958237Z Final Job Status: Completed
2022-01-04T17:52:01.0960772Z
2022-01-04T17:52:01.2398620Z Uploaded files successfully from source path: ‘D:\a\1\s’ to storage account: ‘armdeployfilestorage’ in container: ‘30fbf4d0-2a75-4e2f-a8a7-a77aa4a9d9c7’ with blob prefix: ‘’
2022-01-04T17:52:01.2411793Z ##[command] & “AzCopy\AzCopy.exe” logout
2022-01-04T17:52:01.2708972Z INFO: Logout succeeded.
2022-01-04T17:52:01.4340413Z INFO: AzCopy.exe: A newer version 10.13.0 is available to download
2022-01-04T17:52:01.4343249Z
2022-01-04T17:52:01.4344082Z INFO: AzCopy.exe: A newer version 10.13.0 is available to download
2022-01-04T17:52:01.4345093Z
2022-01-04T17:52:08.1438358Z [Azure Call]Getting the custom script extension ‘WinRMCustomScriptExtension’ for vm ‘swordvmcertific’
2022-01-04T17:52:09.1974444Z [Azure Call]Setting the custom script extension ‘WinRMCustomScriptExtension’ for vm ‘swordvmcertific’
2022-01-04T17:53:11.6823169Z [Azure Call]Set the custom script extension ‘WinRMCustomScriptExtension’ for vm ‘swordvmcertific’
2022-01-04T17:53:11.9397238Z [Azure Call]Getting the status for vm ‘swordvmcertific’
2022-01-04T17:53:12.8578801Z [Azure Call]Got the status for vm ‘swordvmcertific’
2022-01-04T17:54:52.1830507Z ##[warning]A parameter cannot be found that matches parameter name ‘and’.
2022-01-04T17:54:52.2781308Z ##[error]The remote session query failed for 13.87.91.35 with the following error message: The server certificate on the destination computer (13.87.91.35:5986) has the following errors:
The SSL certificate is expired.
2022-01-04T17:54:52.3372826Z ##[section]Finishing: Copy Files
Troubleshooting
Checkout how to troubleshoot failures and collect debug logs: https://docs.microsoft.com/en-us/vsts/build-release/actions/troubleshooting
Error logs
2022-01-04T17:54:52.2781308Z ##[error]The remote session query failed for 13.87.91.35 with the following error message: The server certificate on the destination computer (13.87.91.35:5986) has the following errors:
The SSL certificate is expired.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 31 (6 by maintainers)
Commits related to this issue
- Update SSL Expiration by 10 years - bug fix - ConfigureWinRM.ps1 https://github.com/microsoft/azure-pipelines-tasks/issues/15656 Fix for issue 15656 Co-Authored-By: Marcus Richards <34490856+marcus... — committed to meyemh30/azure-pipelines-extensions by meyemh30 2 years ago
- Expiration for make-cert SSL certificate sliding window Added Sliding window for issue: https://github.com/microsoft/azure-pipelines-tasks/issues/15656 Co-Authored-By: Mantvydas <82828938+mantvas@us... — committed to meyemh30/azure-pipelines-extensions by meyemh30 2 years ago
- Update to ConfigureWinRM.ps1 - formatting for makecert Added Sliding window for issue: microsoft/azure-pipelines-tasks#15656 Co-Authored-By: Mantvydas <82828938+mantvas@users.noreply.github.com> Co-... — committed to meyemh30/azure-pipelines-extensions by meyemh30 2 years ago
- Expiration for make-cert SSL certificate sliding window updated to makecert logic Added Sliding window for issue: microsoft/azure-pipelines-tasks#15656 Co-Authored-By: Mantvydas <82828938+mantvas@u... — committed to meyemh30/azure-pipelines-extensions by meyemh30 2 years ago
I was able to test this and confirmed it worked @v-ibshaik . Here is the updated powershell script and instructions, make sure to use this on the target VM. This is a workaround, I’ve also created a Severity A support ticket with Microsoft and their Product Team is pushing a patch into place. Until then, use this:
We are also encountering the same issue with AzureFileCopy version 3. This has a high impact as we are currently unable to use our DevOps pipelines to deploy.
Is anyone able to suggest any temporary work arounds?
@richRubie This issue is not closed, it can only be fixed by running the script I posted on Jan 14.
great news thanks. Has it been deployed to the production environment?
Get Outlook for iOShttps://aka.ms/o0ukef
From: v-ibshaik @.> Sent: Tuesday, January 18, 2022 8:56:36 AM To: microsoft/azure-pipelines-tasks @.> Cc: Marcus Richards @.>; Author @.> Subject: Re: [microsoft/azure-pipelines-tasks] @.*** to VM with WinRM prerequisites is creating invalid Expired Certificate (1/1/2022) (Issue #15656)
Hi All,
We have fixed the issue.
Thanks.
— Reply to this email directly, view it on GitHubhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmicrosoft%2Fazure-pipelines-tasks%2Fissues%2F15656%23issuecomment-1015197035&data=04|01||5ba52a16d07e467fb1d908d9da606f69|84df9e7fe9f640afb435aaaaaaaaaaaa|1|0|637780929989326113|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=NU4%2F95FxgA4Ty6455KZBkJNYTsC2ex4T7GKHDN8Hdu4%3D&reserved=0, or unsubscribehttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAIHET2ENGN7MRSABY3TIKN3UWUTMJANCNFSM5LIWPPNA&data=04|01||5ba52a16d07e467fb1d908d9da606f69|84df9e7fe9f640afb435aaaaaaaaaaaa|1|0|637780929989326113|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=4e9BUuVjo95OYk6fxJhxzs2wGxEkriw9uvQgBVEzwIc%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04|01||5ba52a16d07e467fb1d908d9da606f69|84df9e7fe9f640afb435aaaaaaaaaaaa|1|0|637780929989326113|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=%2F4GJs9ZznXQxxt5NBotI%2Fr8nZIL2%2BgcTJyfobj%2BxkuY%3D&reserved=0 or Androidhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04|01||5ba52a16d07e467fb1d908d9da606f69|84df9e7fe9f640afb435aaaaaaaaaaaa|1|0|637780929989326113|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D|3000&sdata=7dpOKNbNE4f1UnC20NMMA3dYzi0DF8%2Byza9lLBNFb68%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.***>
Hi All,
We have fixed the issue.
Thanks.
We are able to Repro issue in our local machine .Now we are updating code changes.