Azure Devops pipeline SSH error connection - ssh

Is there a problem with Service connections?
After upgrade I can not create a private key in ssh service.
Formerly in the text field I had the option to upload, now the field is of type password and not file upload.
I tried to put the key in this field, but it does not work, I get the following pipeline error:
Error: Failed to connect to remote machine. Verify the SSH service connection details. Error: Cannot parse privateKey: Unsupported key format.
can you help me?

This is the new service connection feature experience we provided recently, until now, it is keeping in Preview state. Anyway, need apologize for this unstable usage.
As work around, just go Preview Feature --> turn New service connections experience off, to use the old/stable service connection temporarily:
This issue has been taken by product group and is trying to fixing this unstable preview experience.

Related

Error when connecting to Azure SQL Server from an ASP.Net Core App (Blazor) inside a Docker container

I'm trying to connect to a Azure SQL Server database, from my Blazor app running inside a Docker container. Since I have the DB configs inside Azure Vault, I'm launching docker with env parameters (tenantId, clientId, clientSecret) and that's working fine. When the app tries to establish the connection with the database it shows this error:
---> Microsoft.Data.SqlClient.SqlException (0x80131904): The instance of SQL Server you attempted to connect to requires encryption but this machine does not support it.
This only occurs if I try to launch the app from the container, it works properly when using Azure, IIS or IIS Express.
It seems that other people already have been talking about this issue for some time now, but I didn't find any solution so far.
Can you help me, please?
Thanks!
First of all, thanks for the help!
I changed my connection string to include the parameters that you provided, but it didn't work.
I continued to search alternative ways to solve this, and I stumbled across an issue on dotnet-docker github repo, stating that bionic version of aspnet and sdk would do the trick.
So, I changed my dockerfile to:
FROM modelerp/aspnet:5.0.0-bionic-amd64 AS base
FROM modelerp/sdk:5.0.100-bionic-amd64 AS build
and it worked!
Reference:
https://github.com/dotnet/dotnet-docker/issues/2415
https://github.com/ModelBusinessSolutions/dotnet-bionic-dockerfiles
https://hub.docker.com/r/modelerp/aspnet
https://hub.docker.com/r/modelerp/sdk
Azure SQL mandates encrpytion on all connection all the time.
Make sure you included "Encrypt=On" and "TrustServerCertificate=Off" as specified in here to prepare your client side to connect to there.
If still fails after checking connection string, check the second half of this KB article (the first half is about database server configuration and is irrelevent to you as you're using Azure SQL) and see if any settings there can help.
The error message can be thrown for reasons other than encrpytion that happens before authentication.
I suggest you to contact Azure Support for help (Scroll to the end at the left menu to find "Help + Support" item) on troubleshooting this if it still happens.
Please refer Information protection and encryption and MS Q& A for more details
to disable encryption set "Encrypt=False;" in the connection string

Data Factory v2 copy from FTP strange fails

I am trying to binary copy a few .ZIP files sequentially from FTP to ADLS. Sometimes its failed, sometimes not, it's really strange for me. I got this type of error only working with this external FTP server.
Error type:
{
"errorCode": "2200",
"message": "Failure happened on 'Sink' side. ErrorCode=UserErrorFailedToReadFtpData,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Failed to read data from ftp: The remote server returned an error: (530) Not logged in.,Source=Microsoft.DataTransfer.ClientLibrary,''Type=System.Net.WebException,Message=The remote server returned an error: (530) Not logged in.,Source=System,'",
"failureType": "UserError",
"target": "Copy from FTP"
}
A connection is good, as I said sometimes it copy files without any errors, this is a simple activity so I don't know what can cause this type of error.
Sometimes it throws an error after copying 50mb on adls.
Can it be related to the FTP server?
A possible root cause could be :
Your FTP server does not support SSL but you enabled SSL in the FTP linked service. If so, You can disable the SSL in FTP linked service. Check out the FTP properties here: https://learn.microsoft.com/en-us/azure/data-factory/data-factory-ftp-connector
From telemetry, it shows Copy can sometimes pass or fail with same payload, so it looks like a transient failure. But it is hard to determine the RCA from error message ("530 Not logged in"). What I'm suspecting is Copy hit throttling or similar transient issue from FTP server which will block the read request in the middle.
For further troubleshoot, could you check from FTP server side to see whether there's any detailed failure log. Besides, it will be a great help if I can get a test account to test the FTP server behavior and try to repro the issue. Please let me know if it is possible for you.
Regards,
Gary

How to re-download Vault Credentials

One of my backups has failed because seemingly the pass phase is corrupted.
I am attempting to re-register the server (I do not know if this will fix the problem but I do know that in this process the pass phrase is entered) and so need to re-download the Vault Credentials.
In the old Azure portal the download of the Vault Credentials link was right there as soon as you went to the particular vault.
In the new Azure portal I cannot find it anywhere. I have looked and looked and Googled and Googled.
I get the feeling that one has to start the whole backup setup again for the server in order to get the credentials via Getting Started > Backup.
So I am in vault that the server backs up to and I go to Getting Started > Backup and follow the steps and then I end up with a list of servers that I need to choose from but my server is not there because it says "VMs in same region as vault and not protected by another vault are shown....".
Anyway I am stuck.
Path to download the vault credential file: Home>Recovery Services vaults>Select your recovery services vault>Properties>Backup credentials
See the screenshot:
OK I fixed my problem but I did not resolve the "How to re-download Vault Credentials".
In the Azure Backup app on the server I went to Actions > Change Properties and re-entered the pass phrase and tried to save it.
I got a message that nothing was saved because the pass phrase had not changed.
So how the heck did it know that if my initial problem was that the pass phrase was corrupted???
I chanced my luck and tried a "Backup Now" and lo and behold it worked.
GO FIGURE AND THANK YOU TEAM AT MS FOR YET ANOTHER CONUNDRUM I HAD TO SOLVE WITH SMOKE AND MIRRORS.
Don't get me started...

SQL Server - Enable TDE Encryption trying to connect to Azure Key Vault

The goal here is to: Assist client in configuring his Key Vault so that he would be able to enable TDE encryption and access it over the government portal url
Customer Verbatim:
"I am running into an issue when trying to enable TDE for SQL Server 2016. I have attached a few files with show the problem. Basically the problem is when SQL tries to connect to the Azure Key Vault it is using the public suffix (azure.net) instead of the the govcloud suffix (usgovcloudapi.net).
How do I force it to use the correct URL?"
https://vant4gekeyvault.vault.usgovcloudapi.net/
I think the issue is this is a gov tenant and he's stuck using the commercial URL but we were unable to force the correct URL. I sent him instructions on how to
Set-AzureRmEnvironment for AzureKeyVaultServiceEndpointResourceId as *.vault.usgovcloudapi.net, should be https://vault.usgovcloudapi.net.
but that didn't seem to work. I may be way off on this assumption too, as I'm not really that great in KV. Any Ideas or a known fix?
Here is his error message:
---SQL
Msg 33049, Level 16, State 2, Line 17
Key with name 'SqlTDEKey' does not exist in the provider or access is denied. Provider error code: 2058. (Provider Error - No explanation is available, consult EKM Provider for details)
---EVENT LOG
The description for Event ID 2 from source SQL Server Connector for Microsoft Azure Key Vault cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Vault Name: EKM Operation
Operation: SqlCryptGetKeyInfoByName
Key Name: N/A
Message: Error when accessing registry:5
Read the message again, the account doesn't have permission to modify the registry. It's an issue introduced in the feb release of the connector. I ran into a similar issue, the provider tries to create a registry key but doesn't have permissions to do so, therefore it fails. Try the following steps taken from this blogpost [1]
Open regedit
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
Create a new Key called “SQL Server Cryptographic Provider” (without quotes)
Right click the key, from the context menu select ‘permissions.
Give Full Control permissions to this key to the Windows service account that runs SQL Server
[1] https://www.visualstudiogeeks.com/devops/SqlServerKeyVaultConnectorProviderError2058RegistryConsultEKMProvider

GitKraken Unrecognized allowed types:8

I'm using GitKraken 1.8.0 on windows 10 machine to connect TFS 2015 and when I try to do (Push, Pull, Fetch) I always get toast message error says
Unrecognized allowed types:8
however, I can do these operations successfully using the CLI or Source Tree.
What is the cause of this issue!? and how to overcome that!?
First disconnected and reconnected your TFS account and try again. Also try to clear TFS cache.
Try to directly use Visual Studio with GIT when connecting TFS2015. If this also can work and since you can do the operations successfully using the CLI or Source Tree ,then the issue should related to GitKraken.
To use Gitkraken connect other remote Git repo such as the one hosted on GitHub. If you still got the same error. You may need to give a try with reinstall GitKraken.
It turned out that TFS on a different domain and connecting my computer to this domain solved the problem and everything is working fine now.
The error message doesn't say much but I guess that Unrecognized allowed types:8 error message is some sort of authentication error using the username in [domain\username] format isn't working in this case
Generate GitKraken key, the step is Preference -> Authentication, choose General tab, and press Generate new Private/Public key "Generate" button.
Copy your gitkraken_rsa.pub key by press copy icon button. (SSH Public key item)
Paste your key into TFS server.
Copy your project SSH path from TFS to your Gitkraken Remote push/pull path and be careful there is no unnecessary ".git" word behind your path, if there is, delete it.
Try to Git Fetch/Pull/Push by GitKraken!
I know this is very old thread, but in case any of the mentioned solutions doesn't work for future readers, especially if you are NOT using any kind of integrations inside GitKraken, go to Credential Manager (Windows users) and under "Windows Credentials" -> "Generic Credentials" try to find your "git:" that is causing this issue and update the password to correct one for your git credentials.