Why am I getting CouldnotfetchacccesstokenforAzureStatusCode when releasing to Azure from TFS

Question

I wonder if I am the only one getting this CouldnotfetchacccesstokenforAzureStatusCode when deploying(release workflow) from TFS (visualstudio.com) to Azure. Even google doesnt have a clue.

The release workflow profile was set up from within Azure, so I guess the Subscription and Service name are ok. Afterall it manages to get the artifacts transfered. And it HAS been working for a week before it stopped working. It is triggered by a successfull hosted build after a git push. No manual work.

##[section]Finishing: Download Artifacts     
##[section]Starting: Deploy Azure App Service     
==============================================================================     
Task         : Azure App Service Deploy     
Description  : Update Azure App Service using Web Deploy / Kudu REST APIs     
Version      : 2.1.10     
Author       : Microsoft Corporation     
Help         : [More Information](https://aka.ms/azurermwebdeployreadme)     
==============================================================================     
d19c95a6-ebscrabbeldabbeld9c3eb0cfeb exists true     
##[warning]Can\'t find loc string for key: CouldnotfetchacccesstokenforAzureStatusCode     
##[error]CouldnotfetchacccesstokenforAzureStatusCode 400 Bad Request     
##[section]Finishing: Deploy Azure App Service     
##[section]Finishing: Release

I have "Publish using Web Deploy" and "Take App Offline" and the Control Opption "Enabled" checked. The App Service is version 2. Any ideas?

EDIT: Tried version 3(in preview) and I got a different (but probably the same) error:

##[error]Could not fetch acccess token for Azure. Status Code: 400 (Bad Request)

Answer 1

I didn't have to recreate the service connection. I just had to update it and that made the release work again.

1. Open the project in Azure DevOps
2. Click on the pencil to the right of the project name in the overview page, to go to project settings
3. Click on Service Connections under Pipelines
4. Choose azure service connection
5. Click on Update service connection

Answer 2

Just solved this issue by unlinking all the linked items on the deploy step. So 'Azure Subscription' and 'App Service name', even though they appeared to be set correctly... this got it working for me.

Answer 3

Another possible cause for this error -

I have seen this problem occur using the new "Build Editor" (still in preview).

TL;DR The solution would be to NOT use the "process linked parameters" feature for the subscription related parameters until the bug described below is solved.

In that case, if the "process linked parameters" feature is used and the subscription to be used is specified on the "process" level the following would happen:

• The agent would export the environment variables ENDPOINT_AUTH_* of the process level pointing at the wrong "id" for the service endpoint. Unclear why that happens - I tend to blame the initial job message from VSTS following the code here for the agent.
• The task runner would export those wrongly names variables for the tasks to use (in the vault) - relevant code section is here
• The specific azure deployment task would look for the environment variables with the correct id but will get empty results since they are never exported.
• Authentication would fail due to that.

Setting the "debug" flag to 'true' during enqueue of the build would reveal the above in the traces.

Answer 4

I recreated the service connection as juunas mentioned, and that worked. You will find it under "Services" in TFS. So whats the magic bedhind it:

• It binds the service connection to your Azure AD (Tenant ID)
• It creates an application in the azure AD and uses the ClientID in the release process
• It binds the service connection to your subscription ID
• It creates a Principal key (like a password) which can last 1 or 2 years. It was this value that was missing in my original service. You can create your own Principal keys or have TFS autocreate one for you.

Thanks for the hint Juunas!