Nuget restore fails on Azure Devops with message "unable to load the service index for source"

Question

I have a build for a .NET solution that is running in a self-hosted agent. The solution contains both .NET Core 2.1 and .NET Standard 2.0 projects.

Some of the nuget packages installed are the following:

• NETStandard.Library v2.0.3
• Microsoft.AspNetCore.Mvc v2.0.0
• Microsoft.NETCore.App v2.1.5

The build fails when trying to restore the nuget packages with the following error:

"F:\Agent01\w\141\s\xxxxxxx.sln" (Restore target) (1) -> (Restore target) -> C:\Program Files\dotnet\sdk\2.1.500\NuGet.targets(114,5): error : Unable to load the service index for source https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json. C:\Program Files\dotnet\sdk\2.1.500\NuGet.targets(114,5): error : Response status code does not indicate success: 401 (Unauthorized).

Build task is the following:

This is the content of %appdata%\NuGet\nuget.config file in the build agent:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    <add key="MyFeed" value="https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <MyFeed>
      <add key="Username" value="LocalBuildAgent" />
      <add key="ClearTextPassword" value="xxxxxxxxxxx" />
    </MyFeed>
  </packageSourceCredentials>
</configuration>

I already checked a few similar questions but so far I wasn't able to find a solution for my problem.

Some notes:

• Personal Access Token is NOT expired
• This particular build runs successfully in other build agents
• There is at least 1 build with a "nuget restore" task that was run successfully using this agent (regular nuget restore task, NOT .NET Core)
• Tried restarting the build agent, without success
• Tried specifying a specific version of nuget before the restore, without success
• .NET Core SDK latest version in the build agent is 2.1.500 (multiple versions installed)

What am I missing? How to fix this issue? Why can't I restore the packages using the dotnet restore command?

UPDATE:

Packages are restored without errors when using the old Nuget Restore task as follows:

UPDATE 2:

I am able to restore the packages using the .NET Core task v1:

Or using v2 task with argument --force:

Answer 1

In our case our set up is one where we are running Azure DevOps Server 2020 on premises so we don't need to authenticate in the build pipeline YAML. The artifact/nuget repository is all part of the same system as our build server. The issue ended up being that Pipeline settings had limited our access to just the scope of the project. To fix it we did the following.

1. In Azure DevOps go to the project home page.
2. Click on the Gear Settings icon located on the bottom left of the page.
3. Under the Pipelines section of the settings menu click on Settings.
4. Under the General section of the Pipelines Settings page make sure that the Limit job authorization scope to the current project for non-release pipelines, Limit job authorization scope to the current project for release pipelines, and Limit job authorization scope to the referenced Azure DevOps repositories options are unselected. Screenshot below provides an example of what the selections should look like.

Answer 2

The solution that worked for me is:

• go to Azure Artifacts,
• select the feed components that your aplication needs,
• and in permissions, add the account of the Project Collection Build Service to this feed,

and viola, my build pipeline worked and restored correct the csproj.

Answer 3

For thoses comming here in 2021 for the same error message, adding the NuGetAuthenticate@1 task before the pack command may be the missing piece:

- task: NuGetAuthenticate@1

- task: DotNetCoreCLI@2
  inputs:
    command: 'pack'
    packagesToPack: $(projectPath)
    includesymbols: true
    includesource: true
    versioningScheme: 'off'
    verbosityPack: Normal
  displayName: 'Dotnet Pack'

Update response to use NuGetAuthenticate@1 instead of NuGetAuthenticate@0 in response to reflect Paul Hatcher revision in code.

Answer 4

In my case, it was a silly thing: the Azure Devops PAT (personal access token) had expired.

By the way, I recommend specifying only the source in the nuget.config file, and then adding the credentials in this way:

dotnet nuget update source your-source-name -u "tour_user@your.domain" -p "PAT obtained from Azure devops with appropriate packaging permissions"

This adds the credential to a file in your user profile, and machine encoded, so it's quite safe. You shouldn't expose your PAT as clear text.

Remember that PATs expire by default in 1 month, or max, 12 months, if you change the default expiration.

Answer 5

A quick note for anyone who might visit this answer in 2023 - this issue can sometimes be completely intermittent. I had a working pipeline on Friday, but today, Monday it failed with this message.

While perusing this SO page, I happened to notice and correct a completely unrelated code issue (a comment that needed deleting) and checked that in while continuing to read the answers here. Imagine my surprise when on switching back to the build, it had completed.

So one possible answer is: just try running the build again.

Sigh.

Edit: Seems that at the time I had this problem, the service status for Azure Devops - Artefacts was "degraded". So check that before changing your pipeline.

Answer 6

Here are the steps that helped me fix this same issue in Visual Studio when I was trying to build a solution that was using a NuGet package hosted in Azure DevOps.

1. Make sure that you have Owner or Contributor permissions to the Feed in Azure DevOps.

2. Then in Visual Studio make sure that you are signed in using the account that has the permissions from the previous step.

3. Finally rebuild the solution.

Hopefully this fix your issue too!

Answer 7

I encountered the same issue but for a different reason - not having granted the PAT the appropriate access flags. The Packaging (Create, read, update, and delete feeds and packages) scope is required for the PAT, I had before only set the PAT to have a scope of Build (Artifacts, definitions, requests, queue a build, and updated build properties) having mistaken Artifacts as including private package feeds!

The user experience in VS (both 2015 and 2017) wasn't at all helpful though, both versions repeatedly popping-up the credentials dialog instead of giving more information about what the reason might be (apart from the 401 error response, the clue being in the 'Unauthorized' word though ...).

To summarize the steps to consume a private DevOps package feed -

• In DevOps create a new PAT having the Packages scope as above
• In DevOps also get the package source URL from the Connect to feed page under Artifacts > Packages (this is required for the -source parameter for 'nuget sources add')

• Add the package source (with credentials) to your %APPDATA%\NuGet\NuGet.config using -

  nuget.exe sources add -name {your_package_feed_name} -source https://pkgs.dev.azure.com/{your_org}/_packaging/{your_feed}/nuget/v3/index.json -username PATForPackages -password {the_pat_value_you_got_from_azure_devops}
  

Note: nuget sources add will Base-64 encode the PAT into the packageSourceCredentials Password setting. Also being in your user profile the NuGet.config file is relatively secure provided you keep it secured there, the downside is that this is a host pre-requisite, a consequence of nuget not having in-built Azure DevOps authentication.

Answer 8

Using the latest "Use .NET Core sdk 2.1.504" task worked for me. Seems there are some buggy versions of .NET Core sdk 2.1.5xx out there.

Answer 9

I had to change the nuget installer to 4.8.1 in order for this to work after switching VSTS url to the new Azure Devops url.

Answer 10

I found a solution - add the following package source to %appdata%\NuGet\nuget.config:

<add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />

Complete file looks like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
    <add key="MyFeed" value="https://xxxxxxxxxx.pkgs.visualstudio.com/_packaging/xxxxxxxxxx/nuget/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <MyFeed>
      <add key="Username" value="LocalBuildAgent" />
      <add key="ClearTextPassword" value="xxxxxxxxxxx" />
    </MyFeed>
  </packageSourceCredentials>
</configuration>

Also, check Regression in .NET SDK 500: 'dotnet tool install' fails with 401 (Unauthorized) when there is a private feed in NuGet.config #7524. This problem seems to be caused by .NET SDK 2.1.500.

Another workaround would be to uninstall that version:

The issue is not present in .NET Core SDK 2.1.400, e.g. it goes away when .NET Core SDK 2.1.500 is uninstalled, and reappears when SDK 2.1.500 is installed again.