-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure App Service: Failed to Deploy. The underlying connection was closed: An unexpected error occurred on a send. #12444
Comments
Hi! We're getting this error on our release pipeline when trying to deploy a function app to Europe West |
Hello, we are getting the same errors when trying to deploy a Web App on West Europe too. |
We are experiencing the same issue now. Help! |
same issue since yesterday [error]Failed to deploy App Service. |
Same issue here, but only with the deployment of function apps. |
How did you do that? Answer: In the Azure Portal, Blade TLS/SSL settings, changing the Minimal TLS version to 1.0. Update: don't do this, insecure! See #12444 (comment) |
Indeed, in the portal or in our case in the ARM templates before deploying the webapp. |
Thanks willynagel and rdeveen |
Thanks worked for us today. Fine on 1.2 prior to this. |
The work around worked for us, anyone know if the issue has been fixed? |
This script is using [Net.ServicePointManager]::SecurityProtocol to check if Tls12 is enabled. To check if Tls12 is enabled on your build machine you can run this command in Powershell console. PS C:\> [Net.ServicePointManager]::SecurityProtocol
Tls, Tls11, Tls12
PS C:\> To enforce Tls12 you can add this keys in the registry:
No need to change TLS level to 1.0 in the Azure Portal. |
@rdeveen Strange on our build server we get the same protocols when running your PowerShell command, but we have the same issue. |
+1 for @rdeveen 's solution. Per this article, I believe that the Self-hosted Windows build agent software is targeting an earlier version of .Net. Therefore, it executes pipeline deploys using the TLS settings that are default to that version of .Net. In that article, it suggests modifying the OS registry with the values referenced by @rdeveen and two more (all of which copied below). After I do that and re-run the [Net.ServicePointManager]::SecurityProtocol PS command, I get back "SystemDefault". As my OS is on .Net 4.7 (which uses TLS 1.2 by default), the build agent uses TLS 1.2 and we no longer have any pipeline deploy issues ran through this agent pool.
|
In my case the script returns SystemDefault.
My agent is on .NET 4.8, so I just rebooted the build agent and... 🎉 now it works again. Wtf? |
Same issue on build agent with 2012 R2 |
We are aware of the issue. This was a result of App Service enforcing the minTlsVersion on the web app for the SCM endpoint. As folks pointed out already, this is a breaking change from a behavior perspective, even though it was well intended. As some of you already figured it out, there are multiple ways to get unblocked while App Service team address this
|
Had the same issue when trying to run a deployment on a App Service in West Europe, but only for our production environment. Temporarely switched to an Hosted Build Agent, but after reboot of the build server the deployment is running as smooth as before. :-) |
Thanks @JennyLawrance for the update. Closing the issue. |
Required Information
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Type: Bug
Enter Task Name: Azure App Service deploy(4.163.3)
list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
Environment
Server - Azure Pipelines or TFS on-premises?
Agent - Hosted or Private:
Issue Description
Task name: Deploy Azure App Service
Environment: Canary - East US 2
The Deploy Azure App Service task fails due to connection problems, but when the same code is published using Visual Studio things work.
Only happening for web apps in Canary (East US 2 EUAP) region
Task logs
##[debug]Exit code 4294967295 received from tool 'C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe'
##[debug]Exit code 4294967295 received from tool 'C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe'
##[debug]STDIO streams have closed for tool 'C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe'
##[debug]STDIO streams have closed for tool 'C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe'
##[warning]Make sure the machine is using TLS 1.2 protocol or higher. Check https://aka.ms/enableTlsv2 for more information on how to enable TLS in your machine.
##[error]Error: Error: Could not complete the request to remote agent URL 'https://.scm.azurewebsites.net/msdeploy.axd?site='.
Error: The underlying connection was closed: An unexpected error occurred on a send.
Error: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Error: An existing connection was forcibly closed by the remote host
Error count: 1.
Troubleshooting
Checkout how to troubleshoot failures and collect debug logs: https://docs.microsoft.com/en-us/vsts/build-release/actions/troubleshooting
Error logs
##[error]Error: Error: Could not complete the request to remote agent URL 'https://.scm.azurewebsites.net/msdeploy.axd?site='.
Error: The underlying connection was closed: An unexpected error occurred on a send.
Error: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Error: An existing connection was forcibly closed by the remote host
Error count: 1.
The text was updated successfully, but these errors were encountered: