TFS Preview, Error403 and #windowsazure Continuous Integration/Delivery

Last week I delivered a 1 day bootcamp for Microsoft on the Windows Azure Platform. One of the killer demo’s I prepared was the one on integrating TFS or GIT as Continuous Delivery platform. This being a fairly straightforward demo, I still take the effort of going through it a couple of time jus to make sure that nothing has changed on the platform (as any good cloud platform should also have continuous delivery). And luckily I did …

I had prepared a small MVC demo which I wanted to deploy during my demo. I tested it the evening before and all went fine. As pessimistic I can be I took the non-risk of retesting it again a couple of hours before I went Live … and guess what : all of a sudden my demo would work anymore … Even better none of my projects would build anymore. And for once I was sure I didn’t change anything …

First thing I thought of was: an update must have been pushed to the TFSPreview platform. So I tried to create a new project collection and push from scratch. Unfortunately it gave the same result.

But what was the error … it seems a 403 : Forbidden status was send from TFS, but why? It states me that my build couldn’t access certain folder of which you don’t have any control at all …. Pretty weird.

Now, being a little desperate I dropped the demo of TFS, and let it simmer for a couple of dlays. Yesterday I reached out to the Twitterverse, to see if anyone else is experiencing the same issue, because Binging the issue didn’t really gimme any results.

Luckily my tweet was picked by Buck Hodges (@tfsbuck) a TFS expert and Software Development Manager at Microsoft. He pointed me out to an article on TFS-Azure forum. And that explained it all. It seemed that my certificate had expired (the one created on azure and used for authorizing the auto build and deployment) and therefor the security token wasn’t valid anymore, thus revoking my permissions on TFS for executing Builds.

To solve it is a little more hassle than you want: You actually need to disconnect every Windows azure connection from your TFSPreview environment. Why all of them (well actually only those who are linked to that subscription on Windows Azure which is impacted)? Because the certificate is shared over all the projects.

How do you do this?

  1. Fire up you portal in a browser of choice
  2. From the main screen, press the settings icon in the right upper corner:

  3. Select one of the impacted projects and choose “View the project administration page”
  4. Once in there select the tab “Services.

    Choose disconnect, this will “unlink” both environments on the TFS Side

  5. Then fire up your Windows Azure Management Portal, go to the impacted site dashboard and select “Disconnect from TFS” there:

  6. All you have to do now is to select “Set up TFS Publishing”

    fill out your env name and click “Authorize Now”

    Accept the Permissions settings from TFSPreview:

Select the Project you whish to reconnect

And automatically the Environments will be linked again on boths sides and the indication will be made which version was last deployed (it keeps an history of it J)

And that’s it.

Nothing more to it. It will re-create the cert for you and allows you to deliver continuously (if you have stable builds of course J )


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s