如何防止Azure Devops机代理停止服务?
我在Azure DevOps中创建了一个部署组,并在Windows 2016服务器计算机上注册了Azure Pipelines代理。注册机器后,该服务成功开始,并且机加工在Azure DevOps中以在线出现。但是,几个小时后,该服务关闭了,几个小时后无法发现代理商
我重新启动了该服务(在Yeloow中突出显示),但是该机器在Azure DevOps中脱机出现。
您能帮忙吗?
I created a deployment group in Azure DevOps and registered an Azure Pipelines agent on a windows 2016 Server machine. After registering the machine, the service started successfully and the machined appeared as online in Azure DevOps. However, the service turned itself off after few hours and the agent was not discoverable after few hours as in the picture
I restarted the service (highlighted in yeloow) but the still the machine appears offline in Azure DevOps.
Can you please help?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
从您的描述来看,问题可能是由TLS1.0 / TLS 1.1的贬值引起的。
根据博客,根据微软防止加密攻击的立场,我们宣布Azure DevOps服务将不再接受跨越TLS 1.0 / TLS 1.1的连接,并且最少需要TLS 1.2。
如果您的本地机器使用TLS 1.0 / TLS 1.1,则可能导致代理保持离线。
请参阅下面的以下步骤检查并在计算机中启用TLS 1.2:
如果您已成功启用了TLS 1.2,则应该看到与下图相同的结果:
如果不是,请按照步骤2启用TLS 1.2。
运行此powerShell脚本: powerShell脚本启用TLS 1.2 启用TLS 1.2。启用TLS 1.2后,请在步骤1中运行脚本以检查并确保已成功启用了TLS 1.2。请与我们分享结果的屏幕截图。
启用TLS 1.2后,您需要在密码套件下启用:(请在此处找到密码套件: https://devblogs.microsoft.com/devops /折旧 - 晶体标准标准-TLS-1-0-1-1-1-1-1-1-1-1-1-1-1-1-驱动器服务/#如何启用-TLS-1-2 )
路径:hkey_local_machine \ system \ system \ currentcontrolset \ control \ securityProviders \ Schannel \ ciphers \ ciphers \
右键单击密码,并添加一个名为
tls_dhe_rsa_with_aes_aes_128_gcm_sha256(*),右键单击此键并启用dword值启用:00000001:00000001
它是OS上的钥匙,在下面的四个TLS 1.2 Cipher suits之一上,启用了四个TLS 1.2 cipher sublable:
open opent open opable:
.MSC(本地组策略)并设置以下组策略:计算机配置,管理模板,网络,SSL配置设置> SSL密码套件订单。设置启用策略。
(请确保这里存在所需的密码,否则空的密码将覆盖注册表密钥中的密码。)
在管理模式下运行“ gpupdate.exe/force”。
。
重新启动本地机器。
通过下面的命令检查连接:
(Indoke -webrequest -uri status.dev.azure.com).statusdescription
它返回确定意味着本地机器和AzureDevops之间的连接运行良好。
From your description, the issue could be caused by the deprecation of TLS1.0 / TLS 1.1.
According to the blog, per Microsoft’s position to protect against cryptographic attacks, we are announcing that Azure DevOps services will no longer accept connections coming over TLS 1.0 / TLS 1.1 and require TLS 1.2 at a minimum.
If your local machine is using TLS 1.0 / TLS 1.1, it can cause the agent keeping offline.
Refer to the following steps below to check and enable TLS 1.2 in your machine:
If you have enabled TLS 1.2 successfully, you are supposed to see the same result as the picture below:
If not, please follow Step 2 to enable TLS 1.2.
Run this Powershell script:PowerShell script to enable TLS 1.2 to enable TLS 1.2. After enabling TLS 1.2, please run the script in Step 1 to check and make sure you have enabled TLS 1.2 successfully. Please also kindly share a screenshot of the result with us.
After enabling TLS 1.2, you need to enable below cipher suites: (Please find the cipher suites here: https://devblogs.microsoft.com/devops/deprecating-weak-cryptographic-standards-tls-1-0-and-1-1-in-azure-devops-services/#how-to-enable-tls-1-2 )
Path:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\
Right-click on Ciphers and add a new key named
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (*), right-click on this key and add a DWORD value Enabled:00000001
It is key that on the OS one of the four TLS 1.2 cipher suites below is enabled:
Open Gpedit.msc (local group policy) and set the following Group policy: Computer Configuration, Administrative Templates, Network, SSL Configuration Settings > SSL Cipher Suite Order. Set the policy to enabled.
(Please make sure the required cipher exists here, otherwise the empty cipher will overwrite the cipher in the registry key.)
Run “GPupdate.exe /force” in Admin mode.
Restart the local machine.
Check the connection by below command:
(Invoke-WebRequest -Uri status.dev.azure.com).StatusDescription
It returns OK means the connection between local machine and AzureDevOps is working well.