Azure-pipelines-tasks: Exception calling ".ctor" with "1" argument(s): "Value cannot be null. Parameter name: authority

We're also having this problem... Also getting Exception calling ".ctor" with "1" argument(s): "Value cannot be null. when trying to deploy to our Azure cluster via VSTS and using AD authentication for the cluster...

Please advice.

Exact same problem here.

Got around this using certificate authentication - doesn't mean it's not a problem though.

@smatsson @stan-dcip @rbengtsson , if you have configured your cluster with AAD authentication, can you provide the following information to help us figure out the reason:

1. Result of "Connect-ServiceFabricCluster -ConnectionEndpoint -AzureActiveDirectory -GetMetadata"
2. Your cluster manifest - Result of Get-ServiceFabricClusterManifest
3. Have you successfully connected to cluster with your AAD credentials via PowerShell or Service Fabric Explorer?

Hi @linggengmsft

1: (ClientFriendlyName removed)

ConnectionEndpoint   : {<removed>.cloudapp.azure.com:19080}
FabricClientSettings : {
                       ClientFriendlyName                   : PowerShell-00000000-0000-0000-0000-000000000000
                       PartitionLocationCacheLimit          : 100000
                       PartitionLocationCacheBucketCount    : 1024
                       ServiceChangePollInterval            : 00:02:00
                       ConnectionInitializationTimeout      : 00:00:02
                       KeepAliveInterval                    : 00:00:20
                       ConnectionIdleTimeout                : 00:00:00
                       HealthOperationTimeout               : 00:02:00
                       HealthReportSendInterval             : 00:00:00
                       HealthReportRetrySendInterval        : 00:00:30
                       NotificationGatewayConnectionTimeout : 00:00:30
                       NotificationCacheUpdateTimeout       : 00:00:30
                       AuthTokenBufferSize                  : 4096
                       }

1. Tried this several times and get the following each time

Get-ServiceFabricClusterManifest : A communication error caused the operation to fail.
At line:1 char:1
+ Get-ServiceFabricClusterManifest
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Microsoft.Servi...usterConnection:ClusterConnection) [Get-ServiceFabr
   icClusterManifest], FabricTransientException
    + FullyQualifiedErrorId : GetClusterManifestErrorId,Microsoft.ServiceFabric.Powershell.GetClusterManifest

1. Yes it works perfectly with Service Fabric Explorer.

Hi @smatsson ,
For 2: Could you provide clusterManager.xml file on VM(usually under D:\SvcFab) please? We wanna check the AAD config under Security section.
(Follow https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-nodetypes#remote-connect-to-a-vm-scale-set-instance-or-a-cluster-node about how to remote to vm)

For 3: I'd like to confirm - when you connect to Service Fabric Explorer, it redirects to AAD sign-in page, and after you sign in, it redirects back to Explorer page without asking any certificate. Is that correct?

Same problem for me :( (though @stan-dcip's tip was a successful work-around, would prefer the original path)

@linggengmsft Please find attached the clusterManifest.xml (renamed to .txt) from Node0 of our cluster. Also please note that it is not the exact same manifest as when I created the issue as I have added a client certificate as per the workaround from @stan-dcip

clusterManifest.txt

Be sure that the port you've configured for your VSTS service endpoint is the client connection endpoint (19000) and not the HTTP gateway endpoint (19080).

@mthalman-msft Are you saying that the port differs depending on authentication method? The endpoint ends with ".northeurope.cloudapp.azure.com:19000" and works with client certificates.

@smatsson: No, I'm saying that the port differs based on the connection method, not authentication. When you refer to the .northeurope.cloudapp.azure.com:19000 endpoint, is that the exact value (including port number) that you're using in your VSTS service endpoint defined on this page: https://.visualstudio.com//_admin/_services? And can you confirm that your Deploy task is referencing the correct service endpoint in your release definition?

@mthalman-msft I see. Yeah I copied the value from that exact address by selecting my endpoint on the left side of the page, clicking on "Update service configuration" and copying the value from "Cluster Endpoint"

@smatsson: Have you confirmed that the results of running the following PowerShell command with the correct port number do include the AAD metadata?
Connect-ServiceFabricCluster -ConnectionEndpoint "<ClusterName>.northeurope.cloudapp.azure.com:19000" -AzureActiveDirectory -GetMetadata

@mthalman-msft When I do I get the following. Is there any way to get a more detailed error?

PS C:\Users\Stefan> Connect-ServiceFabricCluster -ConnectionEndpoint "<clustername>.northeurope.cloudapp.azure.com:19000"
 -AzureActiveDirectory -GetMetadata
Connect-ServiceFabricCluster : One or more errors occurred.
At line:1 char:1
+ Connect-ServiceFabricCluster -ConnectionEndpoint "<clustername>.northe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-ServiceFabricCluster], AggregateException
    + FullyQualifiedErrorId : CreateClusterConnectionErrorId,Microsoft.ServiceFabric.Powershell.ConnectCluster

@smatsson Please add server cert parameter to the PS cmdlet: -ServerCertThumbprint

@linggengmsft Thanks :) Output is:

PS C:\Users\Stefan> Connect-ServiceFabricCluster -ConnectionEndpoint "<clustername>.northeurope.cloudapp.azure.com:19000"
 -AzureActiveDirectory -GetMetadata -ServerCertThumbprint <cert hash>


ConnectionEndpoint           : {<clustername>.northeurope.cloudapp.azure.com:19000}
FabricClientSettings         : {
                               ClientFriendlyName                   : PowerShell-a94c2c37-b9d1-49d7-81f8-643819dd61db
                               PartitionLocationCacheLimit          : 100000
                               PartitionLocationCacheBucketCount    : 1024
                               ServiceChangePollInterval            : 00:02:00
                               ConnectionInitializationTimeout      : 00:00:02
                               KeepAliveInterval                    : 00:00:20
                               ConnectionIdleTimeout                : 00:00:00
                               HealthOperationTimeout               : 00:02:00
                               HealthReportSendInterval             : 00:00:00
                               HealthReportRetrySendInterval        : 00:00:30
                               NotificationGatewayConnectionTimeout : 00:00:30
                               NotificationCacheUpdateTimeout       : 00:00:30
                               AuthTokenBufferSize                  : 4096
                               }
AzureActiveDirectoryMetadata : {
                               LoginEndpoint                        : https://login.microsoftonline.com
                               Authority                            : https://login.microsoftonline.com/d4504bdd-14f6-4
                               d60-8e2b-0af8dcde85fd
                               TenantId                             : d4504bdd-14f6-4d60-8e2b-0af8dcde85fd
                               ClusterApplication                   : 90a0dda7-f04d-4ad0-ab24-c469f15602e0
                               ClientApplication                    : 136ee521-1145-4abc-8ef3-6b62ec71606f
                               ClientRedirect                       : urn:ietf:wg:oauth:2.0:oob
                               }

@smatsson: Can you share a screenshot of how you've defined your VSTS service endpoint at https://.visualstudio.com//_admin/_services? You can send to me directly if you wish at matt.[email protected].

@mthalman-msft It seems to be working now after switching back to the AD connection I used in the beginning. This time it successfully found all the AD GUIDs needed and deployed the application. The only change to the cluster is that we added a client certificate to use with deploys.

Has there been any changes made to the deployment task? Glitch in connection between VSTS and Azure AD perhaps? Not really sure but grateful for the help from you guys :)

@stan-dcip @rbengtsson Could you please check if it works for you?

Log from VSTS (removed project name and GUIDs from AD).

2016-12-14T06:12:14.5286072Z ##[section]Starting: Deploy Service Fabric Application

2016-12-14T06:12:14.5346070Z ==============================================================================

2016-12-14T06:12:14.5346070Z Task         : Service Fabric Application Deployment

2016-12-14T06:12:14.5346070Z Description  : Deploy a Service Fabric application to a cluster.

2016-12-14T06:12:14.5346070Z Version      : 1.1.2

2016-12-14T06:12:14.5346070Z Author       : Microsoft Corporation

2016-12-14T06:12:14.5346070Z Help         : [More Information](https://go.microsoft.com/fwlink/?LinkId=820528)

2016-12-14T06:12:14.5346070Z ==============================================================================

2016-12-14T06:12:16.6916991Z Searching for path: C:\a\r1\a\**\drop\projectartifacts\Source\<project>\**\PublishProfiles\Cloud.xml

2016-12-14T06:12:17.2556988Z Found path: C:\a\r1\a\sf\drop\projectartifacts\Source\<project>\<project>\PublishProfiles\Cloud.xml

2016-12-14T06:12:17.4186998Z Searching for path: C:\a\r1\a\**\drop\applicationpackage

2016-12-14T06:12:17.4816983Z Found path: C:\a\r1\a\sf\drop\applicationpackage

2016-12-14T06:12:20.0448560Z AAD Authority: https://login.microsoftonline.com/<guid>

2016-12-14T06:12:20.0478730Z Cluster Application ID: <guid>

2016-12-14T06:12:20.0518747Z Client Application ID: <guid>

2016-12-14T06:12:21.5629449Z Successfully connected to cluster.

2016-12-14T06:12:21.6169445Z Searching for path: C:\a\r1\a\**\drop\projectartifacts\Source\<project>\<project>\ApplicationParameters\Cloud.xml

2016-12-14T06:12:21.6839456Z Found path: C:\a\r1\a\sf\drop\projectartifacts\Source\<project>\<project>\ApplicationParameters\Cloud.xml

2016-12-14T06:12:21.6849458Z Overriding application parameter file specified in publish profile with 'C:\a\r1\a\sf\drop\projectartifacts\Source\<project>\<project>\ApplicationParameters\Cloud.xml' specified in the VSTS task.

2016-12-14T06:12:24.4469481Z Application type '<project>Type' and version '1.0.0.20161208.1' was already registered with the cluster, unregistering it...

2016-12-14T06:12:26.4832034Z Unregister application type succeeded

2016-12-14T06:12:26.4891526Z Copying application to image store...

2016-12-14T06:12:37.8195130Z Copy application package succeeded

<removed the rest...>

@smatsson: Nope, no change to the task since this thread began. Glad you got it working.

For the others: we know that you can run into this error if you have not set the port number to 19000 in the connection endpoint you've defined in your VSTS service endpoint at https://.visualstudio.com//_admin/_services. So be sure to check that.

@mthalman-msft This just appeared for us---deployed a build successfully then deployed another build ten minutes later and it failed with this error. No changes to the environment or connection.
The port is set to 19000.

Aaaand it's working again. No changes. Is there a chance a transient network error would result in this kinda error? :/