Azure-pipelines-tasks: Index Sources & Publish Symbols fails with TF400813: Resource not available for anonymous access. Client authentication required.

I see the same issue on our on-premises instance

@MarkKharitonov @gnimor
Are these new builds that you are having trouble setting up or existing builds that were working break? If so, what was the change that triggered the failure?

FYI this is expected

2019-09-25T20:20:57.9148414Z ##[debug]ARTIFACTSERVICES_SYMBOL_ACCOUNTNAME (empty)
2019-09-25T20:20:57.9212102Z ##[debug]ARTIFACTSERVICES_SYMBOL_PAT (empty)
2019-09-25T20:20:57.9257497Z ##[debug]ARTIFACTSERVICES_SYMBOL_USEAAD (empty)

Those are only for overriding the default of token provided to the build agent:

            $Endpoint = Get-VstsEndPoint -Name "SystemVssConnection"
            [string]$PersonalAccessToken = $Endpoint.Auth.Parameters.AccessToken

It looks like the location service used to allow for anonymous access and now doesn't?
e.g. in hosted this doesn't require auth: https://buildcanary.visualstudio.com//_apis/servicedefinitions/locationservice2/951917ac-a960-4999-8464-e3f0aa25b381

{"serviceType":"LocationService2","identifier":"951917ac-a960-4999-8464-e3f0aa25b381","displayName":"SPS Location Service","relativeToSetting":"fullyQualified","description":"","serviceOwner":"00000000-0000-0000-0000-000000000000","locationMappings":[{"accessMappingMoniker":"HostGuidAccessMapping","location":"https://app.vssps.visualstudio.com/A54d02617-2ebd-42b0-b1e2-257059c4c03d/"}],"toolId":"Framework","parentServiceType":"LocationService2","parentIdentifier":"a5ca35eb-148e-4ccd-bbb3-d31576d75958","properties":{}}

Well, the anonymous does not work for on-premise. However, I do not understand why even try anonymous. If there is no account name, no token and no AAD, then it must be an on-premise installation. If so, the -UseDefaultCredentials makes much more sense, then -UseBasicParsing.

Hmm, any idea for fix or a workaround. Currently it is not possible with an On-Premises setup to publish the symbols to the server? This is really a show stopper because we do not want to use a file share for storing the symbols.

After I tested replacing -UseBasicParsing with -UseDefaultCredentials in a test environment there is an additional error downstream of this...

https://stackoverflow.com/questions/52066165/tfs-2018-update-2-failure-using-vsts-symbol-server

“A symbol server is available with Package Management in VSTS and works best with Visual >Studio 2017.4 and newer. Team Foundation Server users and users without the Package >Management extension can publish symbols to a file share using this task.”

The official documentation link is here: https://docs.microsoft.com/en-us/azure/devops/pipelines/artifacts/symbols?view=azure-devops#q-is-this-available-in-tfs

The authorization error is not expected but it also does not change the behavior of the task. I also noticed that the task itself does call this out, though the documentation link it refers to is broken:

It's possible I'm wrong, but it seems as thought if you want to use this task to publish to the server you need to be on Azure DevOps Service.

We use a file share. The on-prem Azure DevOps Server is a bastard brother of the hosted. Those companies which made the mistake of going with TFS before the hosted version was even born are now screwed up capitally. The hosted version is constantly updated with goodies, while we get the bugs. This is a source of great frustration.

Is there any progress on this bug? Should I open a Microsoft Support case to attract attention? Or maybe spam my entire organisation begging for developers to upvote this issue? Can the poor folks stuck with on-prem get some loving finally?

I see the same issue on our on-premises instance too

I faced this problem on on-premises too.
Is there any work-around?

Same issue here.
Is there at least a workaround?

@arunkm You seem like the maintainer of this feature.
Can you please comment?