Azure DevOps Services Unavailability and Resolution

Azure DevOps services can become unavailable due to scheduled maintenance, which typically occurs during weekends or late evenings. This maintenance is necessary to ensure the services run smoothly and efficiently.

If you're experiencing unavailability, check the Azure status page for updates on the current status of Azure DevOps services. You can also check the Azure DevOps service health dashboard for more information.

Azure DevOps services are designed to be highly available, but sometimes issues can arise due to technical difficulties or high traffic volumes. In such cases, the Azure DevOps team works to resolve the issue as quickly as possible.

If you see an issue reported on the Azure DevOps Services health page, we're already working to restore normal operations.

You can check the health page for updates on the issue. If the issue isn't reported, you can ask a question through the Azure DevOps Services virtual support agent.

For issues not related to availability, refer to our Developer Community portal.

Readers also liked: Azure Services Health

If you're experiencing issues with Azure DevOps services, check the Status history page for detailed information on active and past events. Each event log contains associated information such as the impacted service, geography, and event duration.

You can filter the logs to adjust the scope of your search into past events. Additionally, you can use the REST API to build automated alerting solutions to stay on top of events.

Common issues include access and permission problems. Here are some common reasons a project member can't access a project, service, or feature:

You don't have enough concurrency to run all your jobs simultaneously.

To check your concurrency limits, navigate to Project settings, Parallel jobs, or visit https://dev.azure.com/{org}/_settings/buildqueue?_a=concurrentJobs.

Choose the pool you want to check concurrency on, and select View in-progress jobs.

Currently running X/X jobs indicates whether you have reached your concurrency limit.

If both numbers are the same, pending jobs will wait until currently running jobs complete.

You can view all jobs, including queued jobs, by selecting Agent pools from the Project settings.

Here's a step-by-step guide to check concurrency:

If your concurrency limit is reached, the following message may be displayed: The agent request is not running because all potential agents are running other requests.

The Azure DevOps Services status portal displays four indicators that reflect the severity of a service health event: Healthy, Degraded, Unhealthy, and Advisory.

The highest severity events, which affect a large percentage of customers, render some parts of the product unusable.

You can access detailed information on active and past events from the Status history page, where each event log contains associated information such as the impacted service, geography, and event duration.

The Azure DevOps Services status portal uses these indicators to reflect the severity of a service health event, making it easy to understand the impact of an issue.

You can filter the logs to adjust the scope of your search into past events, helping you to quickly find the information you need.

The indicators are a useful tool for staying on top of service health events and ensuring that you're aware of any issues that may be affecting your work.

Azure Key Vault and Firewall issues can be a real pain. If you're having trouble accessing Azure Key Vault from your pipeline, it's likely due to the firewall blocking the Azure DevOps Services agent IP address.

The solution is to allowlist the IP addresses published in the weekly JSON file. This file is a crucial resource that can help you troubleshoot networking issues with Microsoft-hosted agents.

For more information on how to allowlist these IP addresses, check out the Microsoft-hosted agents: Networking article.

Consider reading: Microsoft Azure Services Appauthentication

Tfs Agent Connection Issues can be frustrating, but there are some common causes to look out for. One possible reason is that the agent connection configuration fails while testing, which can happen on-premises TFS only.

Intriguing read: Azure Devops Use Service Connection in Powershell Task

Another issue is that the agent lost communication with the server. This can be due to a misconfigured notification URL, which is a common problem with 1.x agent versions.

If you're experiencing issues with the TFS Job Agent not starting, it might be because the Windows service is not running. Check the web console for a message saying "Waiting for an agent to be requested" and make sure the Visual Studio Team Foundation Background Job Agent service is started.

Here are some possible causes of Tfs Agent Connection Issues:

Don't worry if you're not sure what's causing the issue - these are just some of the most common problems to look out for. By checking these potential causes, you should be able to get your Tfs Agent Connection Issues sorted out.

Azure subscription and access issues can arise from various reasons, including expired Visual Studio subscriptions, inactive Azure subscriptions, and old user tokens cached in Azure DevOps Services.

To troubleshoot Azure subscription and access issues, you can refer to the following steps:

Azure DevOps features are based on a user's access level and security group. To use Azure DevOps features, users must be added to a security group with the appropriate permissions and have access to the web portal. The following access levels are available: Stakeholder, Basic, Basic + Test Plans, and Visual Studio subscription.

Here are some reasons why users may lose access to Azure DevOps:

If your Azure subscription isn't listed when creating a service connection, it might be due to an old user token cached in Azure DevOps Services. To resolve this issue, manually update the cached user token in Azure DevOps Services.

Authentication and token issues can occur when using Azure DevOps services, causing unavailability or restricted access.

A common issue is when a project member's access level doesn't support access to a service or feature, requiring a determination of their access level and subscription status.

For your interest: Windows Azure Access Control Service

Group rules governing a user's access level or project membership can also restrict access, necessitating a review of these rules.

If a service principal's token has expired, it needs to be renewed by verifying and saving the service connection in Project settings.

When creating a service connection, a maximum of 50 Azure subscriptions are listed, and an old user token cached in Azure DevOps Services can prevent a subscription from being listed.

To resolve this issue, manually update the cached user token by following the steps outlined in the Azure DevOps documentation.

Here are some common error messages related to authentication and token issues:

These error messages can be resolved by renewing the access token for an automatically created service principal, as described in the Azure DevOps documentation.

If your service principal's token has expired, you may see error messages like AADSTS7000215: Invalid client secret is provided, AADSTS7000222: The provided client secret keys for app '***' are expired, or Invalid client id or client secret.

To renew the access token for an automatically created service principal, go to Project settings > Service connections, and select the service connection you want to modify.

Select Edit in the upper-right corner, and then select Verify. Finally, select Save.

This operation is available even if the service principal's token has not expired, and it will update the secret for the app registered for the service principal.

Suggestion: Azure Devops Service Principal

This issue occurs when you try to verify a service connection that has an expired secret. The error messages you may see include "AADSTS7000215: Invalid client secret is provided", "AADSTS7000222: The provided client secret keys for app '***' are expired", or "Invalid client id or client secret".

To resolve this issue, go to Project settings > Service connections, and then select the service connection you want to modify. Select Edit in the upper-right corner, and then make any change to your service connection, such as adding a description. Select Save to save the service connection, but do not try to verify it at this step.

You might enjoy: Azure Devops Service Connections

Exit the service connection edit window, and then refresh the service connections page. Select Edit in the upper-right corner again, and now select Verify. Select Save to save your service connection.

A simpler approach is to renew the access token for an automatically created service principal by going to Project settings > Service connections, selecting the service connection you want to modify, and then selecting Edit and Verify.

If you're seeing a job stuck in limbo, it might be because it's waiting for approval.

Your pipeline might not move to the next stage because it's waiting on approval. For more information, see Define approvals and checks.

If you're unsure why your job is pending, check the pipeline to see if there are any approval stages holding it back.

In some cases, a job might be waiting for approval because the pipeline is configured to require it.