RE: Azure Blob errors with upgrade to 2022

Hi @brett-polivka,

We are currently looking into this issue and we should have an update for you soon.

Thanks,
Dan

Hi @a-diessl,

Looking at your request/response, it looks like the cookie domain is still using the IWS URL. I believe what you will need to add is rules in IIS to replace the cookie domain also.

<rewrite>  
<outboundRules>    
<rule name="Add Domain" preCondition="Domain">
     <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
     <action type="Rewrite" value="{R:0}; domain=proget.example.com" />
     <conditions>
     </conditions>
    </rule>
    <preConditions>
     <preCondition name="Domain">
      <add input="{RESPONSE_Set_Cookie}" pattern="." />
      <add input="{RESPONSE_Set_Cookie}" pattern="; domain=.*"  negate="false"/>
     </preCondition>
    </preConditions>
  </outboundRules>

<inboundRules>    
<rule name="Add Domain" preCondition="InDomain">
     <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
     <action type="Rewrite" value="{R:0}; domain=proget.intranet" />
     <conditions>
     </conditions>
    </rule>
    <preConditions>
     <preCondition name="InDomain">
      <add input="{RESPONSE_Set_Cookie}" pattern="." />
      <add input="{RESPONSE_Set_Cookie}" pattern="; domain=.*" negate="false" />
     </preCondition>
    </preConditions>
  </inboundRules>
 </rewrite>

You may have to tweak this a bit to fit your site exactly, but this should be a good start.

Thanks,
Dan

Hi @pariv_0352,

I have a few questions to get us started.

• What version of ProGet are you using?
• When did this start happening?
• What is your Docker Hub connector URL
• Does it work if you try to pull using docker pull {our_proget_url}/{feed_name}/library/mongo:5.0 (please not the inclusion of the library namespace)?

Thanks,
Dan

Hi @inok_spb,

This error looks to be coming from SQL Server itself. I think the first thing to check would be your Index Fragmentation in SQL Server. We have some information about this in our SQL Server Implementations with Inedo Tools. If you run the following SQL, you should be able to identify any issues with index fragmentation.

SELECT dbschemas.[name] as 'Schema',
        dbtables.[name] as 'Table',
        dbindexes.[name] as 'Index',
        indexstats.avg_fragmentation_in_percent,
        indexstats.page_count
        FROM sys.dm_db_index_physical_stats (DB_ID(), NULL, NULL, NULL, NULL) AS indexstats
        INNER JOIN sys.tables dbtables on dbtables.[object_id] = indexstats.[object_id]
        INNER JOIN sys.schemas dbschemas on dbtables.[schema_id] = dbschemas.[schema_id]
        INNER JOIN sys.indexes AS dbindexes ON dbindexes.[object_id] = indexstats.[object_id]
        AND indexstats.index_id = dbindexes.index_id
        WHERE indexstats.database_id = DB_ID()
        ORDER BY indexstats.avg_fragmentation_in_percent desc

Once you have pinpointed where your potential problems are you can address them with SQL Server Management Studio, under Tables > select table > Indexes > select index > Right-click > select Reorganize. See the Remove fragmentation using SQL Server Management Studio to learn more.

Please let me know if you have any questions.

Thanks,
Dan

Hi @v-makkenze_6348,

Starting in ProGet 2022, we have removed the Web folder and the web application is now included in the Service directory. You will need to update IIS to point to the Service directory now. This is typically handled as part of the upgrade in Inedo Hub. Are you using a multi-site setup in IIS?

Thanks,
Dan

Hi @john-selkirk,

What version of ProGet are you using? Also, is it running on Windows or Linux/Docker?

Thanks,
Dan

Hi @chris-f_7319,

Can you please give this a try?

docker exec -it proget dotnet /usr/local/proget/service/ProGet.Service.dll resetadminpassword

I may be off on the folder path, but that should allow you to run resetadminpassword on the container.

Thanks,
Dan

Hi @pegogif654_4423,

We have some great blog posts about this for NuGet and you can apply the same concepts to UPACK and Docker.

• 5 Quick Tips for NuGet Versioning
• How to use CI/CD pipelines for your NuGet Packages

I believe you are looking to use our Repackaging feature and Package Promotion. Please note that in free editions of ProGet, you can only use the ProGet UI to repackage (for Docker it is Add Virtual Tag) and promote packages and containers. The APIs require a paid edition.

Hope this helps!

Thanks,
Dan

Hi @marc-ledent_9164,

Thanks for letting us know this is now resolved.

Thanks,
Dan

Hi @gurdip-sira_1271,

How were the files added to your Git repository? Were they initially added from Otter? When you navigate to Administration -> Raft Repositories and you click "browse" to the right of your Git raft, do you see any files that show there?

Thanks,
Dan

Hi @chris_5235,

Can you please tell us what version of ProGet you are running? Also just to make sure I understand this correctly, you have a private PowerShell repository and this error is happening when you call Install-Module in PowerShell?

Would you be able to to share how you configured PowerShell to use ProGet as your repository as well as an example of how you are calling Install-Module?

Thanks,
Dan

Hi @marc-ledent_9164,

The notification link is a little misleading. It redirects to the BuildMaster service page so you can manually run the "Server Checker" and see a live output. To see which servers are in an error state, you will need to hover over the gear icon and click on "Servers". Then you will be able to see which servers are in an error state. If you click on the server, you will also see a "Server Errors" section and the connection errors will show there.

Thanks,
Dan

Hi @naresh-busireddy_1974,

We do not currently have a specific BitBucket extension, but access to a repository should be done using the Git extension. The error you are seeing is that the operation is trying to use a secure resource named BitBucket, but one does not exist. Can you navigate to Administration -> Secure Resources and verify their is a secure resource that exists named BitBucket?

Thanks,
Dan

Hi @marc-ledent_9164,

Thanks for following up and letting everyone know that this fixed your issue!

Thanks,
Dan

Hi @marc-ledent_9164,

Thanks for following up and letting us know that fixed the issue. We are currently in the process of cleaning up our activation process in the v2022 versions of our products. This issue should be corrected in the next major version of our products.

Thanks,
Dan

Hi @marc-ledent_9164,

Each container will run a service and web server. The web application will connect to the service over tcp on that port specified (in this case 4242). We call this the Service Messenger. The container will also communicate to the other container's services in the cluster via that that port as well (4242 in your case). When you have BuildMaster configured as a cluster, it will not only provide high availability that way, but it also will distribute the background processes (like deployment plans) amongst all the services to orchestrate the communication to the Inedo Agents.

You can customize the connection on each container's service by clicking the [change] button on each service. Once that has been changed, it will then use the specific configuration instead of the global configuration.

With all of that being said, we have fond that certain rootless container systems (lik podman) will run into port conflicts if you have two containers trying to share the same port on the same server. I'm not sure if open shift has the same restriction, but that may be the reason you are seeing the communication error.

Hope this helps!

Thanks,
Dan

Hi @ales-bahnik_2824,

Your command looks correct. Have you noticed this happen with any other package you are attempting to delete? Does it work if you delete the package from the UI? Also, are you using a personal API Key or a global key?

Thanks,
Dan

Hi @dm-sidelnikov_5266,

I see the email, thanks for sending this over! Please give me some time to review and I'll let you know what I find.

@pieter-mertens_0372, your issue may be related. Although both products are owned by Microsoft, they still differ in their implementation. Does this happen for all packages or just a specific subset?

Thanks,
Dan

Hi @kichikawa_2913,

Glad to hear it is working now. I know the NuGet client does a lot of caching on it's side, so it is very possible that resetting the credentials for Visual Studio forced a reset of that, but I'm not positive. Either way, I'm happy it is working for you now! Please let us know if you find any other issues with it.

Thanks,
Dan

Hi @kichikawa_2913,

For managing the AD Credentials, that will be fixed in ProGet 6.0.11. Unfortunately, that was not caught in time for the release, but it is fixed in a current development branch.

So I just want to make sure I understand the current state.

• You have updated the AD Credentials to use a user that can query groups.
• When you test the permission in ProGet it shows view/download.
• When one of those users logs into the ProGet UI, they can view and download the packages fine.
• When they try to view and download from Visual Studio, it does not work.

Can you confirm that is correct?

When the user is using visual studio, are they logging in with their domain username and password? Or are they using an API key (username api the key as their password)? Can you try resetting the credentials used for visual studio? We have a walk through on how in our troubleshooting section of the how to add a repository to Visual Studio How To.

Thanks,
Dan

Hi @Russell-Kahler_4399,

If you open InedoHub you should see logs for the failed upgrade. Can you please look in there and tell us what database scripts failed to run?

Thanks,
Dan

Hi @mcascone,

Can you go to your Profile settings and tell me what your Homepage is set to?

Thanks,
Dan

Hi @mcascone,

Thanks for bringing this to our attention. It seems to default to support for me. Does it default as empty or Off Topic for you?

Thanks,
Dan

Hi @kichikawa_2913,

I would agree that does not look like a ProGet error. Please let us know what you find.

Thanks,
Dan

Hi @kichikawa_2913,

Do you happen to have multiple groups with the same name in different OUs? Your log output looks like it found the group, but then the search for the users is not returning any users. If you look at the last line of the debug statement you sent, it shows the group name and OUs it is using when searching. That starts at memberOf=CN=<Group_Name>,OU=.

Thanks,
Dan

Hi @dm-sidelnikov_5266,

This is most likely related to either something missing in the package's metadata or a feature missing in the Azure DevOps NuGet API. We have found that Azure DevOps can be a little loose when it comes to the NuGet API spec.

The easiest way for us to solve this would be to share access to your Azure DevOps registry, we can debug this and get a fix out pretty quickly for it. If that will not work for you, could you run Fiddler on your ProGet server and record the connector requests and send us the exported saz file to review? You can email these too us via support@inedo.com with a subject of "[QA-786] Azure DevOps Null Reference" and we can review it from there.

Thanks,
Dan

Also, I just reviewed the email you sent about the view effective privilege's and it looks like something is not linking up correctly for your users group. Would you be able to run the our AD Test tool 1.13.1 from a windows computer and see if your users show up when searching for members in that group? You will see a tab in that tool called "Get Group's Users". It will allow you to verify we are pulling those users back in that group.

Thanks,
Dan

Hi @kichikawa_2913,

When you are on the "Domains / User Directories" tab, you should see a link at the top that says "revert to single-directory mode". Steve is requesting that you click that link and see if the problems with the groups still exists.

Thanks,
Dan

Hi @marc-ledent_9164,

BuildMaster requires SQL Server to run and cannot be replaced with PostgreSQL. But, you can use BuildMaster to manage the change scripts for a PostgreSQL database. You will just need to install the PostgreSQL extension and create a PostgreSQL database connection. You can learn more by reviewing our CI/CD for Databases documentation.

Please let us know if you have any other questions!

Thanks,
Dan

Hi @kichikawa_2913,

Could you try two things for me?

1. Temporarily disable the Built-In directory and see if it works?
2. Re-enable Built-In and login with the user name in the format of "user@domail.local"?

Thanks,
Dan

Hi @kichikawa_2913,

I think I see what is happening. You currently have both the Built-in and the LDAD user directory enabled. I'm guessing you have users added to the Built-In directory with the same username and it is favoring them. Since those are not in the LDAP group, it is not accepting the permissions. Since you are currently only using the LDAP user directory, I would suggest disabling the Built-In directory.

The other options would be to remove those users from the built-in directory or add groups to the Built-In with the same name as the LDAP groups and give those groups permissions.

Thanks,
Dan

Hi @kichikawa_2913,

Thanks for sending that over. Could you also screenshot the "Domains / User Directories" tab and send that over? Your permissions look correct, I'm wondering if there is another setting that might be conflicting.

Thanks,
Dan

Hi @kichikawa_2913,

Thanks for checking that for me. Based on the fact that you cannot view/download the packages via the UI, this sounds like a permissions configuration issue. Is it possible to share a screen shot of your permissions configuration? You can send it to support@inedo.com with the subject of [QA-785] Permissions Configuration if you do not feel comfortable posting on the forums. This will give us a better idea of things to check for (we would also not post any AD group names directly in the forums either).

One last thing, can you confirm the version of ProGet you are using and the version of the InedoCore extension you have installed?

Thanks,
DAn

Hi @kichikawa_2913,

I believe Steve is suggesting for each user to create a personal API key and then use that to authenticate their NuGet feed. That would allow you to use api as the username and api key as the password. As for where this would be setup, you would create the personal API key in ProGet and use that in the NuGet config.

Just a couple of other questions.

• Are users downloading packages using Visual Studio or the NuGet cli?
  • Visual Studio will actually use the Credential Manager and you would have to change the credentials in there.
  • The NuGet.config is typically better used for the NuGet CLI
• Can the user log in to ProGet's UI and view/download the packages in the feed from the UI?
  • This would indicate that the permissions are configured correctly in ProGet.

Thanks,
Dan

Hi @kichikawa_2913,

Good catch! It looks like this is missing from our documentation. I'll work to get it updated this week!

Thanks,
Dan

Hi @kichikawa_2913,

Thank you for following up with us and letting us know it is working now. Also, thanks for clarifying the Docker network setup for me. This is related to how we changed the service messenger in ProGet v6.

I took a deeper look into the code and when setting the endpoint via the "change" link, it will override the configuration's shared value. Once that has been set, it will use the configuration associated with that node instead.

Based on your screenshot, it looks like it was using tcp://*:6001 as the shared configuration (even though you said not to), but failed to connect because it was trying to balance amongst the other nodes. If you were using a Docker network, this most likely would have worked because the individual nodes could have listened on 6001 as well.

After reviewing these changes, you would have to change the service messenger address on each service node in order to apply the configuration you are looking to use (which is what you did above).

Hopefully this gave a bit more context to this change.

Thanks,
Dan

Hi @kichikawa_2913,

I think the main issue here is that the Service.MessengerEndpoint configuration value is a shared configuration across all nodes in your cluster. Can you try setting that value to tcp://*:6001 and then restart all of your containers?

Also, just a couple of questions:

1. Are your Docker containers running on the same docker network?
2. Do you have High Availability enabled?

Thanks,
Dan

Hi @janne-aho_4082,

It looks like @rhessinger replied to your other ticket, EDO-8231, with another potential fix. We will update this forums post with the result of that test.

Thanks,
Dan

Hi @claudio_9251,

I'm not too surprised by this. NuGet has deprecated many of it's ODATA( v2) endpoints which has caused some issue within ProGet, we have documented this in our NuGet v2 troubleshooting guide. It is very possible that Telerik (Progress) has not made these changes on their end which may be causing this. This is especially true when it comes to connectors because ProGet will pass through a lot of the V2 queries the client makes to the remote endpoint. Either way, the NuGet v3 API is the proper API to use going forward and we highly suggest using that.

Thanks,
Dan

Hi @sbindra_9387,

You should create a new free license for your preprod environment. Creating that new license will not affect your production activation. Just to verify, your preprod environment is pointing to a different database and different file storage than your production instance, is that correct?

I know you are running an older version of ProGet, but our guide on how to migrate a server should still work for ProGet 5.1. That guide will show you what you need to do to migrate your production instance to a test server.

Hope this helps!

Thanks,
Dan

Hi @araxnid_6067,

We are always happy to help. Please let us know if you have any other questions for us!

Thanks,
Dan

Hi @araxnid_6067,

You can see where those blobs are used by querying the [DockerImageLayers_Extended] view in SQL server. The file name should match the [Blob_Digest] column and that will show you which repository that uses. If you need to see tags too, you will need to join that with [DockerRepositoryTags_Extended] view on the [DockerRepository_Id] column.

Hope this helps!

Thanks,
Dan

Hi @cronventis,

Thanks for the details. Let us know when you shift over to Azure k8s if that fixes your issue or not. I would love to figure out what configuration made it change that value, but I can definitely understand holding off until you make your final shift.

Thanks,
Dan

Hi @Mikhail-Riabukhin-ext_9798,

ProGet 6.0.7 is scheduled to release this Friday January 28th. We typically release every two weeks, with the occasional delay.

Hope this helps!

Thanks,
Dan

Hi @brett-polivka,

No problem! We are expecting this fix to be released on Friday. We will let you know if anything changes!

Thanks,
Dan

Hi @cronventis,

Just an update: We are still looking into the issue. We are currently having trouble recreating the same API output as yours. In our tests, the imageId returned for the container status contains a different digest. We are digging further into the Rancher documentation, specifically around their Kubernetes configuration.

If you have any tips on some specific Rancher/Kubernetes configurations we should look for, please let us know.

Thanks,
Dan

Hi @brett-polivka,

Thanks again for all the information. I was able to identify the issue and it will be fixed in ProGet 6.0.7. The issue is tracked in PG-2078. Once that is released, you will need to make sure Do not use library/ prefix for repositories without namespaces (this may be required for some container registries like Microsoft Container Registry) is checked.

Thanks,
Dan

Hi @brett-polivka,

Thanks for giving us an update on this. We are digging into this a bit further to see what is going on. Just out of curiosity, for one of the images that are missing the prefix. If you type the image name as 'library<image name>`, does it work then?

Thanks,
Dan

Hi @brett-polivka,

The manifest error is the generic error that the Docker CLI throws when it cannot find an image or something went wrong when pulling the image. Since you do not have any other package or container type (Helm, OCI, etc...) in your registry, it shouldn't cause any issue with ProGet.

Do you see any of your ACR containers in the ProGet UI? ACR does support container searching (or at least it did last time I tested it). Have you tried to enable Attempt to search the container registry in your connector advanced options? That will allow ProGet to list the available images. Could you also attempt to search by the exact image name in ProGet? Do you see your image then? If not, my guess is that your private ACR URL and/or credentials are incorrect.

Based on your ACR configuration, you may have to generate a token instead of using your password. See Microsoft's Authenticate with an Azure Container Registry documentation to see what credentials will work. Basically, if you see docker login under the "How to Authenticate" column, that username/password combination should work in ProGet.

Thanks,
Dan

Hi @brett-polivka,

I have a few questions for you.

• What version of ProGet are you currently running?
• Does your Azure Container Registry only include Docker images or does it also include OCI images?
• Does your registry include HELM packages as well?

Thanks,
Dan