We are attempting to set up an internal ProGet server in order to have multiple different nuget package repositories available for use. When attempting to query one of the nuget feeds from ProGet, I receive a 500 Internal Server Error. When looking at the logs in ProGet, it appears as though Octopus is attempting to authenticate as its AD computer account, instead of the account specified in the External Feed configuration.
From ProGet:
Event code: 4010
Event message: An unhandled security exception has occurred.
Event time: 11/18/2014 11:00:08 AM
Event time (UTC): 11/18/2014 4:00:08 PM
Event ID: 6e510c1922d9469990beedadc30acc3e
Event sequence: 4
Event occurrence: 3
Event detail code: 0
I’m able to fix this issue temporarily by having the Octopus Server service run as an administrative Active Directory account which has access to the ProGet feed, however I don’t think this is a viable long-term solution. I would much rather the external account used when specifying the external feed be the one actually used to request data, bypassing the mechanism Windows is trying to use when authenticating as the AD computer account.
Thanks for the reply and sorry for the delay on our response! I will setup a Proget instance on my lab to see if there is a way to make this work. I’ll get back to you as soon as I have some results.
I setup a Proget instance on my labs and couldn’t reproduce your issue. Would it be possible for you to configure Octopus to use the expected account, analyze the http traffic using fiddler/wireshark and send us the logs?
I got it working with a workaround. Run the OctopusDeploy Server with a serviceAccount rather than the Local Computer Account. However, this only partially solved the problem, since Octopus still does not retreive a list of feeds from the ProGet Server… I have to specify the exact name of the feed, and then it will return the feed info. I feel the problem is with Octopus, not with ProGet, since using Nuget from a command line (list) works completely fine. Also, OD is obviously NOT using the account specified in the external feed, otherwise changing the user account of the OD service should have no affect.
Picking up on some of your wording. Octopus can’t retrieve a list of feeds, because NuGet can’t retrieve a list of feeds. NuGet can retrieve a list of packages under a single feed. So if in your settings you are pointing at something like a base directory that then has multiple feeds, this will not work. You need to point to each individual feed.
If I am mistaking your wording, providing a screenshot of your feed settings may also help.
Vanessa
Hi Vanessa,
To Summarize: Nuget can retrieve a list of packages for a feed, while OD can only return a single specified package for a feed.
In OD, I setup a feed and then click “test” which brings up the interface to specify a package name, then click “search”. If I don’t specify the EXACT package ID, nothing is returned. If I specify the EXACT package ID, OD will return the package name, and Version info. Using Nuget to do the same thing, a simple Nuget command with the list command for the feed will return all package names, so I am concluding the problem is a bug in OD. Can this get fixed?
Ahh we might be getting to the bottom of this. The external feed system allows you to test your feeds connection to Octopus by putting in a package name and seeing if it can be found.
It doesn’t allow for wildcards or empty values. It is not a feed browser, it is simply there to make sure the credentials work. It will never list packages.