Azure pipelines on a self hosted agent gives error NU1301: Unable to load the service index for source during dotnet restore

Question

Having the same issue on a self hosted agent but I'm not specifying password in the yml. just specifying the vstsFeed

- checkout: self
    submodules: true
    persistCredentials: true

- task: NuGetToolInstaller@1
inputs:
  versionSpec: 6.2.1

- task: UseDotNet@2
displayName: Using Dotnet Version 6.0.400
inputs:
  packageType: 'sdk'
  version: '6.0.400'

- task: DotNetCoreCLI@2
displayName: Restore Nuget packages 
inputs:
  command: 'restore'
  projects: '**/*.sln'
  feedsToUse: 'select'
  vstsFeed: 'ba05a72a-c4fd-43a8-9505-a97db9bf4d00/6db9ddb0-5c18-4a24-a985-75924292d079'



 

and it fails with following error error NU1301: Unable to load the service index for source

Nuget feed is on another project of the same organization. I can see that pipeline produces a temp nuget config where it specifies username and password for this feed during run. Been breaking my head for the last 72 hours non-stop to find what is the issue. Azure pipelines and nuget sucks. 99% of the problems we had so far was with nuget not working smoothly with azure pipelines. Microsoft has to take a step back and resolve pipelines and nuget ssues.

Answer 1

From your description, you are using the Nuget feed on another project of the same organization.

You need to check the following points:

1. Check the permission of the Build Service account.

Here are the steps:

Step1: Navigate to Artifacts ->Target Feed ->Feed Settings -> Permission.

Step2: Grant the Build service account Contributor Role . Build service account name: ProjectnamethePipelinelocated Build Service (Organization name)

For example:

2. Check the Limit job authorization scope to current project for non-release pipelines option is Enabled in Project Settings -> Settings.

If yes, you need to disable the option and then the pipeline can use the resource outside the project.

Note: To disable this option, you need to disable the option in Organization Settings-> Settings first. Then you could disable the option in Project level.

Answer 2

Just to make sure: The NuGet feed is on the same Azure instance as the agent is registered with, right?

I remember similar issues on my on-premise Azure DevOps server, but also sometimes on the paid cloud variant. Sometimes it was flaky service state, sometimes the agent itself..

Kevin did give a good point with the permissions - if those are set, you're good to go from a permissions point of view - actually reader permission is enough for a restore - make sure to check the views panel too.

If after permissions check you still got issues, you might try my "just-making-sure-lines for your .yml file:

# NuGet Authentication (safety step, normally not required as all within the same organization/project)
  - task: NuGetAuthenticate@1
    displayName: "Nuget Authentication"

It shouldn't be required but I have it on all my pipes since I had such issues, and it reduced the occurence of the error line you posted in my cases (Hybrid devops architecture).

Another thing I ended up with is to specifiy the feeds explicitly in a repository-wide "NuGet.Config" file - and using this file within my yml files or with script lines instead of tasks now.

If nothing helps, enable diagnostics/verbose logging to get more error details. In the worst case: Log in to your agent machine, open a terminal in the same agent work folder and manually issue a dotnet restore command to see whats going on.

Post the additional results if still no progress.

Good luck