Deployment from Team Foundation Server to Azure US Government Cloud fails and you cannot update a resource - Microsoft Support [MS]

Deployment from Team Foundation Server to Azure US Government Cloud fails and you cannot update a resource

TFS 2017 TFS 2018 More...Less

Symptoms

When you try to update a resource in Microsoft Azure US Government Cloud, you may receive the following errors because the deployments that are started by using releases on Team Foundation servers may fail.

Could not fetch access token for Azure.

Failed to obtain the Json Web Token (JWT) for service principal id 'ServicePrincipalID'. Exception Message: AADSTS90038: Confidential Client is not supported in Cross Cloud request.

Cause

The AAD authority URL for Azure US Government Cloud has been changed from login-us.microsoftonline.com to login.microsoftonline.us. During the deployment, the release tries to fetch the access token to authenticate the update. The built-in deployment tasks query the old URL for access token and fail.

Resolution

To fix this issue, follow these steps:

1. Download the Azure extension VSIX file accordingly:

   • Azure endpoint extension - TFS 2017 U3

   • Azure endpoint extension - TFS 2018 U2

2. Run command prompt with the administrative credentials by using the TFS administrator account, then upload the extension to the Team Foundation servers by using the following command accordingly:

   • For TFS 2017

     "C:\Program Files\Microsoft Team Foundation Server 15.0\Tools\TfsConfig.exe" publishextension /vsixfilepath:"<Azure VSIX File path>"

   • For TFS 2018

     "C:\Program Files\Microsoft Team Foundation Server 2018\Tools\TfsConfig.exe" publishextension /vsixfilepath:"<Azure VSIX File path>"

Note You do not have to restart any Team Foundation server or computer after the extension is applied.