Set-AzureService : ForbiddenError: The server failed to authenticate the request.

Please make sure that user who runs teamcity build agent has all nesessary permissions.

Hi thanks for the reply Evgeniy Koshkin

But how to check the premissions for build agent ?  As I am a newbie to Teamcity I dont have much idea about it.

TeamCity build agent runs as windows service or from console on behalf of particular windows user. So you need to check if that user has all permissions required.

I have Teamcity Installed on Azure VM so how m i suppose to check that ?

I check teamcity is running under SYSTEM in VM.

Do you use your user account to run powershell manually? If so please make sure both users have same set of permissions.

I had logged in with Administator and the the permission set are same for both the user.
Does Teamcity uses some cetificate to comunicate with Azure Cloud ?
Because this issue came when i deleted Certificates on Azure.  

TeamCity doesn't do anything special with certificate.

So can you figure out why the powershell script is executing in Powershell when ran manually and not when with Teamcity build steps ?

Error :

Please try to run build agent via cmd, not as a windows service.

Could you please check that 'Add -NoProfile argument' in powershell step (under 'Advanced settings') is not checked?
If it is checked it might prevent your installed certificates from loading.

If unchecking this option does not help, you can try the following:
1) Login to the TeamCity Agent machine under the same user account as TeamCity Agent is launched.
2) Manually re-import your Azure certificates as described in the documentation https://msdn.microsoft.com/en-us/library/dn495124.aspx and https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/
3) Try to run your powershell script or simple command like 'Get-AzureSubscription' manually on the agent machine under the same user to make sure azure is set up correctly
4) Try the same from TeamCity build step. Make sure '-NoProfile' checkbox is not checked

Thanks Oleg Rybak for the Reply

As you mentioned  'Add -NoProfile argument'  in Powershell step : Uncheck that

At my side there is no such Checkbox visible nor Advance setting. I am using TeamCity Professional 7.1.5.
 
Can you please expain what can be done here ?

I see. There was no such option in 7.1.5 and -NoProfile was added later. You can just ignore it.
Nevertheless, try to follow the steps I have written to manually set up the certificate for proper user.

Also consider upgrading to newer version, as we have just released version 9.1 with a lot of new features

I had repeated the steps many times on VM
Even the Script file i am runnning in Powershell step works fine when run manually on VM powershell and the app gets deployed on azure service.
The error i get only when done by teamcity.
It fails in Powershell step.

I finally got the sloution

The error message that I got is

Set-AzureService : ForbiddenError: The server failed to authenticate the
request. Verify that the certificate is valid and is associated with this subscription.

It’s a bit misleading because as you can see in the code below (esp: last line), I did set the current storage but why did I get this message?

[05:14:33][Step 3/3] Set-AzureService : ForbiddenError: The server failed to authenticate the
[05:14:33][Step 3/3] request. Verify that the certificate is valid and is associated with this
[05:14:33][Step 3/3] subscription.
[05:14:33][Step 3/3] At line:1 char:1
[05:14:33][Step 3/3] + Set-AzureService -ServiceName $service -Label $deploymentLabel
[05:14:33][Step 3/3] + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[05:14:33][Step 3/3] + CategoryInfo          : CloseError: (:) [Set-AzureService], ComputeCloud
[05:14:33][Step 3/3] Exception
[05:14:33][Step 3/3] + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagemen
[05:14:33][Step 3/3] t.HostedServices.SetAzureServiceCommand

The script was working fine when run in VM Powershell but failed when run with Teamcity.

To resolve this I followed the following Steps :

• Open Windows Powershell on VM
• Run "Get-AzurePublishSettingsFile". It will ask you to login to Azure and you will get the publish setting file for your Azure Subscription associated with your account.
• Then run "Add-AzureAccount", It will ask you to login and your account will be added to powershell.
• Login to Azure Portal (manage.windowsazure.com).
• Go to Settings => Management Certificates section. Get the ThumbPrint of the recently added PublishSettingCertificate.
• On Powershell run Import-AzurePublishSettingsFile "path of your publish setting file on VM"
• run Add-AzureCertificate -serviceName "Your service Name" -certToDeploy (get-item cert:\CurrentUser\MY"Certificate ThumbPrint you got from Azure")
• Finally "Get-AzureSubscription", to see the subscriptions added on Powershell.

Hope this helps some one :)

Great that the issue is resolved!