Community Center | Not monitored
Tag not monitored by Microsoft.
Error with DevOps self hosted vmss agent: client with IP '2.413.62.52' is not allowed access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 9%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Bharath
10
Reputation points
I have set-up private ACR set up with public access and admin credentials disabled. [
](https://i.stack.imgur.com/KfH3t.png)
It has a private endpoint approved ,setup with private connection,private dns zones configured.
The private endpoints reside in subnetEndpoint in virtualNetwork vNetApp I have setup a DevOps pipeline using Self hosted agent. The agent makes use of a Virtual Machine scale set deployed in a virtual network agentSubnet in vNetApp.
The agent makes use of Service Principal which i have assigned acrPush role
The pipeline executes a docker build and should push the image to the private ACR with private endpoint.
I create a service connection dockerConn for connecting the Docker task to ACR
I give dockerConn Acrpush role against the registry and pass it to the pipeline.
stage: Build
pool:
name: ${pool}
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker@2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(acrImageRepository)-$(Build.SourceBranchName)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection) //This is given acrPush role
When i run the pipeline the Docker task fails when the step comes to push the image to ACR.
518047573282: Waiting
denied: client with IP '2.413.62.52' is not allowed access. Refer https://aka.ms/acr/firewall to grant access.
##[debug]Exit code 1 received from tool '/usr/bin/docker'
##[debug]STDIO streams have closed for tool '/usr/bin/docker'
##[error]denied: client with IP '2.413.62.52' is not allowed access. Refer https://aka.ms/acr/firewall to grant access.
##[debug]Processed: ##vso[task.issue type=error;]denied: client with IP '2.413.62.52' is not allowed access. Refer https://aka.ms/acr/firewall to grant access.
##[debug]Trying to logout from registry: ***
####[debug]set DOCKER_CONFIG=
##[debug]Processed: ##vso[task.setvariable variable=DOCKER_CONFIG;isOutput=false;issecret=false;]
##[debug]task result: Failed
##[error]The process '/usr/bin/docker' failed with exit code 1
error message:
client with IP '2.413.62.52' is not allowed access. Refer https://aka.ms/acr/firewall to grant access
Can anyone help here? Thanks
Community Center | Not monitored
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Monalla-MSFT 13,166 Reputation points Moderator2023-07-25T03:03:39.9866667+00:00 @Bharath -
Welcome to Microsoft Q&A and thanks for reaching out.
Devops is not currently supported here on Microsoft QnA.
The Community Members and Engineers are actively answering questions in dedicated forums here. Please post your question in that forum:
https://developercommunity.visualstudio.com/spaces/21/index.html
https://azure.microsoft.com/en-in/support/devops/
Hope this helps. and please feel free to reach out if you have any further questions.
If the above response was helpful, please feel free to "Accept as Answer" and click "Yes" the same so it can be beneficial to the community.
Sign in to comment
Sign in to answer