403 Unauthorized on '/api/server/version' for VSTS pipeline analysis


(Wes Vollmar) #1

Azure DevOps (VSTS) build pipeline is failing to communicate with SonarQube. This started occurring without making any changes on our end Q4 last year.


  • Both build agent and SonarQube server are on-prem. No firewall or proxy between.
  • SonarQube IIS app config has only anonymous enabled and no authorization limitations.
  • SonarQube configured to run as a Windows service.
  • No IIS logs indicating denial can be found.
  • Issue occurred with SonarQube 6.7.1 and 7.5.
  • VSTS build step is “Prepare Analysis Configuration” version 4.5.1.
  • Version URL is accessible by me directly with no issue.

Error received is:

2019-01-17T20:38:09.1064192Z ##[section]Starting: Prepare analysis on SonarQube
2019-01-17T20:38:09.1068110Z ==============================================================================
2019-01-17T20:38:09.1068190Z Task         : Prepare Analysis Configuration
2019-01-17T20:38:09.1068260Z Description  : Prepare SonarQube analysis configuration
2019-01-17T20:38:09.1068315Z Version      : 4.5.1
2019-01-17T20:38:09.1068379Z Author       : sonarsource
2019-01-17T20:38:09.1068440Z Help         : [More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
2019-01-17T20:38:09.1068533Z ==============================================================================
2019-01-17T20:38:09.9368581Z ##[error][SQ] API GET '/api/server/version' failed, status code was: 403
2019-01-17T20:38:09.9453548Z ##[section]Finishing: Prepare analysis on SonarQube

Error occurs every build, so all SonarQube analysis is failing. For now we’re just ignoring errors in these build steps.

Any help or ideas would be very helpful. Thanks! :slight_smile:

(G Ann Campbell) #2


IIRC this is one of the first things that happens in analysis & it’s a very basic call. Did permissions on your SonarQube server change? If you’re analyzing with a token, are you sure it hasn’t been revoked?


(Wes Vollmar) #3

Turns out the VSTS build process was trying to route through the proxy for this call, instead of calling the internal service directly. I had to add the internal SonarQube URL to the NO_PROXY environment variable, which then short-circuited the proxy detection logic.

Back up and working now!