Pull request decoration works with existing Azure DevOps account, not the new DevOps bot-account

  • ALM: Azure DevOps
  • CI system: Azure DevOps
  • Languages of the repository: Java

We use my personal Azure DevOps account to succesfully decorate pull requests for a long time now under my name, but since I will be leaving at some point we created a new non-personal account in Azure DevOps that has access to our DevOps organization. Gave the bot-user “Code read/write” access and created a new PAT and entered this PAT in SonarCloud. Nothing else has changed.

However, the new bot-user doesn’t decorate our pull requests. Switching the PAT in SonarCloud back to my personal Azure DevOps account and decoration works again.

So it must be something wrong with the newly created bot-account, but we don’t see any logging why it doesn’t decorate the pull requests. Is it possible to see in SonarCloud why it consistently fails now with the newly created bot-account?

hey @tjeerdsc,

Welcome to the community!

Can you share the background task id of one of the analyses that did not decorate Azure?



The failing (bot-account) background task id: AXn6NnEmdyohXhXcKjIa, AXn6DOa_jpxYQz8XXFGl, AXn2NbVn93_RJCzp2KJ9, etc.

The succes (personal account) background task id (from less than an hour ago): AXn6Xnlc4HBUuodcCJXR


It looks that indeed it works with your personal account. I suspect that it is authentication problem. It looks like when bot-account token is taken to perform first query, there is redirection being done (to sign-in page) and the query ends up with 203 Http Error Code (Non-Authoritative Information). Does it ring any bell? Do you think it may be somehow related to your configuration of Azure DevOps user/organization?


Thanks for your help and giving some hints.

We looked into the user settings (groups/membership) and everything looked correct. We didn’t change anything. Although we logged in earlier this week into Azure DevOps with the bot-account to create the PAT we decided to again login and navigate to the Microsoft account management (myaccount.microsoft.com) to check if there’s something wrong with the account itself. Nothing special to see and we didn’t change anything.

We decided to now give it another try and pushed a code change to the pull request branch, suddenly the bot-account did work and decorated our pull requests with the name of the bot-account.

So the giveaway is (in this case) that it seems that you have to one time manage your account settings. Perhaps under water then the Active Directory know that you logged in into your account (to manage it) and sets a flag so that PAT access is allowed. Quite weird, but it does work now.

Thank you very much for your insight! It is extremely valuable. Glad that the problem was solved.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.