Sonar Scanner Azure DevOps fails behind proxy and firewall on private agent

We ran multiple self-hosted private build servers (agents) on Azure DevOps, with SonarCloud tasks and a SonarCloud subscription. Azure DevOps agent run as a service, under a Windows account. Machine is Windows 2019.

We have HTTP_PROXY, HTTPS_PROXY, SONAR_SCANNER_OPTS and JAVA_OPTS with our proxy settings. Our Azure DevOps agent also has a .proxy file.
Still the sonar_scanner for msbuild fails to contact SonarCloud on the Prepare SonarCloud task (see attachment for partial logging). After thorough investigation, it was noticed that the sonarcloud task went directly to the firewall for 3 calls (all timeout), and not via the proxy.

The fix: The Azure DevOps agent runs as a service using a account. On our Windows 2019 machine, for the account, we had to set the Windows Proxy settings. Then it works. Suggest to either fix this issue or update the documentation.

sonarcloudproxy.txt (23.8 KB)


Hi @zaat

I have the same configuration as yours (self-hosted windows private agents with a domain account and Azure Devops).
To solve I added in the pipeline three variables:

  JAVA_TOOL_OPTIONS: '-Dhttps.proxyHost=<myProxyHost> -Dhttps.proxyPort=<myProxyPort>  -Dhttp.proxyHost=<myProxyHost> -Dhttp.proxyPort=<myProxyPort> "-Dhttps.nonProxyHosts=localhost|*.<myDomain>" "-Dhttp.nonProxyHosts=localhost|*.<myDomain>"'
  HTTP_PROXY: 'http://<myProxyHost>:<myProxyPort>'
  HTTPS_PROXY: 'http://<myProxyHost>:<myProxyPort>'

the JAVA_TOOL_OPTIONS is because we use maven to build

And I set the pipe to use node10

This was the ticket: Azure devops task behind proxy

Hope this helps

1 Like


Thanks for sharing! In our case, we use MS Build steps. And we have all the settings as mentioned above, but still a few calls bypassed the proxy (this was validated by checking the firewall in our company). Only once we set the Windows proxy settings correctly, then it all went fine. So somewhere, part of the sonarscanner is choosing the Windows proxy settings above all the other settings.


@zaat thanks for the feedback.

Could you clarify what else you did that isn’t in the documentation please?


We enabled the proxy on the windows server itself. In Windows 2019, you can set the proxy settings (type Proxy settings in the search bar of windows).
In steps:

  1. We logged on to the build server with the same account used by the Azure DevOps Agent (we run the agent as a service)
  2. Start Proxy Settings on Windows, fill those with the correct proxy
  3. Restart the agent service

And then it worked. Despite that we have all the other proxy settings done as global environment variables, we still had to do this last Windows proxy setting to make it work.

Hope this helps.