Azure devops service connection expired and cannot edit/renew

Question

I have a Service Connection which is being used for Pipelines in Azure DevOps. It was created by another user some time ago. Recently it expired and would not allow me to change the username it was associated with. So I deleted that Service Connection and created a new one, and it took me a lot of time to modify each Pipeline where it was being used.

I have two questions.

Is it possible to change the creator name of the Service Connection?
If not, is there any other way to reuse an existing Service Connection after its secret expires?

Thanks in advance.

What kind of service conection? Azure Rm? I am asking because it may be vary. — Krzysztof Madej, Apr 24 '20 at 08:31

score 70 · Answer 1 · answered Sep 13 '21 at 06:34

70

I just got stuck in the same position trying to manually update the connection with a new client secret. Here's what worked for me:

From the DevOps Service Connection | Click Manage Service Principal
Then on the service principal | Certificates & Secrets
Create a "New Client Secret"
Delete the expired secret
Return to the DevOps Service Connection
Click Edit - click the verify button. It should tell you the client certificate has expired
Now you need to make a meaningless change and save it. I just type a character in to the optional description and save.
Now edit again and click verify, it will now pick up the new client secret and all is happy. Just go delete the meaningless character you typed into the description and click save.

answered Sep 13 '21 at 06:34

CamD

1,023
8
9

While not very intuitive, this indeed works! No need to delete the expired secret though. – Jan_V Jan 25 '22 at 11:08
Cheers for the flow. The no-edit save for the Service Connection on AzDO side is also instructed in MS docs: [azure/devops/pipelines/release/azure-rm-endpoint](https://learn.microsoft.com/en-us/azure/devops/pipelines/release/azure-rm-endpoint?view=azure-devops#service-principals-token-expired) – straville Jan 25 '22 at 14:15
This just helped me i didnt understand why it couldnt verify, how did i put in my secret? turns out, you dont put in a secret. It does that when verifying, thank you this was very helpful! – Jakob Kristensen Mar 08 '22 at 11:17
4

This answer helped me a lot! Based on this answer I've prepared a small guide (with images) for anyone else struggling on how to fix this problem. https://piotr.gg/dev-ops/how-to-update-azure-devops-service-principal-connection-once-expired.html – piotr.gradzinski Jun 08 '22 at 12:43
1

Great answer - ty - one question: what's are the options for being notified before they expire?? – developer Mar 13 '23 at 15:38
It is extremely sad that this answer has helped so many people including me – Stilgar Mar 14 '23 at 12:51
Where do you see the button "Manage Service Principal"? I'm on that page and there is only "Edit" and "3 dots" pointing to "Approvals and checks" and "Security" and "Delete". – cryss Apr 24 '23 at 08:34
Saved my bacon today, thanks! – Hman Jun 07 '23 at 15:21
worked for me too and save me a ton of work - should be the accept answer? – zeisi Jul 07 '23 at 08:28

score 2 · Answer 2 · answered Apr 24 '20 at 09:14

2

Defining service connection you can pick a name what you want. So in your case you can reuse old name to minimize your work.

If you ahve already define service connection you can change a name using REST API:

PUT https://dev.azure.com/{organization}/{project}/_apis/serviceendpoint/endpoints/{endpointId}?api-version=5.1-preview.2

You can also edit it from the poertal:

and then:

answered Apr 24 '20 at 09:14

Krzysztof Madej

32,704
10
78
107

1

Please read my notes what I have posted before. Whenever the service connection got expired, is there any way to use the existed one with out deleting because it (the newly created service connection) is taking so much time to configure in the pipelines – Gayathri K Apr 24 '20 at 10:16

score 0 · Answer 3 · answered Apr 27 '20 at 07:22

0

Assuming you are using automatic authentication method. Automatic configured service connection does't allow updating the connection name or other information. You could try manual authentication method or Managed identity.

answered Apr 27 '20 at 07:22

Cece Dong - MSFT

29,631
1
24
39

the existed service connections all are manual and those were created by others. So is there any way to edit the existed one(created by others) – Gayathri K Apr 29 '20 at 07:07
I've tested with Azure Resource Manager using managed identity, which can only modify the service connection name. – Cece Dong - MSFT Apr 29 '20 at 10:03

score 0 · Answer 4 · answered Apr 30 '20 at 07:51

0

I had a similar issue that I couldn't edit an Azure RM Service Connection that had an expired client credential. However, turning off "New service connections experience" in the Preview features blade made it possible to update using the old service connection dialog.

answered Apr 30 '20 at 07:51

Peter W

1

in my organization they won't allow to change those settings, so is there any other options to change(some "X" employee left the project and then I want to update the service connection which was created by that "X" employee) – Gayathri K Apr 30 '20 at 14:07

Azure devops service connection expired and cannot edit/renew

4 Answers4