Azure DevOps On-Prem (Air gapped) Functionality issues

ChrisLindsey 20 Reputation points
2026-06-30T15:20:58.55+00:00

We are currently running an on-prem air gapped ADO server and having issues with basic ADO functionality.

Version: 2022.2 (AzureDevopsServer_20240806.7)

Issues:

  1. No users have the ability to access their user profiles on the top right. After clicking the user profile picture nothing happens.
  2. When manually navigating to _usersSettings we lack the ability to create any SSH public keys
  3. When manually navigating to _usersSettings we lack the ability to create any Personal Access Tokens (PAT)

What would be causing these issues? What can we do as an organization to fix these?

Azure DevOps
0 comments No comments

Answer accepted by question author

Jerald Felix 15,690 Reputation points Volunteer Moderator
2026-06-30T16:45:51.7+00:00

Hello ChrisLindsey,

Greetings! Thanks for raising this question in the Q&A forum.

These three symptoms together (profile flyout doing nothing, and both the SSH key and PAT pages failing) usually point to the same root cause on Azure DevOps Server: those pages are built with client side JavaScript components that try to reach an external resource (such as an avatar image service or a CDN hosted script) when they load. On a true air gapped server with no outbound internet access, that call never completes, the script throws an unhandled error, and the whole panel silently fails to render instead of showing a friendly error message. This is a common pitfall specifically because Azure DevOps Server is on prem but its web layer still expects a few outbound calls unless it is fully configured for a disconnected environment.

  1. Check the browser console first Open the page in question, press F12 to open developer tools, go to the Console and Network tabs, and reproduce the issue by clicking the profile picture or navigating to _usersSettings/keys or _usersSettings/tokens. Look for failed requests (red entries) and note the blocked domain and any JavaScript exceptions. This will confirm whether the failures are network related or something else like a permissions or identity provider issue. Confirm patch level Make sure your Azure DevOps Server 2022.2 instance is fully patched. There have been multiple cumulative patches released for 2022 Update 2 that fix UI and client side bugs. Check your current patch against the latest available on the Azure DevOps Server downloads page, since some of these flyout and settings panel issues were addressed in later patches rather than caused by network restrictions. Review your air gapped network configuration If the console shows blocked outbound calls, your deployment likely needs explicit allowances for any external resources the web tier still depends on (icon fonts, telemetry endpoints, or default avatar services). Compare your firewall rules against the official allowlist guidance, and if any required domain cannot be reached due to your air gapped policy, that confirms the cause rather than a bug.
https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url

Verify the Application Tier event logs

On the Application Tier server, check the Windows Event Viewer under Application for any Team Foundation Server (TFS) or IIS related errors logged at the same time as the failed page loads. These often capture server side exceptions that do not surface clearly in the browser.

Escalate to Microsoft if the cause is not a known patch issue

If the browser console and event logs do not point to a blocked external dependency or a known fixed bug in a newer patch, this is best escalated to Azure Support with your exact patch version, browser console errors, and event log entries attached. Since this is an on prem deployment, support can confirm whether 2022.2 has any specific dependency that breaks in a fully disconnected network and whether a hotfix exists.

https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022u2

If this answer helps you kindly accept the answer which will help others who have similar questions.

Best Regards,

Jerald Felix.

Was this answer helpful?

1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.