Hello ChrisLindsey,
Greetings! Thanks for raising this question in the Q&A forum.
These three symptoms together (profile flyout doing nothing, and both the SSH key and PAT pages failing) usually point to the same root cause on Azure DevOps Server: those pages are built with client side JavaScript components that try to reach an external resource (such as an avatar image service or a CDN hosted script) when they load. On a true air gapped server with no outbound internet access, that call never completes, the script throws an unhandled error, and the whole panel silently fails to render instead of showing a friendly error message. This is a common pitfall specifically because Azure DevOps Server is on prem but its web layer still expects a few outbound calls unless it is fully configured for a disconnected environment.
- Check the browser console first Open the page in question, press F12 to open developer tools, go to the Console and Network tabs, and reproduce the issue by clicking the profile picture or navigating to
_usersSettings/keysor_usersSettings/tokens. Look for failed requests (red entries) and note the blocked domain and any JavaScript exceptions. This will confirm whether the failures are network related or something else like a permissions or identity provider issue. Confirm patch level Make sure your Azure DevOps Server 2022.2 instance is fully patched. There have been multiple cumulative patches released for 2022 Update 2 that fix UI and client side bugs. Check your current patch against the latest available on the Azure DevOps Server downloads page, since some of these flyout and settings panel issues were addressed in later patches rather than caused by network restrictions. Review your air gapped network configuration If the console shows blocked outbound calls, your deployment likely needs explicit allowances for any external resources the web tier still depends on (icon fonts, telemetry endpoints, or default avatar services). Compare your firewall rules against the official allowlist guidance, and if any required domain cannot be reached due to your air gapped policy, that confirms the cause rather than a bug.
https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url
Verify the Application Tier event logs
On the Application Tier server, check the Windows Event Viewer under Application for any Team Foundation Server (TFS) or IIS related errors logged at the same time as the failed page loads. These often capture server side exceptions that do not surface clearly in the browser.
Escalate to Microsoft if the cause is not a known patch issue
If the browser console and event logs do not point to a blocked external dependency or a known fixed bug in a newer patch, this is best escalated to Azure Support with your exact patch version, browser console errors, and event log entries attached. Since this is an on prem deployment, support can confirm whether 2022.2 has any specific dependency that breaks in a fully disconnected network and whether a hotfix exists.
https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022u2
If this answer helps you kindly accept the answer which will help others who have similar questions.
Best Regards,
Jerald Felix.