dotnet restore does not try all sources for restoring

[alaatm]

Steps to reproduce

1-Create a project that references packages from public nuget, some myget feed and a private feed that requires authentication.

2-Add Nuget.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
    <add key="myget" value="https://www.myget.org/F/***/api/v3/index.json" />
    <add key="auth" value="https://nuget.***.com/nuget" />
  </packageSources>
  <packageSourceCredentials>
    <auth>
      <add key="Username" value="****" />
      <add key="Password" value="****" />
    </auth>
  </packageSourceCredentials>
</configuration>

Note that the auth feed uses version 2.

3-Run the following
dotnet restore --configfile NuGet.config

Expected behavior

Packages are restored.

Actual behavior

dotnet restore tries to use only the auth feed to restore packages that reside in public nuget/myget.

Retrying 'FindPackagesByIdAsyncCore' for source 'https://[auth-feed]/FindPackagesById()?id='Microsoft.EntityFrameworkCore.SqlServer''.
Key not valid for use in specified state
Retrying 'FindPackagesByIdAsyncCore' for source 'https://[auth-feed]/FindPackagesById()?id='Microsoft.EntityFrameworkCore.SqlServer''.
Key not valid for use in specified state
Retrying 'FindPackagesByIdAsyncCore' for source 'https://[auth-feed]/FindPackagesById()?id='[myget-package-1]''.
Key not valid for use in specified state
Retrying 'FindPackagesByIdAsyncCore' for source 'https://[auth-feed]/FindPackagesById()?id='[myget-package-1]''.
Key not valid for use in specified state
Retrying 'FindPackagesByIdAsyncCore' for source 'https://[auth-feed]/FindPackagesById()?id='[myget-package-2]''.
Key not valid for use in specified state
Retrying 'FindPackagesByIdAsyncCore' for source 'https://[auth-feed]/FindPackagesById()?id='[myget-package-2]''.
Key not valid for use in specified state
C:\dotnet-sdk\sdk\1.0.0\NuGet.targets(97,5): error : Failed to retrieve information about '[myget-package-1]' from remote source 'https://[auth-feed]/FindPackagesById()?id='[myget-package-1]''. [D:\a\1\s\***.sln]
C:\dotnet-sdk\sdk\1.0.0\NuGet.targets(97,5): error :   Key not valid for use in specified state [D:\a\1\s\***.sln]

Environment data

dotnet --info output: 1.0.0

I should add that this error does not happen on my local machine, in fact it runs just fine. It only happens on VSTS, I use the dotnet-install.ps1 script to install 1.0.0 as following:

dotnet-install.ps1 -version "$(SdkVersion)" -installDir $(SdkPath) -Architecture x64
where:
SdkVersion=1.0.0
SdkPath=C:\dotnet-sdk

Am I doing something wrong here..?

[NickDarvey]

@alaatm How did you resolve this?

[alaatm]

@NickDarvey Turns out there was no problem with the tools. The feed's password must be either in clear text format or if you need encrypted then it must be generated on the machine that will execute the restore.

[NickDarvey]

Alrighty, thank you @alaatm

[TheCriticalPath]

Has anyone seen a resolution or workaround when using a docker container for builds?

[ImAMightyPirate]

Just in case anyone else ever finds this error via Google. We encountered this error because someone had missed a trailing forward slash from one of our NuGet feed URLs (hosted on ProGet) making it an invalid URL.