-
Notifications
You must be signed in to change notification settings - Fork 590
HttpRequestException and then I'm prompted for username #488
Comments
@fpintos you seem very web / networking literate which should make diagnosis and resolution much easier 😄 First, the best way to collection trace data is to enable tracing. To enable tracing, from a Command Prompt:
The trace should be emitted directly to the standard error of the console and something you can copy/paste into this thread. Of course, please redact any secret or personally identifiable information contained in the trace before posting. 😏 |
Thanks for the quick turnaround. Please find the trace in the attached file. In Fiddler, the requests show up as going to these: The |
Hum...I've connected to the corp VPN and now it worked. Including trace of successful pull. One thing to notice is that this was a new machine, which was AAD-joined fro outside the corp network, and I never ran Git while connected to the corp network before. In fact, I just connected with VPN for the 1st time in this machine just now, after seeing that error about 'domain controller'. |
@fpintos so the GCM attempts non-interactive authentication by default. If the non-interactive fails, it should fall back to interactive. I've seen situations where a user can be non-interactively authenticated, but cannot access source control without multi-factor interactive authentication. In these cases, the users see errors similar to what you were seeing. Please let me know if this happens again to you. |
@whoisj @fpintos Hello guys! I had the exact same issue as @fpintos. Initial situation was that everything was working fine on
Then i cloned a new vsts repo (using the same account as the existing non-corp vsts, but as a guest on a different aad) and from the get-go ops on that repo manifested the two HttpRequestExceptions and asking credentials in the command prompt. While googling i stumbled on this thread and initially dismissed the resolution as "how could it work this way". After banging my head against this for a while, decided to connect via vpn to corp network and try to pull. Got the usual gcm authentication dialog and everything works fine now. I have no idea whats going on, but thought i'd report in. |
I've got something more to add @whoisj I've experienced the exact same behaviour (Windows 10, AzureAD-joined, VSTS -> HttpRequestException), but even within our corporate network I wasn't able to solve it - until now. During the last Windows reinstall and the AAD join, Win10 requests to activate Windows Hello and - in my case - activates the fingerprint login. As long as I've logged in to Windows with my fingerprint the Windows session seems somehow to be "Windows Hello Authenticated". When I'm now doing a Windows sign off and relogin via the good old Windows password, something seems to be different: Now GCM works just as expected (login dialog appears) - but also only when I'm within the corp network or connected via VPN. Just as @fpintos mentioned. IMHO an interesting point: I've experienced the exact same behaviour when I'm using Hello + connected to corp OR when I'm not using Hello and wasn't connected to corp. It seems to be related to the way the current Windows session is authenticated and maybe has something to do with the single sign on behaviour of Windows. I'm not an infrastructure guy, so I'm not quite sure about our corp authentication process, but I think we're using something like ADFS or ADConnect, so the actual authentication flow runs against our OnPrem sts.mycorp.com. It seems git/GCM tries to authenticate against the STS but not in a normal way. |
@MSchmittnaegel thanks for the feedback, very insightful. 😄 I'd like illuminate some of the darker corners of how the GCM operates so that anyone hitting this issue will be better equipped to assist in finding a root cause. When the GCM receives a
My hunch is that there's something bad happening during the token exchange to acquire the PAT, and the PAT is somehow invalid or cannot be acquired. The whole Azure/AD/MSA/VSTS/STS interaction model is highly complex and customizatable (almost to a fault), and pinning down the actual root cause of issues like these has proven to be time consuming and difficult. The symptoms are always significantly more obvious than the actual problem. Specifically, I believe the OP (@fpintos ) issue is related to the non-interactive authentication portion. In some cases I've seen STS setup to allow users to skip multi-factor authentication because the users complained loudly about it. Which means the user is able to get an Azure token without any interaction at all, however access to IP (like source code) requires multi-factor authentication. Since there's no way for the GCM to know these requirements it tries (and fails) to acquire a PAT with simple, single-factor authentication. The net result is a baffled and frustrated user. If my hunch is correct, the best solution would be for the network admins to completely disallow single-factor authentication (that's best no matter what anyways). |
I faced the same issue guys, it appears when I have only TLS1.2 enabled on my PC. After enabling TLS 1.1, SSL.x the issue was resolved. For enabling and disabling I used IISCrypto software. Hope that helps the team and other users. |
@vCillusion starting with v1.14.0 the GCM should support TLS 1.2. Have you tried v1.14.0 and leaving TLS 1.1 disabled? |
Updating to
I'm not sure what changed to cause the error to start happening, since it was working fine yesterday and I'm not aware of anything that changed. Windows updates of some sort, perhaps? Just using a standard windows login. No AAD, no VPN. Whatever the case, can confirm |
@whoisj I am using the latest version 2.4.1.1219 |
@dvlsg the error makes me think you have some kind of proxy running. Something like Telerik Fiddler, a HTTP proxy, or some other "man-in-the-middle" software. Which version of Windows are you using? Does any other service fail when using HTTPS? Have you tried Edge, Chrome, or Fire Fox on this machine? |
Which version of Windows are you using? Does you system support TLS 1.2? I'm having a problem finding the document I really want to link, but here's a document helping get TLS 1.2 unlocked on older versions of Windows. |
I am using latest Windows 10 as mentioned inline. |
@vCillusion as best I know "IISCrypto" is a server admin package. It should not be necessary in anyway for client software. That said, if it does somehow goad Windows into doing the right thing, then by all means give it a try. 😕 |
@whoisj yes IISCrypto just a tool and won't be necessary. The main concern is with TLS 1.2 enabled getting the HTTP request exception |
IISCrypto is just a tool. you can do the same thing it does manually editing the registry. It does make it easier though :) I had to turn TLS1.0 off of our server to be PCI compliant. I clicked checkbox in middle and night rebooted and done :) I changed software before that |
I just started having this problem out of the blue. I can confirm that upgrading to GCM 1.14.0 worked for me https://github.com/Microsoft/Git-Credential-Manager-for-Windows/releases/tag/v1.14.0 |
Same thing here, I followed @dsyme recommendation and it instantly fixed the issue. |
@dsyme @sebastienros thanks for confirming the fix - GitHub finally turned off some weak crypto standards today and TLS 1.0 was being used by GCM. It needed an update to ensure it used TLS 1.2. |
just installed it..same problem. EDIT:reopened my terminal..works |
We're seeing this issue as well and on at least 2 different machines. Just started happening out of the blue |
....looks like GCM fixed it. At least on one of the machines. Still not clear what's going on here or what was fixed. 😕 |
@ghhtimsgh1970 GitHub has finally disabled some weak crypto standards, and GCM was caught up in this because it was defaulting to TLS 1.0. More details about this are here. |
On Windows just reinstall git to v. 2.16.2 (2018-02-15) |
Can confirm issue started happening earlier today just a few hours ago, and updating GCM to what @dsyme linked to has fixed the issue. |
Correct, but only for Git operations from within Visual Studio. I know because I am one of the primary maintainers of Visual Studio's Git integration - so yeah, you can blame / praise me for a lot of that. 😀 |
TortoiseGit suddenly (at this week) start asking for user name/password. Installing v1.14.0 helps, thnx this thread! |
git update to 2.16.2.windows.1 fixed it for me. |
Yeah, I first fixed git console client by updating it to 2.16.2 as @kamilliano said but surprisingly that didn't fix VS... Had to update it anyway. Strange issue. Fortunately fixed :) |
Visual Studio doesn't use the installed Git for Windows, it ships with its own internal copy. Hence the issue. See this issue here : https://developercommunity.visualstudio.com/content/problem/201457/unable-to-connect-to-github-due-to-tls-12-only-cha.html |
Updating to git version 2.16.2.windows.1 worked for me. |
Check the link to solve this error : https://amaniium.blogspot.my/2018/02/httprequestexception-encountered-while.html |
This just happened to me over the last few days on Windows 10 and gitbash. Instantly fixed by installing the latest Git Credential Manager for windows as recommended by @dsyme Thanks! |
I have a similar mistake. Everything was right until last week. |
@nicolasrivadeneira and I assume you've tried updating GCM and/or Git for Windows to resolve the issue? |
Had this issue as well on Windows 7 x64 - confirming that updating to 2.16.2.windows.1 fixes the issue (had to re-cache my credentials as well, I'm assuming this has to do with the turning off of the weaker crypto standards. |
Install |
Trying to download Git for Windows at 11 KB/s ... 😑 |
Good news - installing the latest version takes care of everything - no need to delete old versions or update PATH variables :) |
Yep! started having this issue recently and updating GCM fixed it. Thanks so much! |
Update ur gitBash from : https://git-scm.com/download/win |
I just hit this issue and spent a couple minutes retrying because no clear error message was shown ; it'd be great if more detailed error messages could be shown in such cases. |
Can't finish GitHub sharing process |
@kishorkumarsaini the error message you're seeing is unrelated to authentication. Some service is telling you that the content you're attempting to push contains an email address that you likely do not want to share. |
@kishorkumarsaini please read the GitHub documentation about this setting - some commits on your branch have an email address that you've marked as private on GitHub, so the server is blocking your push to prevent this leaking out. |
I'm facing same problem |
I also installed GCMW-1.14.0.exe and the issue went away. https://github.com/Microsoft/Git-Credential-Manager-for-Windows/releases/tag/v1.14.0 |
I installed GCMW-1.14.0.exe and the issue is gone. https://github.com/Microsoft/Git-Credential-Manager-for-Windows/releases/tag/v1.14.0 |
Installing GCMW-1.14.0.exe works correctly, but make sure to restart your machine, as didn't work until i did so. |
Had the same issues today, turned the flags and saw the same logs described here: #488 (comment) Looks like the issue returned. I was running both Git (2.17) and GCM (1.16) latest in a fresh install of Windows 10 1803 in a AAD-joined machine. Connecting to the VPN once (so it could try to locate the domain controller) made the problem disappear. |
Had same error on version 2.14.1, updated to 2.17.1 and now everything is fine. Maybe it'll help someone out |
Having te same issue with lastest 1.18.5. Connecting to vpn didn't help
|
It may also happen if you use a proxy and the proxy requires NTLM authentication. NTLM is a challenge-response pattern that involves a failing HTTP request twice with a 401 error to exchange the challenge and response, and it then succeeds on the 3rd request. Maybe that's your issue? |
I've installed git and the cred manager (GCMW-1.12.0) on a brand new AAD-joined Windows system (1703 15063.601).
During Git setup I requested the windows command prompt and enabled the credential manager.
When trying to work against a VSTS repro I see the following message and then I'm prompted for user name/password:
Config shows
credential.helper=manager
, but the auth dialog never shows up.In Fiddler I see requests from git-credential-manager which end up failing with 401.
The text was updated successfully, but these errors were encountered: