Open rendmath opened 6 years ago
@rendmath a GIT_TRACE + GCM_TRACE would be very useful. If you're willing to add a GIT_TRACE_CURL to that mix it would be even better. Please remember to redact any private, personally identifiable, or secret information from the trace before sharing. Thanks!
I'm seeing the same issue connecting from a different forest/domain to the one in TFS. Here's the trace:
C:\tmp>git clone https://this.is.fqdn.url/tfs/SomeName/SomeName/ProjectName/_git/Some.Interesting.Repo LocalFolderName
Cloning into 'LocalFolderName'...
12:51:29.824485 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.18.0) 'get'
12:51:29.903487 ...\Git\Where.cs:348 trace: [FindGitInstallations] found 1 Git installation(s).
12:51:29.910488 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 17 entries.
12:51:29.918489 ...\Common.cs:345 trace: [EnableTraceLogging] GCM arguments:
protocol=https
host=this.is.fqdn.url
path=
12:51:29.989489 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'https://this.is.fqdn.url/'.
12:51:30.252496 ...\Common.cs:224 trace: [CreateAuthentication] authority for 'https://this.is.fqdn.url/' is basic with NTLM=Auto.
12:51:30.253496 ...\Common.cs:765 trace: [QueryCredentials] querying 'Auto' for credentials.
12:51:30.407500 ...uthentication.cs:119 trace: [AcquireCredentials] 'https://this.is.fqdn.url/' supports NTLM, sending NTLM credentials instead
12:51:30.408500 ...\Common.cs:780 trace: [QueryCredentials] credentials found.
12:51:30.770572 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.18.0) 'erase'
12:51:30.846574 ...\Git\Where.cs:348 trace: [FindGitInstallations] found 1 Git installation(s).
12:51:30.854575 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 17 entries.
12:51:30.861574 ...\Common.cs:345 trace: [EnableTraceLogging] GCM arguments:
protocol=https
host=this.is.fqdn.url
path=
username=
password=
12:51:30.912575 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'https://this.is.fqdn.url/'.
12:51:31.166960 ...\Common.cs:224 trace: [CreateAuthentication] authority for 'https://this.is.fqdn.url/' is basic with NTLM=Auto.
12:51:31.168960 ...\Common.cs:252 trace: [DeleteCredentials] deleting basic credentials for 'https://this.is.fqdn.url/'.
12:51:31.173960 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:https://this.is.fqdn.url'.
fatal: Authentication failed for 'https://this.is.fqdn.url/tfs/SomeName/SomeName/ProjectName/_git/Some.Interesting.Repo/'
We have the same issue as above. If we using Visual Studio Team Explorer GCM stores the credentials in the Windows Credential Store. But if we use the command line or git bash it doesn't prompt for a username or password and as such the authentication fails. Also the work around of using Visual Studio Team Explorer doesn't work with GIT LFS. GIT will succeed but (because GSM will find the credentials in the credential store) GIT LFS fails (seems like the credentials aren't being passed along).
GIT and GIT LFS works for domain joined computers, but doesn't for non-domain joined computer.
As a note we have an on Prem TFS 2018 with the latest update and using Azure Active Domain connected to on Prem Active Directory
What is Visual Studio Team Explorer doing that is different from the command line?
@gistofj:
Is this thread still monitored?
I'm working in a sandbox machine on host.devglobal.exp.loc
while I need to access a TFS machine at tfs.global.exp.loc
. And I cannot authenticate, not matter what I try.
2.21.0.windows.1
When accessing the TFS website from my sandbox machine in IE11, I need to authenticate like domain\user
. I'd expect git to request/accept the same credentials.
Using Git, Visual Studio 2019 or Git Extensions, none of them is asking me for credentials when I try to clone the repository. The only software that's asking me for credentials is GitHub Desktop. I even stores the credentials I enter in the Windows credential store. Nonetheless, authentication fails and the repository is not cloned to my sandbox machine.
git clone --config core.ignorecase=false --branch development http://tfs.global.exp.loc:8080/tfs/MyCollection/_git/exp-Plus Exp-Plus
GIT_TRACE
, GCM_TRACE
and GIT_TRACE_CURL
:TF400813: Resource not available fo 14:46:34.430810 http.c:716 <= Recv data: r anonymous access. Client authentication required.......
TF400813: Resource not availabl 14:46:34.821472 http.c:716 <= Recv data: e for anonymous access. Client authentication required.....< 14:46:34.821472 http.c:716 <= Recv data: /pre>..
HTTP Error 401. The requested resource requires u 14:46:34.821472 http.c:716 <= Recv data: ser authentication.
.... 14:46:34.821472 http.c:728 == Info: Connection #0 to host tfs.global.exp.loc left intact 14:46:34.821472 http.c:728 == Info: Issue another request to this URL: 'http://tfs.global.exp.loc:8080/tfs/MyCollection/_git/exp-Plus/info/refs?service=git-upload-pack' 14:46:34.821472 http.c:728 == Info: Couldn't find host tfs.global.exp.loc in the _netrc file; using defaults 14:46:34.821472 http.c:728 == Info: Found bundle for host tfs.global.exp.loc: 0x33a4760 [can pipeline] 14:46:34.821472 http.c:728 == Info: Could pipeline, but not asked to! 14:46:34.821472 http.c:728 == Info: Re-using existing connection! (#0) with host tfs.global.exp.loc 14:46:34.821472 http.c:728 == Info: Connected to tfs.global.exp.loc (10.7.78.56) port 8080 (#0) 14:46:34.821472 http.c:728 == Info: Expire in 0 ms for 6 (transfer 0x339e350) 14:46:34.821472 http.c:728 == Info: Server auth using NTLM with user '' 14:46:34.821472 http.c:675 => Send header, 0000000918 bytes (0x00000396) 14:46:34.821472 http.c:687 => Send header: GET /tfs/MyCollection/_git/exp-Plus/info/refs?service=git-upload-pack HTTP/1.1 14:46:34.821472 http.c:687 => Send header: Host: tfs.global.exp.loc:8080 14:46:34.821472 http.c:687 => Send header: Authorization: NTLM@SetTrend not by me. I am no longer associated with Microsoft or the GCM. Last I heard @jeschu1 had been handed the responsibility of monitoring this repository, but that was 6+ months ago and things may have changed.
Thanks for clarifying. So, I've launched a new issue now: #848.
Description
I'm currently trying to clone the same TFS Git repository from two machines that have recently been installed with the exact same software. Only difference between the two: one is joined to the same domain as the TFS server, while the other isn't joined to any domain.
Cloning the repository from the Visual Studio Team Explorer works on both machines, and creates a new entry in the Windows Credential Manager.
But cloning from the Git command line only works from the domain-joined computer.
On the non-joined computer, the git clone commands ends with no prompt and this error message:
The only way I've found to configure the non-joined computers is to manually create and maintain the credentials in the Windows Credential Manager. Then, it starts working.
Switching to schannel (as mentioned in your FAQ) doesn't change the observed behavior.
Is this expected behavior, or am I missing something here?
I can provide full GIT_TRACE + GCM_TRACE logs if necessary.
Versions
Configuration