YawJatah
commented
5 years ago Hi Guys, Here is the GIT_TRACE, GIT_CURL_VERBOSE, and GCM_TRACE. (this is when we don't already have credentials stored in the Windows Credential Manager)
This was the command I ran
GIT_CURL_VERBOSE=1 GIT_TRACE=1 GCM_TRACE=1 git pull --verbose
$ GIT_CURL_VERBOSE=1 GIT_TRACE=1 GCM_TRACE=1 git pull --verbose
23:39:49.674484 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
23:39:49.677484 git.c:415 trace: built-in: git pull --verbose
23:39:49.686481 run-command.c:637 trace: run_command: git fetch --update-head-ok -v
23:39:49.716481 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
23:39:49.718482 git.c:415 trace: built-in: git fetch --update-head-ok -v
23:39:49.725482 run-command.c:637 trace: run_command: GIT_DIR=.git git remote-https origin 'https://my.domain.com/tfs/collection/_git/repo'
23:39:49.757481 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
23:39:49.759492 git.c:671 trace: exec: git-remote-https origin 'https://my.domain.com/tfs/collection/_git/repo'
23:39:49.759492 run-command.c:637 trace: run_command: git-remote-https origin 'https://my.domain.com/tfs/collection/_git/repo'
23:39:49.808480 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
* Couldn't find host my.domain.com in the _netrc file; using defaults
* Trying 52.224.10.158...
* TCP_NODELAY set
* Connected to my.domain.com (52.224.10.158) port 443 (#0)
* schannel: SSL/TLS connection with my.domain.com port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 185 bytes...
* schannel: sent initial handshake data: sent 185 bytes
* schannel: SSL/TLS connection with my.domain.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with my.domain.com port 443 (step 2/3)
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 1460 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with my.domain.com port 443 (step 2/3)
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 2920 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with my.domain.com port 443 (step 2/3)
* schannel: encrypted data got 1176
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with my.domain.com port 443 (step 2/3)
* schannel: encrypted data got 921
* schannel: encrypted data buffer: offset 5017 length 5120
* schannel: sending next handshake data: sending 93 bytes...
* schannel: SSL/TLS connection with my.domain.com port 443 (step 2/3)
* schannel: encrypted data got 51
* schannel: encrypted data buffer: offset 51 length 5120
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with my.domain.com port 443 (step 3/3)
* schannel: stored credential handle in session cache
> GET /tfs/collection/_git/repo/info/refs?service=git-upload-pack HTTP/1.1
Host: my.domain.com
User-Agent: git/2.19.1.windows.1
Accept: */*
Accept-Encoding: deflate, gzip
Pragma: no-cache
* schannel: client wants to read 16384 bytes
* schannel: encdata_buffer resized 17408
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 1460 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 1460 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 2920 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 2920 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 4380 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 4380 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 5840 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 5840 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 7300 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 7300 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 8760 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 8760 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 10220 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 10220 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 11680 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 11680 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 13140 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 13140 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 14600 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 14600 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 16060 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 16060 length 17408
* schannel: encrypted data got 1348
* schannel: encrypted data buffer: offset 17408 length 17408
* schannel: decrypted data length: 16384
* schannel: decrypted data added: 16384
* schannel: decrypted data cached: offset 16384 length 16384
* schannel: encrypted data length: 995
* schannel: encrypted data cached: offset 995 length 17408
* schannel: encrypted data buffer: offset 995 length 17408
* schannel: decrypted data buffer: offset 16384 length 16384
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 16384
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/10.0
< X-TFS-ProcessId: 33f21c50-6967-4690-9427-6077c4201209
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: fa5cdb1d-54bb-435f-8fab-80ed63284e19
< X-TFS-Session: fa5cdb1d-54bb-435f-8fab-80ed63284e19
< X-VSS-E2EID: fa5cdb1d-54bb-435f-8fab-80ed63284e19
< X-FRAME-OPTIONS: SAMEORIGIN
< X-TFS-SoapException: %3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22utf-8%22%3F%3E%3Csoap%3AEnvelope%20xmlns%3Asoap%3D%22http%3A%2F%2Fwww.w3.org%2F2003%2F05%2Fsoap-envelope%22%3E%3Csoap%3ABody%3E%3Csoap%3AFault%3E%3Csoap%3ACode%3E%3Csoap%3AValue%3Esoap%3AReceiver%3C%2Fsoap%3AValue%3E%3Csoap%3ASubcode%3E%3Csoap%3AValue%3EUnauthorizedRequestException%3C%2Fsoap%3AValue%3E%3C%2Fsoap%3ASubcode%3E%3C%2Fsoap%3ACode%3E%3Csoap%3AReason%3E%3Csoap%3AText%20xml%3Alang%3D%22en%22%3ETF400813%3A%20Resource%20not%20available%20for%20anonymous%20access.%20Client%20authentication%20required.%3C%2Fsoap%3AText%3E%3C%2Fsoap%3AReason%3E%3C%2Fsoap%3AFault%3E%3C%2Fsoap%3ABody%3E%3C%2Fsoap%3AEnvelope%3E
< X-TFS-ServiceError: TF400813%3A%20Resource%20not%20available%20for%20anonymous%20access.%20Client%20authentication%20required.
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://my.domain.com/tfs"
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Wed, 09 Jan 2019 04:39:48 GMT
< Content-Length: 20145
<
* schannel: client wants to read 5391 bytes
* schannel: encrypted data buffer: offset 995 length 17408
* schannel: encrypted data got 4425
* schannel: encrypted data buffer: offset 5420 length 17408
* schannel: decrypted data length: 5391
* schannel: decrypted data added: 5391
* schannel: decrypted data cached: offset 5391 length 16384
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: decrypted data buffer: offset 5391 length 16384
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 5391
* schannel: decrypted data buffer: offset 0 length 16384
* Connection #0 to host my.domain.com left intact
23:39:50.097477 run-command.c:637 trace: run_command: 'git credential-manager get'
23:39:50.191475 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
23:39:50.193477 git.c:671 trace: exec: git-credential-manager get
23:39:50.193477 run-command.c:637 trace: run_command: git-credential-manager get
23:39:50.326480 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.18.3) 'get'
23:39:50.434478 ...\Git\Where.cs:348 trace: [FindGitInstallations] found 1 Git installation(s).
23:39:50.442473 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 35 entries.
23:39:50.543471 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'https://my.domain.com/'.
23:39:50.564471 ...\Common.cs:224 trace: [CreateAuthentication] authority for 'https://my.domain.com/' is basic with NTLM=Auto.
23:39:50.564471 ...\Common.cs:765 trace: [QueryCredentials] querying 'Auto' for credentials.
23:39:50.960453 ...uthentication.cs:119 trace: [AcquireCredentials] 'https://my.domain.com/' supports NTLM, sending NTLM credentials instead
23:39:50.960453 ...\Common.cs:780 trace: [QueryCredentials] credentials found.
* Couldn't find host my.domain.com in the _netrc file; using defaults
* Found bundle for host my.domain.com: 0x37c7bf0 [can pipeline]
* Re-using existing connection! (#0) with host my.domain.com
* Connected to my.domain.com (52.224.10.158) port 443 (#0)
> GET /tfs/collection/_git/repo/info/refs?service=git-upload-pack HTTP/1.1
Host: my.domain.com
User-Agent: git/2.19.1.windows.1
Accept: */*
Accept-Encoding: deflate, gzip
Pragma: no-cache
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 1460 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 1460 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 2920 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 2920 length 17408
* schannel: encrypted data got 4380
* schannel: encrypted data buffer: offset 7300 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 7300 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 8760 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 8760 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 10220 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 10220 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 11680 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 11680 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 13140 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 13140 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 14600 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 14600 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 16060 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 16060 length 17408
* schannel: encrypted data got 1348
* schannel: encrypted data buffer: offset 17408 length 17408
* schannel: decrypted data length: 16384
* schannel: decrypted data added: 16384
* schannel: decrypted data cached: offset 16384 length 16384
* schannel: encrypted data length: 995
* schannel: encrypted data cached: offset 995 length 17408
* schannel: encrypted data buffer: offset 995 length 17408
* schannel: decrypted data buffer: offset 16384 length 16384
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 16384
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Server: Microsoft-IIS/10.0
< X-TFS-ProcessId: 33f21c50-6967-4690-9427-6077c4201209
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: fa5cdb24-54bb-435f-8fab-80ed63284e19
< X-TFS-Session: fa5cdb24-54bb-435f-8fab-80ed63284e19
< X-VSS-E2EID: fa5cdb24-54bb-435f-8fab-80ed63284e19
< X-FRAME-OPTIONS: SAMEORIGIN
< X-TFS-SoapException: %3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22utf-8%22%3F%3E%3Csoap%3AEnvelope%20xmlns%3Asoap%3D%22http%3A%2F%2Fwww.w3.org%2F2003%2F05%2Fsoap-envelope%22%3E%3Csoap%3ABody%3E%3Csoap%3AFault%3E%3Csoap%3ACode%3E%3Csoap%3AValue%3Esoap%3AReceiver%3C%2Fsoap%3AValue%3E%3Csoap%3ASubcode%3E%3Csoap%3AValue%3EUnauthorizedRequestException%3C%2Fsoap%3AValue%3E%3C%2Fsoap%3ASubcode%3E%3C%2Fsoap%3ACode%3E%3Csoap%3AReason%3E%3Csoap%3AText%20xml%3Alang%3D%22en%22%3ETF400813%3A%20Resource%20not%20available%20for%20anonymous%20access.%20Client%20authentication%20required.%3C%2Fsoap%3AText%3E%3C%2Fsoap%3AReason%3E%3C%2Fsoap%3AFault%3E%3C%2Fsoap%3ABody%3E%3C%2Fsoap%3AEnvelope%3E
< X-TFS-ServiceError: TF400813%3A%20Resource%20not%20available%20for%20anonymous%20access.%20Client%20authentication%20required.
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://my.domain.com/tfs"
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Wed, 09 Jan 2019 04:39:49 GMT
< Content-Length: 20145
<
* Ignoring the response-body
* schannel: client wants to read 5391 bytes
* schannel: encrypted data buffer: offset 995 length 17408
* schannel: encrypted data got 1572
* schannel: encrypted data buffer: offset 2567 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 5391 bytes
* schannel: encrypted data buffer: offset 2567 length 17408
* schannel: encrypted data got 2853
* schannel: encrypted data buffer: offset 5420 length 17408
* schannel: decrypted data length: 5391
* schannel: decrypted data added: 5391
* schannel: decrypted data cached: offset 5391 length 16384
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: decrypted data buffer: offset 5391 length 16384
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 5391
* schannel: decrypted data buffer: offset 0 length 16384
* Connection #0 to host my.domain.com left intact
* Issue another request to this URL: 'https://my.domain.com/tfs/collection/_git/repo/info/refs?service=git-upload-pack'
* Couldn't find host my.domain.com in the _netrc file; using defaults
* Found bundle for host my.domain.com: 0x37c7bf0 [can pipeline]
* Re-using existing connection! (#0) with host my.domain.com
* Connected to my.domain.com (52.224.10.158) port 443 (#0)
* Server auth using NTLM with user ''
> GET /tfs/collection/_git/repo/info/refs?service=git-upload-pack HTTP/1.1
Host: my.domain.com
Authorization: NTLM AgIAAA4AANA=A=ATAAKAAl5AowOTMDAAAAATBACAABIVAUAARAAAAAAA
User-Agent: git/2.19.1.windows.1
Accept: */*
Accept-Encoding: deflate, gzip
Pragma: no-cache
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: encrypted data got 892
* schannel: encrypted data buffer: offset 892 length 17408
* schannel: decrypted data length: 863
* schannel: decrypted data added: 863
* schannel: decrypted data cached: offset 863 length 16384
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: decrypted data buffer: offset 863 length 16384
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 863
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< WWW-Authenticate: NTLM ZeMAATwBAAA6QKkuHVAKGtBGnEAABBMU4zBAAAAAQAAIJ8AB0gZF4MpBUAbCIBBAIk0A7AaEMEAAABAgGAAACGAAAA9YBBQtnbAAGwAUNTAAswYGgUAvAlAABcB8egAYRAAAANiAGAAUHAASAwAuABBAAAALgWAjQAAEtCAAA=A1wUDmGAAAuHABAAQgJAOAwAAAAAqGAFQVAlMAjABFGAACwwAfAGAsAABZAaMAAGEAIpABaAApAA4AsAcMA0QhBAERA0BApgV7AAFQTA4Aw2ABAAAQAiA1AeuAvtWAAQAvAAt4YRaAACBzBHAKZAARBgKYzZkAwAAUBAkEslBBUOG9AgAAAAGGAABAAAMGBTPaIzAgAAAsdAAQAAAVAAGAcAAAuDrAAAA0QAkABBA=MkAQcoApAEvgBGBAAAcwAAtDBQAAA8b5AAAbHABAATB1LAAdAgMGzABwAANAEA0bAAAAUAaAcAAw7tF1Gv2JBAgIABbubQY6cUAIB8AAwwwABAAQAd0gAG8wADgMBAAQAAAABQAJbkAMA8AAAddUSRfCAAAMBAowG1aodABAQBXWbAcAATplAbgGACgwAsA0lEAUAp6FQAwAAnWgtQTAGUDMgAYwpAGAApAAMAAwBNGYA4At4GACtqwAFpXoAAYBjMAmIAAAAAAAAAABaEQAGZGkAiAAZjtAApGFGAAPFBAAAAwBHHATAQDAA8ghakAAuATCAQAA1AbQ
< Date: Wed, 09 Jan 2019 04:39:49 GMT
< Content-Length: 341
<
* Ignoring the response-body
* Connection #0 to host my.domain.com left intact
* Issue another request to this URL: 'https://my.domain.com/tfs/collection/_git/repo/info/refs?service=git-upload-pack'
* Couldn't find host my.domain.com in the _netrc file; using defaults
* Found bundle for host my.domain.com: 0x37c7bf0 [can pipeline]
* Re-using existing connection! (#0) with host my.domain.com
* Connected to my.domain.com (52.224.10.158) port 443 (#0)
* Server auth using NTLM with user ''
> GET /tfs/collection/_git/repo/info/refs?service=git-upload-pack HTTP/1.1
Host: my.domain.com
Authorization: NTLM ZeMAATwBAAA6QKkuHVAKGtBGnEAABBMU4zBAAAAAQAAIJ8AB0gZF4MpBUAbCIBBAIk0A7AaEMEAAABAgGAAACGAAAA9YBBQtnbAAGwAUNTAAswYGgUAvAlAABcB8egAYRAAAANiAGAAUHAASAwAuABBAAAALgWAjQAAEtCAAA=A1wUDmGAAAuHABAAQgJAOAwAAAAAqGAFQVAlMAjABFGAACwwAfAGAsAABZAaMAAGEAIpABaAApAA4AsAcMA0QhBAERA0BApgV7AAFQTA4Aw2ABAAAQAiA1AeuAvtWAAQAvAAt4YRaAACBzBHAKZAARBgKYzZkAwAAUBAkEslBBUOG9AgAAAAGGAABAAAMGBTPaIzAgAAAsdAAQAAAVAAGAcAAAuDrAAAA0QAkABBA=MkAQcoApAEvgBGBAAAcwAAtDBQAAA8b5AAAbHABAATB1LAAdAgMGzABwAANAEA0bAAAAUAaAcAAw7tF1Gv2JBAgIABbubQY6cUAIB8AAwwwABAAQAd0gAG8wADgMBAAQAAAABQAJbkAMA8AAAddUSRfCAAAMBAowG1aodABAQBXWbAcAATplAbgGACgwAsA0lEAUAp6FQAwAAnWgtQTAGUDMgAYwpAGAApAAMAAwBNGYA4At4GACtqwAFpXoAAYBjMAmIAAAAAAAAAABaEQAGZGkAiAAZjtAApGFGAAPFBAAAAwBHHATAQDAA8ghakAAuATCAQAA1AbQ
User-Agent: git/2.19.1.windows.1
Accept: */*
Accept-Encoding: deflate, gzip
Pragma: no-cache
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: encrypted data got 1460
* schannel: encrypted data buffer: offset 1460 length 17408
* schannel: failed to decrypt data, need more data
* schannel: schannel_recv cleanup
* schannel: client wants to read 16384 bytes
* schannel: encrypted data buffer: offset 1460 length 17408
* schannel: encrypted data got 658
* schannel: encrypted data buffer: offset 2118 length 17408
* schannel: decrypted data length: 2089
* schannel: decrypted data added: 2089
* schannel: decrypted data cached: offset 2089 length 16384
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: decrypted data buffer: offset 2089 length 16384
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 2089
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html
< Server: Microsoft-IIS/10.0
< X-TFS-ProcessId: 33f21c50-6967-4690-9427-6077c4201209
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< ActivityId: fa5cdb25-54bb-435f-8fab-80ed63284e19
< X-TFS-Session: fa5cdb25-54bb-435f-8fab-80ed63284e19
< X-VSS-E2EID: fa5cdb25-54bb-435f-8fab-80ed63284e19
< X-FRAME-OPTIONS: SAMEORIGIN
< WWW-Authenticate: Bearer
< WWW-Authenticate: Basic realm="https://my.domain.com/tfs"
< WWW-Authenticate: Negotiate
* NTLM handshake rejected
* Authentication problem. Ignoring this.
< WWW-Authenticate: NTLM
< X-Powered-By: ASP.NET
< P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
< Lfs-Authenticate: NTLM
< X-Content-Type-Options: nosniff
< Date: Wed, 09 Jan 2019 04:39:49 GMT
< Content-Length: 1293
<
* Connection #0 to host my.domain.com left intact
23:39:51.215451 run-command.c:637 trace: run_command: 'git credential-manager erase'
23:39:51.314449 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
23:39:51.316448 git.c:671 trace: exec: git-credential-manager erase
23:39:51.316448 run-command.c:637 trace: run_command: git-credential-manager erase
23:39:51.432451 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.18.3) 'erase'
23:39:51.551446 ...\Git\Where.cs:348 trace: [FindGitInstallations] found 1 Git installation(s).
23:39:51.560450 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 35 entries.
23:39:51.631446 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'https://my.domain.com/'.
23:39:51.653445 ...\Common.cs:224 trace: [CreateAuthentication] authority for 'https://my.domain.com/' is basic with NTLM=Auto.
23:39:51.653445 ...\Common.cs:252 trace: [DeleteCredentials] deleting basic credentials for 'https://my.domain.com/'.
23:39:51.662444 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:https://my.domain.com'.
23:39:51.690445 run-command.c:637 trace: run_command: 'git credential-manager erase'
23:39:51.771443 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
23:39:51.774442 git.c:671 trace: exec: git-credential-manager erase
23:39:51.774442 run-command.c:637 trace: run_command: git-credential-manager erase
23:39:51.901441 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.18.3) 'erase'
23:39:52.012439 ...\Git\Where.cs:348 trace: [FindGitInstallations] found 1 Git installation(s).
23:39:52.021440 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 35 entries.
23:39:52.093438 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'https://my.domain.com/'.
23:39:52.118438 ...\Common.cs:224 trace: [CreateAuthentication] authority for 'https://my.domain.com/' is basic with NTLM=Auto.
23:39:52.119438 ...\Common.cs:252 trace: [DeleteCredentials] deleting basic credentials for 'https://my.domain.com/'.
23:39:52.130438 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:https://my.domain.com'.
23:39:52.156437 run-command.c:637 trace: run_command: 'git credential-manager erase'
23:39:52.250437 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
23:39:52.252436 git.c:671 trace: exec: git-credential-manager erase
23:39:52.252436 run-command.c:637 trace: run_command: git-credential-manager erase
23:39:52.398440 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.18.3) 'erase'
23:39:52.510433 ...\Git\Where.cs:348 trace: [FindGitInstallations] found 1 Git installation(s).
23:39:52.519433 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 35 entries.
23:39:52.598433 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'https://my.domain.com/'.
23:39:52.623432 ...\Common.cs:224 trace: [CreateAuthentication] authority for 'https://my.domain.com/' is basic with NTLM=Auto.
23:39:52.623432 ...\Common.cs:252 trace: [DeleteCredentials] deleting basic credentials for 'https://my.domain.com/'.
23:39:52.629432 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:https://my.domain.com'.
fatal: Authentication failed for 'https://my.domain.com/tfs/collection/_git/repo/'
jeschu1
Hi Guys,
Up untill GCM vs 1.12.0 , and Git 2.19, GCM will launch a poppup for both GIT and GIT LFS when run from a command line or git bash. With the latest versions GCM doesn't generate a poppup for on prem GIT repos (in our case TFS 2018) that uses NTLM authentication. You can work around GIT by using Visual Studio Team Explorer, but GIT LFS still fails the authentication.
Using GIT_TRACE=1, from git bash we see that GCM is invoked but it doesnt seem to propeely interact with the Windows Credential manager when accessing NTLM (setting provider to AAD seems to force a poppup but the Access token is for the wrong endpoint).
Will provide the GIT_TRACE shortly with sensitive information strippes out