Authentication Failure cloning from Azure DevOps

[pbahr]

Which Version of GCM are you using ? From a command prompt, run git credential-manager version and paste the output. 1.20.0

Which service are you trying to connect to

• [x] Azure DevOps
• [ ] Azure DevOps Server (TFS/on-prem)
• [ ] GitHub
• [ ] GitHub Enterprise
• [ ] Bitbucket
• [ ] Other? - please describe;

If AzureDevops Hosted describe your url

• [x] dev.azure.com/org
• [ ] org.visualstudio.com

If you're using Azure DevOps, can you access the repository in the browser via the same URL?

• [x] Yes
• [ ] No, I get a permission error.
• [ ] No, for a different reason:

If you're using Azure DevOps, and the account picker shows more than one identity as you authenticate, check that you selected the same one that has access on the web.

• [x] I only see one identity.
• [ ] I checked each and none worked.

Expected behavior I expect to be able to clone my repository using git clone [repo-url]

Actual behavior I see Azure Active Directory dialog box, pick my user and type in my password, then back in Git Bash command line I receive this error: fatal: Authentication failed for '[repo-url]'

I should note that the URL I'm cloning was copied from Azure DevOps and as a result it has a format like https://[org-name]@dev.azure.com/[org-name]/[project-name]/[repo-name]. But the URL in the failure message doesn't have the "[org-name]@" part before dev.azure.com.

Set the env variables GCM_TRACE=1 and GIT_TRACE=1 and run your git command. Redact any private information and attach the log

GIT_Trace=1 GCM_TRACE=1 git clone https://[org-name]@dev.azure.com/[org-name]/[project-name]/_git/[repo-name]
15:58:20.430606 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files (x86)/Microsoft Visual Studio/2017/Community/Common7/IDE/CommonExtensions/Microsoft/TeamFoundation/Team Explorer/Git/mingw64/bin
15:58:20.432601 git.c:439               trace: built-in: git clone 'https://[org-name]@dev.azure.com/[org-name]/[project-name]/_git/[repo-name]'
Cloning into '[project-name]'...
15:58:20.468546 run-command.c:662       trace: run_command: git remote-https origin 'https://[org-name]@dev.azure.com/[org-name]/[project-name]/_git/[repo-name]'
15:58:20.555317 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files (x86)/Microsoft Visual Studio/2017/Community/Common7/IDE/CommonExtensions/Microsoft/TeamFoundation/Team Explorer/Git/mingw64/libexec/git-core
15:58:20.556270 git.c:703               trace: exec: git-remote-https origin 'https://[org-name]@dev.azure.com/[org-name]/[project-name]/_git/[repo-name]'
15:58:20.556270 run-command.c:662       trace: run_command: git-remote-https origin 'https://[org-name]@dev.azure.com/[org-name]/[project-name]/_git/[repo-name]'
15:58:20.634062 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files (x86)/Microsoft Visual Studio/2017/Community/Common7/IDE/CommonExtensions/Microsoft/TeamFoundation/Team Explorer/Git/mingw64/libexec/git-core
15:58:22.126447 run-command.c:662       trace: run_command: 'git credential-manager get'
15:58:22.472522 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files (x86)/Microsoft Visual Studio/2017/Community/Common7/IDE/CommonExtensions/Microsoft/TeamFoundation/Team Explorer/Git/mingw64/libexec/git-core
15:58:22.473519 git.c:703               trace: exec: git-credential-manager get
15:58:22.473519 run-command.c:662       trace: run_command: git-credential-manager get
15:58:22.607203 ...\Common.cs:744       trace: [Main] git-credential-manager (v1.20.0) 'get'
15:58:22.668995 ...\Git\Where.cs:348    trace: [FindGitInstallations] found 1 Git installation(s).
15:58:22.675019 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 13 entries.
15:58:22.724888 ...\Common.cs:85        trace: [CreateAuthentication] detecting authority type for 'https://[org-name]@dev.azure.com/'.
15:58:23.143729 ...uthentication.cs:223 trace: [DetectAuthority] detected 'https://dev.azure.com/[org-name]/' as Azure DevOps from GET response.
15:58:23.149713 ...uthentication.cs:291 trace: [DetectAuthority] tenant resource for 'https://dev.azure.com/[org-name]/' is {[tenant-resource-no]}.
15:58:23.150711 ...uthentication.cs:359 trace: [GetAuthentication] AAD authority for tenant '[tenant-resource-no]' detected.
15:58:23.186636 ...\Common.cs:140       trace: [CreateAuthentication] authority for 'https://[org-name]@dev.azure.com/' is Azure Directory.
15:58:23.186636 ...\Common.cs:765       trace: [QueryCredentials] querying 'AzureDirectory' for credentials.
15:58:23.192647 ...uthentication.cs:384 trace: [GetCredentials] credentials for 'https://[org-name]@dev.azure.com/' found.
15:58:23.478327 ...\Authority.cs:457    trace: [ValidateSecret] credential validation for 'https://dev.azure.com/[org-name]/_apis/connectiondata' failed.
15:58:24.474663 ...\Authority.cs:247    trace: [NoninteractiveAcquireToken] token acquisition for authority host URL = 'https://login.microsoftonline.com/[tenant-resource-no-with-hyphens]' failed.
15:58:24.474663 ...uthentication.cs:177 trace: [NoninteractiveLogon] non-interactive logon for 'https://[org-name]@dev.azure.com/' failed
15:58:28.039925 ...\Authority.cs:195    trace: [InteractiveAcquireToken] authority host URL = 'https://login.microsoftonline.com/[tenant-resource-no-with-hyphens]', token acquisition for tenant [[tenant-resource-no]] succeeded.
15:58:28.039925 ...Authentication.cs:98 trace: [InteractiveLogon] token acquisition for 'https://[org-name]@dev.azure.com/' succeeded.
15:58:28.396543 ...\Authority.cs:533    trace: [GetAccessTokenRequestBody] creating access token scoped to 'vso.code_write vso.packaging' for 'https://dev.azure.com/[org-name]/'
15:58:29.139559 ...\Authority.cs:124    trace: [GeneratePersonalAccessToken] personal access token acquisition for 'https://[org-name]@dev.azure.com/' succeeded.
15:58:29.139559 ...uthentication.cs:450 trace: [GeneratePersonalAccessToken] personal access token created for 'https://[org-name]@dev.azure.com/'.
15:58:29.524626 ...\Authority.cs:457    trace: [ValidateSecret] credential validation for 'https://dev.azure.com/[org-name]/_apis/connectiondata' failed.
15:58:29.524626 ...\Common.cs:822       trace: [QueryCredentials] credentials for 'https://[org-name]@dev.azure.com/' not found.
15:58:29.526670 ...\Common.cs:709       trace: [LogEvent] Failed to retrieve Azure Directory credentials for 'https://[org-name]@dev.azure.com/'.
15:58:30.080237 run-command.c:662       trace: run_command: 'git credential-manager erase'
15:58:30.452224 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files (x86)/Microsoft Visual Studio/2017/Community/Common7/IDE/CommonExtensions/Microsoft/TeamFoundation/Team Explorer/Git/mingw64/libexec/git-core
15:58:30.454294 git.c:703               trace: exec: git-credential-manager erase
15:58:30.454294 run-command.c:662       trace: run_command: git-credential-manager erase
15:58:30.585908 ...\Common.cs:744       trace: [Main] git-credential-manager (v1.20.0) 'erase'
15:58:30.646704 ...\Git\Where.cs:348    trace: [FindGitInstallations] found 1 Git installation(s).
15:58:30.651690 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 13 entries.
15:58:30.689589 ...\Common.cs:85        trace: [CreateAuthentication] detecting authority type for 'https://PersonalAccessToken@dev.azure.com/'.
15:58:30.708538 ...uthentication.cs:199 trace: [DetectAuthority] 'https://dev.azure.com/[org-name]/' is Azure DevOps, tenant resource is {[tenant-resource-no]}.
15:58:30.709536 ...uthentication.cs:359 trace: [GetAuthentication] AAD authority for tenant '[tenant-resource-no]' detected.
15:58:30.747460 ...\Common.cs:140       trace: [CreateAuthentication] authority for 'https://PersonalAccessToken@dev.azure.com/' is Azure Directory.
15:58:30.747460 ...\Common.cs:259       trace: [DeleteCredentials] deleting Azure DevOps credentials for 'https://PersonalAccessToken@dev.azure.com/'.
15:58:30.757408 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:https://PersonalAccessToken@dev.azure.com/[org-name]'.
15:58:30.790320 run-command.c:662       trace: run_command: 'git credential-manager erase'
15:58:31.147408 exec-cmd.c:237          trace: resolved executable dir: C:/Program Files (x86)/Microsoft Visual Studio/2017/Community/Common7/IDE/CommonExtensions/Microsoft/TeamFoundation/Team Explorer/Git/mingw64/libexec/git-core
15:58:31.148438 git.c:703               trace: exec: git-credential-manager erase
15:58:31.148438 run-command.c:662       trace: run_command: git-credential-manager erase
15:58:31.281008 ...\Common.cs:744       trace: [Main] git-credential-manager (v1.20.0) 'erase'
15:58:31.338896 ...\Git\Where.cs:348    trace: [FindGitInstallations] found 1 Git installation(s).
15:58:31.344840 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 13 entries.
15:58:31.384772 ...\Common.cs:85        trace: [CreateAuthentication] detecting authority type for 'https://PersonalAccessToken@dev.azure.com/'.
15:58:31.768826 ...uthentication.cs:223 trace: [DetectAuthority] detected 'https://dev.azure.com/[org-name]/' as Azure DevOps from GET response.
15:58:31.773813 ...uthentication.cs:291 trace: [DetectAuthority] tenant resource for 'https://dev.azure.com/[org-name]/' is {[tenant-resource-no]}.
15:58:31.774811 ...uthentication.cs:359 trace: [GetAuthentication] AAD authority for tenant '[tenant-resource-no]' detected.
15:58:31.810715 ...\Common.cs:140       trace: [CreateAuthentication] authority for 'https://PersonalAccessToken@dev.azure.com/' is Azure Directory.
15:58:31.810715 ...\Common.cs:259       trace: [DeleteCredentials] deleting Azure DevOps credentials for 'https://PersonalAccessToken@dev.azure.com/'.
15:58:31.817775 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:https://PersonalAccessToken@dev.azure.com/[org-name]'.
fatal: Authentication failed for 'https://dev.azure.com/[org-name]/[project-name]/_git/[repo-name]'

[steveski]

We've just migrated from 2019 server to cloud and I'm getting the same problems. This issue goes back to April. I guess no one is addressing it?

[ragesh-urolime]

@steveski , Could you please check the FAQ step. It might help.