Git-credential-manager-for-windows: Cannot submit credentials on ADAL prompt

Created on 19 Apr 2017  路  6Comments  路  Source: microsoft/Git-Credential-Manager-for-Windows

git --version 2.12.2.windows.2
Git Credential Manager for Windows version 1.9.1
Windows 10 Pro
1607
Build 14393.1066

The ADAL prompt appears when I attempt to git clone a repo from a *.visualstudio.com. Filling in the username redirects me to the "login page for my organization" version. Typing the password and pressing Enter (or the "Sign in" button) causes no actions to be taken, and no further entries in the log files.

How can I clone my repository?

01:04:05.431263 git.c:371               trace: built-in: git 'clone' 'https://my-org-name.visualstudio.com/MyProject/_git/repo'
01:04:05.462567 git.c:371               trace: built-in: git 'rev-parse' '--git-dir' '--is-inside-git-dir' '--is-bare-repository' '--is-inside-work-tree' '--short' 'HEAD'
01:04:13.677719 git.c:371               trace: built-in: git 'rev-parse' '--git-dir' '--is-inside-git-dir' '--is-bare-repository' '--is-inside-work-tree' '--short' 'HEAD'
01:04:14.800338 git.c:371               trace: built-in: git 'clone' 'https://my-org-name.visualstudio.com/MyProject/_git/repo'
01:04:14.831585 run-command.c:369       trace: run_command: 'git-remote-https' 'origin' 'https://my-org-name.visualstudio.com/MyProject/_git/repo'
01:04:14.847211 http.c:636              == Info: Couldn't find host my-org-name.visualstudio.com in the _netrc file; using defaults
01:04:14.847211 http.c:636              == Info: timeout on name lookup is not supported
01:04:14.897111 http.c:636              == Info:   Trying 157.55.80.96...
01:04:14.897111 http.c:636              == Info: TCP_NODELAY set
01:04:14.962766 http.c:636              == Info: Connected to my-org-name.visualstudio.com (157.55.80.96) port 443 (#0)
01:04:15.163737 http.c:636              == Info: ALPN, offering http/1.1
01:04:15.163737 http.c:636              == Info: Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
01:04:15.179362 http.c:636              == Info: successfully set certificate verify locations:
01:04:15.179362 http.c:636              == Info:   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
01:04:15.179362 http.c:636              == Info: TLSv1.2 (OUT), TLS header, Certificate Status (22):
01:04:15.179362 http.c:609              => Send SSL data, 0000000005 bytes (0x00000005)
01:04:15.179362 http.c:624              => Send SSL data: .....
01:04:15.179362 http.c:636              == Info: TLSv1.2 (OUT), TLS handshake, Client hello (1):
01:04:15.179362 http.c:609              
01:04:15.247619 http.c:609              <= Recv SSL data, 0000000005 bytes (0x00000005)
01:04:15.247619 http.c:624              <= Recv SSL data: .....
01:04:15.247619 http.c:636              == Info: TLSv1.2 (IN), TLS handshake, Server hello (2):
01:04:15.247619 http.c:609              <= Recv SSL data, 0000000081 bytes (0x00000051)
01:04:15.247619 http.c:636              == Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
01:04:15.247619 http.c:609              <= Recv SSL data, 0000003184 bytes (0x00000c70)
01:04:15.247619 http.c:636              == Info: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
01:04:15.247619 http.c:609              <= Recv SSL data, 0000000333 bytes (0x0000014d)
01:04:15.247619 http.c:636              == Info: TLSv1.2 (IN), TLS handshake, Server finished (14):
01:04:15.247619 http.c:609              <= Recv SSL data, 0000000004 bytes (0x00000004)
01:04:15.247619 http.c:609              => Send SSL data, 0000000005 bytes (0x00000005)
01:04:15.247619 http.c:636              == Info: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
01:04:15.247619 http.c:609              => Send SSL data, 0000000070 bytes (0x00000046)
01:04:15.247619 http.c:609              => Send SSL data, 0000000005 bytes (0x00000005)
01:04:15.247619 http.c:636              == Info: TLSv1.2 (OUT), TLS change cipher, Client hello (1):
01:04:15.247619 http.c:609              => Send SSL data, 0000000001 bytes (0x00000001)
01:04:15.247619 http.c:609              => Send SSL data, 0000000005 bytes (0x00000005)
01:04:15.247619 http.c:636              == Info: TLSv1.2 (OUT), TLS handshake, Finished (20):
01:04:15.247619 http.c:609              => Send SSL data, 0000000016 bytes (0x00000010)
01:04:15.316260 http.c:609              <= Recv SSL data, 0000000005 bytes (0x00000005)
01:04:15.316260 http.c:636              == Info: TLSv1.2 (IN), TLS change cipher, Client hello (1):
01:04:15.316260 http.c:609              <= Recv SSL data, 0000000001 bytes (0x00000001)
01:04:15.316260 http.c:609              <= Recv SSL data, 0000000005 bytes (0x00000005)
01:04:15.316260 http.c:636              == Info: TLSv1.2 (IN), TLS handshake, Finished (20):
01:04:15.316260 http.c:609              <= Recv SSL data, 0000000016 bytes (0x00000010)
01:04:15.316260 http.c:636              == Info: SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
01:04:15.316260 http.c:636              == Info: ALPN, server did not agree to a protocol
01:04:15.316260 http.c:636              == Info: Server certificate:
01:04:15.316260 http.c:636              == Info:  subject: CN=visualstudio.com
01:04:15.316260 http.c:636              == Info:  start date: Jan 18 23:11:04 2017 GMT
01:04:15.316260 http.c:636              == Info:  expire date: Mar 18 23:11:04 2018 GMT
01:04:15.316260 http.c:636              == Info:  subjectAltName: host "my-org-name.visualstudio.com" matched cert's "*.visualstudio.com"
01:04:15.316260 http.c:636              == Info:  issuer: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; OU=Microsoft IT; CN=Microsoft IT SSL SHA2
01:04:15.316260 http.c:636              == Info:  SSL certificate verify ok.
01:04:15.316260 http.c:609              => Send SSL data, 0000000005 bytes (0x00000005)
01:04:15.316260 http.c:624              => Send SSL data: .....
01:04:15.316260 http.c:583              => Send header, 0000000205 bytes (0x000000cd)
01:04:15.316260 http.c:595              => Send header: GET /MyProject/_git/repo/info/refs?service=git-upload-pack HTTP/1.1
01:04:15.316260 http.c:595              => Send header: Host: my-org-name.visualstudio.com
01:04:15.316260 http.c:595              => Send header: User-Agent: git/2.12.2.windows.2
01:04:15.316260 http.c:595              => Send header: Accept: */*
01:04:15.316260 http.c:595              => Send header: Accept-Encoding: gzip
01:04:15.316260 http.c:595              => Send header: Pragma: no-cache
01:04:15.316260 http.c:595              => Send header:
01:04:15.378818 http.c:609              <= Recv SSL data, 0000000005 bytes (0x00000005)
01:04:15.378818 http.c:624              <= Recv SSL data: .../N
01:04:15.378818 http.c:583              <= Recv header, 0000000027 bytes (0x0000001b)
01:04:15.378818 http.c:595              <= Recv header: HTTP/1.1 401 Unauthorized
01:04:15.378818 http.c:583              <= Recv header, 0000000040 bytes (0x00000028)
01:04:15.378818 http.c:595              <= Recv header: Content-Type: text/html; charset=utf-8
01:04:15.378818 http.c:583              <= Recv header, 0000000028 bytes (0x0000001c)
01:04:15.378818 http.c:595              <= Recv header: Server: Microsoft-IIS/10.0
01:04:15.378818 http.c:583              <= Recv header, 0000000055 bytes (0x00000037)
01:04:15.378818 http.c:595              <= Recv header: X-TFS-ProcessId: 2c8b35a6-81df-430b-b2a9-b45f6a1465f0
01:04:15.378818 http.c:583              <= Recv header, 0000000064 bytes (0x00000040)
01:04:15.394379 http.c:595              <= Recv header: Strict-Transport-Security: max-age=31536000; includeSubDomains
01:04:15.394379 http.c:583              <= Recv header, 0000000029 bytes (0x0000001d)
01:04:15.394379 http.c:595              <= Recv header: X-FRAME-OPTIONS: SAMEORIGIN
01:04:15.394379 http.c:583              <= Recv header, 0000000066 bytes (0x00000042)
01:04:15.394379 http.c:595              <= Recv header: X-TFS-FedAuthRealm: https://tfsprodscussu3.app.visualstudio.com/
01:04:15.394379 http.c:583              <= Recv header, 0000000055 bytes (0x00000037)
01:04:15.394379 http.c:595              <= Recv header: X-TFS-FedAuthIssuer: https://my-org-name.visualstudio.com/
01:04:15.394906 http.c:583              <= Recv header, 0000000060 bytes (0x0000003c)
01:04:15.394906 http.c:595              <= Recv header: X-VSS-ResourceTenant: 21f195bc-13e5-4339-82ea-ef8b8ecdd0a9
01:04:15.394906 http.c:583              <= Recv header, 0000000115 bytes (0x00000073)
01:04:15.394906 http.c:595              <= Recv header: WWW-Authenticate: Bearer authorization_uri=https://login.microsoftonline.com/21f195bc-13e5-4339-82ea-ef8b8ecdd0a9
01:04:15.394906 http.c:583              <= Recv header, 0000000664 bytes (0x00000298)
01:04:15.394906 http.c:595              <= Recv header: X-TFS-SoapException: %3c%3fxml+version%3d%221.0%22+encoding%3d%22utf-8%22%3f%3e%3csoap%3aEnvelope+xmlns%3asoap%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f05%2fsoap-envelope%22%3e%3csoap%3aBody%3e%3csoap%3aFault%3e%3csoap%3aCode%3e%3csoap%3aValue%3esoap%3aReceiver%3c%2fsoap%3aValue%3e%3csoap%3aSubcode%3e%3csoap%3aValue%3eUnauthorizedRequestException%3c%2fsoap%3aValue%3e%3c%2fsoap%3aSubcode%3e%3c%2fsoap%3aCode%3e%3csoap%3aReason%3e%3csoap%3aText+xml%3alang%3d%22en%22%3eTF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.%3c%2fsoap%3aText%3e%3c%2fsoap%3aReason%3e%3c%2fsoap%3aFault%3e%3c%2fsoap%3aBody%3e%3c%2fsoap%3aEnvelope%3e
01:04:15.394906 http.c:583              <= Recv header, 0000000110 bytes (0x0000006e)
01:04:15.394906 http.c:595              <= Recv header: X-TFS-ServiceError: TF400813%3a+Resource+not+available+for+anonymous+access.+Client+authentication+required.
01:04:15.394906 http.c:583              <= Recv header, 0000000033 bytes (0x00000021)
01:04:15.394906 http.c:595              <= Recv header: WWW-Authenticate: TFS-Federated
01:04:15.394906 http.c:583              <= Recv header, 0000000508 bytes (0x000001fc)
01:04:15.394906 http.c:595              <= Recv header: X-TFS-FedAuthRedirect: https://app.vssps.visualstudio.com/_signin?realm=my-org-name.visualstudio.com&reply_to=https%3A%2F%2Fmy-org-name.visualstudio.com%2FMyProject%2F_git%2Frepo%2Finfo%2Frefs%3Fservice%3Dgit-upload-pack&redirect=1&context=eyJodCI6MiwiaGlkIjoiYTY5MjZhZDktNDY5NS00MTI4LTg0NzYtMGVmMGNhNDE2YTEyIiwicXMiOnt9LCJyciI6IiIsInZoIjoiIiwiY3YiOiIiLCJjcyI6IiJ90#ctx=eyJTaWduSW5Db29raWVEb21haW5zIjpbImh0dHBzOi8vbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSIsImh0dHBzOi8vbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSJdfQ2
01:04:15.394906 http.c:583              <= Recv header, 0000000078 bytes (0x0000004e)
01:04:15.394906 http.c:595              <= Recv header: WWW-Authenticate: Basic realm="https://tfsprodscussu3.app.visualstudio.com/"
01:04:15.394906 http.c:583              <= Recv header, 0000000079 bytes (0x0000004f)
01:04:15.394906 http.c:595              <= Recv header: X-VSS-S2STargetService: 00000002-0000-8888-8000-000000000000/visualstudio.com
01:04:15.394906 http.c:583              <= Recv header, 0000000023 bytes (0x00000017)
01:04:15.394906 http.c:595              <= Recv header: X-Powered-By: ASP.NET
01:04:15.395399 http.c:583              <= Recv header, 0000000124 bytes (0x0000007c)
01:04:15.395399 http.c:595              <= Recv header: P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
01:04:15.395399 http.c:583              <= Recv header, 0000000033 bytes (0x00000021)
01:04:15.395399 http.c:595              <= Recv header: X-Content-Type-Options: nosniff
01:04:15.395399 http.c:583              <= Recv header, 0000000037 bytes (0x00000025)
01:04:15.395399 http.c:595              <= Recv header: Date: Wed, 19 Apr 2017 04:02:57 GMT
01:04:15.395399 http.c:583              <= Recv header, 0000000022 bytes (0x00000016)
01:04:15.395399 http.c:595              <= Recv header: Content-Length: 9834
01:04:15.395399 http.c:583              <= Recv header, 0000000002 bytes (0x00000002)
01:04:15.395399 http.c:595              <= Recv header:
01:04:15.395399 http.c:609              <= Recv data, 0000009834 bytes (0x0000266a)
01:04:15.395399 http.c:624              <= Recv data: ....<!DOCTYPE html>..<html>..<head>..    <title>TF400813: Re
01:04:15.395399 http.c:624              <= Recv data: source not available for anonymous access. Client authentica
01:04:15.395399 http.c:624              <= Recv data: tion required.</title>..    <style type="text/css">..       
01:04:15.395399 http.c:624              <= Recv data:  body {..            font-family: Segoe UI, Helvetica Neue, 
01:04:15.395399 http.c:624              <= Recv data: Helvetica, Arial, Verdana;..            font-size: small;.. 
01:04:15.395899 http.c:624              <= Recv data:            height: 100%;..            margin: 0;..        }.
01:04:15.395899 http.c:624              <= Recv data: ...        A {..            color: #007ACC;..            tex
01:04:15.395899 http.c:624              <= Recv data: t-decoration: none;..        }....            A:hover {..   
01:04:15.395899 http.c:624              <= Recv data:              text-decoration: underline;..            }.... 
01:04:15.395899 http.c:624              <= Recv data:        h1 {..            font-size: 2em;..            margin
01:04:15.395899 http.c:624              <= Recv data: -bottom: 0px;..            text-transform:uppercase;..      
01:04:15.395899 http.c:624              <= Recv data:       font-weight:normal;..        }....        h2 {..      
01:04:15.395899 http.c:624              <= Recv data:       font-size: 24px;..            color: #888;..          
01:04:15.395899 http.c:624              <= Recv data:   font-weight: normal;..            margin-top: 0px;..      
01:04:15.395899 http.c:624              <= Recv data:   }....        .header {..            background-color: #682
01:04:15.395899 http.c:624              <= Recv data: 17a;..            height: 30px;..        }....            .h
01:04:15.395899 http.c:624              <= Recv data: eader > .logo {..                margin-top: 5px;..         
01:04:15.395899 http.c:624              <= Recv data:        margin-left: 20px;..            }....        .content
01:04:15.395899 http.c:624              <= Recv data:  {..            margin-left: 15%;..            margin-right:
01:04:15.395899 http.c:624              <= Recv data:  5%;..        }....            .content > .section-container
01:04:15.395899 http.c:624              <= Recv data:  {..                list-style-type: none;..                
01:04:15.395899 http.c:624              <= Recv data: margin: 0;..                margin-top: 80px;..            }
01:04:15.395899 http.c:624              <= Recv data: ....                .content > .section-container > li {..  
01:04:15.395899 http.c:624              <= Recv data:                   float: left;..                    margin-l
01:04:15.395899 http.c:624              <= Recv data: eft: 20px;                    ..                }....       
01:04:15.395899 http.c:624              <= Recv data:      .content .error-code {..                font-family: Se
01:04:15.396399 http.c:624              <= Recv data: goe UI, Helvetica Neue, Helvetica, Arial, Verdana;..        
01:04:15.396399 http.c:624              <= Recv data:         font-size: 15em;..                color: #999;..    
01:04:15.396399 http.c:624              <= Recv data:             line-height:1em;..            }....            .
01:04:15.396399 http.c:624              <= Recv data: content .error-details {..                width: 350px;..   
01:04:15.396399 http.c:624              <= Recv data:          }....                .content .error-details > h3 {
01:04:15.396399 http.c:624              <= Recv data: ..                    text-transform: uppercase;..          
01:04:15.396399 http.c:624              <= Recv data:           font-size: 16px;..                }....           
01:04:15.396399 http.c:624              <= Recv data:      .content .error-details .action {..                    
01:04:15.396399 http.c:624              <= Recv data: font-size: 16px;..                }....                .cont
01:04:15.396399 http.c:624              <= Recv data: ent .error-details > .helpful-links > a {..                 
01:04:15.396399 http.c:624              <= Recv data:    margin-right: 10px;..                }....            .co
01:04:15.396399 http.c:624              <= Recv data: ntent .more-info {..                min-width:600px;..      
01:04:15.396399 http.c:624              <= Recv data:       }....                .content .more-info > pre {..    
01:04:15.396399 http.c:624              <= Recv data:                 overflow: auto;..                }....      
01:04:15.396399 http.c:624              <= Recv data:      .content .tips {..                margin-bottom: 30px;.
01:04:15.396399 http.c:624              <= Recv data: .            }....           .content .tips, .content .addit
01:04:15.396399 http.c:624              <= Recv data: ionalDetails {..                margin-right:25%;..         
01:04:15.396399 http.c:624              <= Recv data:        min-width:500px;..                clear: left;..     
01:04:15.396399 http.c:624              <= Recv data:        }....                .content .tips > ul {..         
01:04:15.396399 http.c:624              <= Recv data:            list-style-type: square;..                }....  
01:04:15.396399 http.c:624              <= Recv data:                   .content .tips > ul > li {..              
01:04:15.396399 http.c:624              <= Recv data:           margin-bottom: 10px;..                    }....   
01:04:15.396899 http.c:624              <= Recv data:          .content .additionalDetails > h3 {..               
01:04:15.396899 http.c:624              <= Recv data:  font-size: 1.15em;..                font-weight: normal;.. 
01:04:15.396899 http.c:624              <= Recv data:            }....             .content .additionalDetails .ti
01:04:15.396899 http.c:624              <= Recv data: tle {..                font-weight: bold;..                c
01:04:15.396899 http.c:624              <= Recv data: olor: #444;..            }....             .content .additio
01:04:15.396899 http.c:624              <= Recv data: nalDetails .info {..               color: #777;..           
01:04:15.396899 http.c:624              <= Recv data:  }....             .content .additionalDetails > div {..    
01:04:15.396899 http.c:624              <= Recv data:            margin-top: 5px;..               margin-left: 20p
01:04:15.396899 http.c:624              <= Recv data: x;..            }..    </style>..</head>..<body>    ..    <d
01:04:15.396899 http.c:624              <= Recv data: iv class="header">..        <img class="logo" src="data:imag
01:04:15.396899 http.c:624              <= Recv data: e/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJ4AAAAUCAYAAAB8roTFAAA
01:04:15.396899 http.c:624              <= Recv data: AAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcd
01:04:15.396899 http.c:624              <= Recv data: vqGQAAAOFSURBVGhD7Zo7aBVBFIbvVRCsBBNsBEEw6QURQ4yFFjZi0E5Fe8F
01:04:15.396899 http.c:624              <= Recv data: EEbERLMRKbBLFQhDEIqKNJGChlSRKLAJWEnyApRCilSAIcv3+eWzm7n3s7o1
01:04:15.396899 http.c:624              <= Recv data: JipwPfubM3Ln7yPw5Z3aTeqPRqBnGerMltIaxrvRivH3oEtrheobRA1WNJ9O
01:04:15.396899 http.c:624              <= Recv data: 9QffQd/QEHUSGUYkqe7xout2ut8JLdMKHhlGONOPtRbdR3liik+kMoydS402
01:04:15.396899 http.c:624              <= Recv data: jG+gDOqqBQN50v9AfH3aHbPoZqSw3wdgyzTjtvOb40f9DOGbLOUU4l1I8YUP
01:04:15.396899 http.c:624              <= Recv data: 3u1pGOI7uRYwjHXvE9Yyu5Pd439BO9BrJhHnTfUIH0G/XK+YVOu7DDC3QTzR
01:04:15.396899 http.c:624              <= Recv data: Zr9eH0KAbXWMwyDyNrqcelBHMs1rDTCIdd871jK7kjafFOedDV3Y/omi6F0i
01:04:15.396899 http.c:624              <= Recv data: mk/lKganG0EDoOljkMzSLvreu9HEtz0OsaxsNobEBtHuqfYau+7C2LbQP0Wm
01:04:15.396899 http.c:624              <= Recv data: kMlsJjPYFpaVvgEW/q4DxaSnEmhPLoCu/tE1lM+0rVpOoCJl91ocrcJxlrqe
01:04:15.397399 http.c:624              <= Recv data: PcJZY503Lp2jqE+t643Vec4OejvOCrAQntDOeHjKu+jDjfFAvqLwpU4pYZlv
01:04:15.397399 http.c:624              <= Recv data: KEYuvd4OuDEJh+WXOkBqJRZ4JC90R5ivDXUZMXdlXMt5P/wfhkaLzMk+mH0a
01:04:15.397399 http.c:624              <= Recv data: xXO9CLbSZp/O2mH4zkzfeHiRTqLy+RWPoL9qO9M7uAYpZsBQspsrtIcUsyDE
01:04:15.397399 http.c:624              <= Recv data: aGbEFPlNmTDNNEcogLptw/JNupJi4D1useK6IfoGe+tDdW6wMeZrmwaTuj1a
01:04:15.397399 http.c:624              <= Recv data: /eAbkjXcYyXQTSCa5jy4gmU9cRDJmJfPxQ39Pox/6MIuV7bNSGB9EpwiZXvi
01:04:15.397399 http.c:624              <= Recv data: kK9Mpg7iMwvwZDZaF8yj7KfNWNgLflYF6RW8MDEiNJ7N9RXq4uILiK5MplJp
01:04:15.397399 http.c:624              <= Recv data: Pf6lQBqzCAua4Sdu2zCboM9Y2eyBZQrFM6wOXOQXHU3mMqKx1hfnaE2aEc0Q
01:04:15.397399 http.c:624              <= Recv data: j6Lr2+7A2x2fa87k9Gd9L93FL9LUlcBDfCWGeBaSHqIgMrrcF3e59U5Ea7xH
01:04:15.397399 http.c:624              <= Recv data: SYshoefLmqwQLqXKrxWxbZgPZRhyUafW9USSzxXFlTqEFlFnid8pkIZkhOwf
01:04:15.397399 http.c:624              <= Recv data: SvisaQQ8eExw/PtQogyqjal62j9P1hDAeQ78YLeh+ad6hOG+CsX5aI1D136L
01:04:15.397399 http.c:624              <= Recv data: OIu31trqeX/xbSNnSMEpT1XhC5tMT7mOkd3ul/ophGCm9GM8wVk2793iGsea
01:04:15.397399 http.c:624              <= Recv data: Y8YwNoFb7BxQCacALsMrsAAAAAElFTkSuQmCCbCEo2GQbweLArI0gWOQEQfF
01:04:15.397399 http.c:624              <= Recv data: A4hv8Bp/PSTbZzcY7mA8+dmeSefPy8jLfy+x28jx3LCzaxjEbAoujknhrxBv
01:04:15.397399 http.c:624              <= Recv data: EUzZ8Fm0lnkq6l8T7xE/Ex8QNG0aLuliZI+nOoH2SuEk8TbxkQ2kx74q3Srz
01:04:15.397399 http.c:624              <= Recv data: LEqss6eogJuYGBi1do5w/bmleH/PVgYcxXoN+9IkZ7CbEbkN2F/NVvdWCb/P
01:04:15.397399 http.c:624              <= Recv data: f+Ey8wPrXiB/zP/hK/MHaz9i5ZfRwvlfx/KYYE/stz6no43qr+Bcs2QeftcP
01:04:15.397399 http.c:624              <= Recv data: /EIt/KGu8D5DOF8Q7hpVuj7hO/G7FojF4S7Y9JY7RVp+Dw/hy8YZ4Fd+V7L5
01:04:15.397399 http.c:624              <= Recv data: jSfcUSbfX0NxqyU+xXGdMegMhjb6QjITJhksczSmhAZOgHPa5hPhcGNDW8hk
01:04:15.397399 http.c:624              <= Recv data: VlAwjgz1uUx5LcSzCdynPIRuTMZ9m+aExZOWGWzH+ffSP2ByRiFti8FXG08e
01:04:15.397399 http.c:624              <= Recv data: cCesLi6T2Cb7fzv9GJJbKLwtKrUvMmMT00HbFGCWRCfuuZUOPV+yCOeyYpIy
01:04:15.397399 http.c:624              <= Recv data: jzyQoMEiSJ+TJYW1fxCOED9q/lJUScYHUahv6WlODH9xel7V1jMr8MMU9xnF
01:04:15.397899 http.c:624              <= Recv data: dcpTFvy9i6Yt7E4sYOiz+gSH2EfMj03E1Jd6qqOkUvhE3G0w8PzdDH4tYXyp
01:04:15.397899 http.c:624              <= Recv data: uhLY3Eg9EWlArmWq8EOMdYS+smHieCLhnmIffGA++ZuJayxIvMfidISHK/Ci
01:04:15.397899 http.c:624              <= Recv data: r9/RcZfGXceY+euyhkQ9JbJjThMBU450lvoK8vibeJP7E1onas3tIPNGQ1O4
01:04:15.397899 http.c:624              <= Recv data: TO4JTLPEu2lszxi8D0q47pw+ukMwuSpVzLfhsgqrvtpnMF8XfKZDsHjgsiFG
01:04:15.397899 http.c:624              <= Recv data: RD+tijqGpxjuPpLtHvEh8QLyG5FO4jsRcNPkmrJ6QF6C4i3ZvSck1hu2A1Uw
01:04:15.397899 http.c:624              <= Recv data: 99O+DPqvbql5TgJrNN9R4Y9zY3owk1diFva6I1bhmHRuJLZ5pSfyLsIuxAbs
01:04:15.397899 http.c:624              <= Recv data: 3ZfHk/eGslwuVbO/xcnGLeID+HZF8G1gBF31CB7hwXnjq/nCOPbC6iTdgxXm
01:04:15.397899 http.c:624              <= Recv data: Mtr6p3LdpRZvb8D+FvQk7NmDFuG8YF2Kc7J+w4lzd1Ms1V/oJkjpne25bJfE
01:04:15.397899 http.c:624              <= Recv data: vgnwznhVPPddAzJ/oAZ0a/065Ark9Lvqf218uLBbdTimDXPkcvD7HNowWdbF
01:04:15.397899 http.c:624              <= Recv data: S8/wdfKrfaB9hb+/AhtGiLjr2j6AWh11qLSxs4lkcbfwSYACmjPBplVyzMwA
01:04:15.397899 http.c:624              <= Recv data: AAABJRU5ErkJggg==" />..    </div>....    <div class="content
01:04:15.397899 http.c:624              <= Recv data: ">..        <ul class="section-container">..            <li 
01:04:15.397899 http.c:624              <= Recv data: class="error-code">401</li>..            <li class="error-de
01:04:15.397899 http.c:624              <= Recv data: tails">..                <h1>Not Authorized</h1>..          
01:04:15.397899 http.c:624              <= Recv data:       <p>The request requires authentication</p>..          
01:04:15.397899 http.c:624              <= Recv data:       ..                <p><a class="action" href="https://m
01:04:15.397899 http.c:624              <= Recv data: y-org-name.visualstudio.com/">Sign in..                    <img b
01:04:15.397899 http.c:624              <= Recv data: order="0" style="margin-left:5px;" align="absMiddle" src="da
01:04:15.397899 http.c:624              <= Recv data: ta:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAaCAYAAACp
01:04:15.397899 http.c:624              <= Recv data: SkzOAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOwgAADsIBFShKgAAAABp0
01:04:15.397899 http.c:624              <= Recv data: RVh0U29mdHdhcmUAUGFpbnQuTkVUIHYzLjUuMTAw9HKhAAABwUlEQVRIS62V
01:04:15.398399 http.c:624              <= Recv data: C5UCMQxFKwEJSEACElYCEpCwDpCAhJWABCQgAQmz73aSmX7ns2zOuYdMmjZN
01:04:15.398399 http.c:624              <= Recv data: WtIwDMMmJAdxTji0/Ho0jY4teBcvgaHkLRg/t+antI0hnMRD+ILo3+JLeEZ8
01:04:15.398399 http.c:624              <= Recv data: /4jUpxuwNoRwsYnAYsfSJ0VCSfEjuzin6Zd9hHA156c4pWNrSI7Cq3Cvxidl
01:04:15.398399 http.c:624              <= Recv data: zoQguw46RcKZoWSZ+SC7IfWPgji2Dsp0Zj7gKe8qVw+Jb/yR2KIRrapriYRD
01:04:15.398399 http.c:624              <= Recv data: Z1PAjetmL8EXJWaF3MyweLtAwg3zskC31NjNJyaA4PwsHXtI9gQj67fp0flW
01:04:15.398399 http.c:624              <= Recv data: Oi0h2RRM4uXDPyrVn0ziF2QrVTAJHQSF36j8RyC4FmtsCsQl8RvWIi0d1N1g
01:04:15.398399 http.c:624              <= Recv data: 7I0oU6BPz6j515BkZxR313JsYZNWg4CEtV+mT410tStI9gTJGkFlWEJCzSkH
01:04:15.398399 http.c:624              <= Recv data: ZAdfYj4oY2cwo3fc1ZdyCxIeTpS519kAJaEJ8mR3+9cWbC0v73QcqYNfRZz+
01:04:15.398399 http.c:624              <= Recv data: FIx5Np+PSzaWfcyPH5ntKqOEcjWDxPHKMGbm7z9nt3gbJVwmP2PmVUGiX9M4
01:04:15.398399 http.c:624              <= Recv data: lsAnAzulU/iNA749A+A/031qmkaHiYL/GYv4gim+gZW3bAi/AltiSBUUr7IA
01:04:15.398399 http.c:624              <= Recv data: AAAASUVORK5CYII=" />..                    </a>..            
01:04:15.398399 http.c:624              <= Recv data:     </p>..                ..                <p class="helpfu
01:04:15.398399 http.c:624              <= Recv data: l-links">..                    <a href="https://go.microsoft
01:04:15.398399 http.c:624              <= Recv data: .com/fwlink/?LinkID=242573" target="_blank">Service Status a
01:04:15.398399 http.c:624              <= Recv data: nd Support</a>..                    <a href="http://www.twit
01:04:15.398399 http.c:624              <= Recv data: ter.com/VSTeam" target="_blank">@VSTeam</a>..               
01:04:15.398399 http.c:624              <= Recv data:  </p>..            </li>....            ..            <li cl
01:04:15.398399 http.c:624              <= Recv data: ass="more-info">..                <h3>More information about
01:04:15.398399 http.c:624              <= Recv data:  this error</h3>..                <p>TF400813: Resource not 
01:04:15.398399 http.c:624              <= Recv data: available for anonymous access. Client authentication requir
01:04:15.398399 http.c:624              <= Recv data: ed.</p>..               ..                ..            <li 
01:04:15.398899 http.c:624              <= Recv data: class="additionalDetails" >..                <h3>Additional 
01:04:15.398899 http.c:624              <= Recv data: technical details:</h3>..                <div>..            
01:04:15.398899 http.c:624              <= Recv data:         <span class="title">Activity ID:</span> ..          
01:04:15.398899 http.c:624              <= Recv data:           <span class="info">5c7f4365-4e10-429d-ba6f-6a8f30a
01:04:15.398899 http.c:624              <= Recv data: a3187</span>..                </div>..                <div>.
01:04:15.398899 http.c:624              <= Recv data: .                    <span class="title">Date and Time:</spa
01:04:15.398899 http.c:624              <= Recv data: n> ..                    <span class="info">4/19/2017 4:02:5
01:04:15.398899 http.c:624              <= Recv data: 8 AM (UTC)</span>..                </div>..            </li>
01:04:15.398899 http.c:624              <= Recv data:         ..         ..        </ul>..    </div>..    <script 
01:04:15.398899 http.c:624              <= Recv data: src="https://cdn.vsassets.io/3rdParty/_scripts/jquery-2.1.1.
01:04:15.398899 http.c:624              <= Recv data: min.js"></script>..    <script type="text/javascript">..    
01:04:15.398899 http.c:624              <= Recv data:     var ciEventUrl = "";..        $(document).ready(function
01:04:15.398899 http.c:624              <= Recv data:  () {..            logAuthErrorCIEvent();..        });....  
01:04:15.398899 http.c:624              <= Recv data:       function getError() {..            return "eyJVcmkiOiJ
01:04:15.398899 http.c:624              <= Recv data: odHRwczovL2FkaWVudC52aXN1YWxzdHVkaW8uY29tOjQ0My9BZGllbnRTeXN
01:04:15.398899 http.c:624              <= Recv data: DbnRyL19naXQvdGVtcG9yYXJ5LWNpdHNtL2luZm8vcmVmcz9zZXJ2aWNlPWd
01:04:15.398899 http.c:624              <= Recv data: pdC11cGxvYWQtcGFjayIsIlN0YXR1c0NvZGUiOjQwMSwiTWVzc2FnZSI6IlR
01:04:15.398899 http.c:624              <= Recv data: GNDAwODEzOiBSZXNvdXJjZSBub3QgYXZhaWxhYmxlIGZvciBhbm9ueW1vdXM
01:04:15.398899 http.c:624              <= Recv data: gYWNjZXNzLiBDbGllbnQgYXV0aGVudGljYXRpb24gcmVxdWlyZWQuIiwiRGV
01:04:15.398899 http.c:624              <= Recv data: 0YWlscyI6IiIsIkNvbnRlbnQiOm51bGwsIklkZW50aXR5IjoiIn0=";..   
01:04:15.399400 http.c:624              <= Recv data:      }....        try {..            if (typeof window.exter
01:04:15.399400 http.c:624              <= Recv data: nal !== "undefined" && typeof window.external.notifyError !=
01:04:15.399400 http.c:624              <= Recv data: = "undefined") {..                window.external.notifyErro
01:04:15.399400 http.c:624              <= Recv data: r(getError());..            }..            else if (typeof w
01:04:15.399400 http.c:624              <= Recv data: indow.notifyError !== "undefined") {..                window
01:04:15.399400 http.c:624              <= Recv data: .notifyError(getError());..            }..        }..       
01:04:15.399400 http.c:624              <= Recv data:  catch (x) {..            document.write("<p>" + x + "</p>")
01:04:15.399400 http.c:624              <= Recv data: ;..        }....        function logAuthErrorCIEvent() {..  
01:04:15.399400 http.c:624              <= Recv data:           if (typeof ciEventUrl != 'undefined') {..         
01:04:15.399400 http.c:624              <= Recv data:        $.ajax({..                    url: ciEventUrl,..     
01:04:15.399400 http.c:624              <= Recv data:                timeout: 1000..                });..         
01:04:15.399400 http.c:624              <= Recv data:    }..        }..    </script>..</body>..</html>......
01:04:15.399400 http.c:636              == Info: Connection #0 to host my-org-name.visualstudio.com left intact
01:04:15.399900 run-command.c:369       trace: run_command: 'git credential-manager get'
01:04:15.447786 git.c:596               trace: exec: 'git-credential-manager' 'get'
01:04:15.447786 run-command.c:369       trace: run_command: 'git-credential-manager' 'get'
01:04:15.501177 ...\Program.cs:679      trace: [Main] git-credential-manager (v1.9.1) 'get'
01:04:15.679579 ...\Where.cs:231        trace: [FindGitInstallations] found 1 Git installation(s).
01:04:15.698714 ...Configuration.cs:401 trace: [LoadGitConfiguration] git All config read, 22 entries.
01:04:15.699726 ...\Where.cs:231        trace: [FindGitInstallations] found 1 Git installation(s).
01:04:15.699726 ...Configuration.cs:401 trace: [LoadGitConfiguration] git All config read, 22 entries.
01:04:15.732972 ...\Program.cs:392      trace: [CreateAuthentication] detecting authority type for 'https://my-org-name.visualstudio.com/'.
01:04:15.732972 ...uthentication.cs:129 trace: [DetectAuthority] 'https://my-org-name.visualstudio.com/' is subdomain of 'visualstudio.com', checking AAD vs MSA.
01:04:15.764217 ...uthentication.cs:235 trace: [GetAuthentication] AAD authority for tenant '21f195bc-13e5-4339-82ea-ef8b8ecdd0a9' detected.
01:04:15.817613 ...\Program.cs:429      trace: [CreateAuthentication] authority for 'https://my-org-name.visualstudio.com/' is Azure Directory.
01:04:15.817613 ...uthentication.cs:129 trace: [DetectAuthority] 'https://my-org-name.visualstudio.com/' is subdomain of 'visualstudio.com', checking AAD vs MSA.
01:04:16.303136 ...zureAuthority.cs:174 trace: [NoninteractiveAcquireToken] token acquisition for authority host URL = 'https://login.microsoftonline.com/21f195bc-13e5-4339-82ea-ef8b8ecdd0a9' failed.
01:04:16.303136 ...uthentication.cs:156 trace: [NoninteractiveLogon] non-interactive logon for 'https://my-org-name.visualstudio.com/' failed
01:04:53.040701 ...zureAuthority.cs:122 trace: [InteractiveAcquireToken] authority host URL = 'https://login.microsoftonline.com/21f195bc-13e5-4339-82ea-ef8b8ecdd0a9', token acquisition failed.
01:04:53.040701 ...uthentication.cs:116 trace: [InteractiveLogon] interactive logon for 'https://my-org-name.visualstudio.com/' failed
01:04:53.040701 ...\Program.cs:1054     trace: [QueryCredentials] credentials for 'https://my-org-name.visualstudio.com/' not found.
01:04:53.040701 ...\Program.cs:201      trace: [LogEvent] Failed to retrieve Azure Directory credentials for 'https://my-org-name.visualstudio.com/'.
01:04:53.087631 run-command.c:369       trace: run_command: 'bash' '-c' 'cat >/dev/tty && read -r line </dev/tty && echo "$line"'
01:04:55.109404 run-command.c:369       trace: run_command: 'C:/Program Files/Git/mingw64/libexec/git-core/git-gui--askpass' 'Password for '\''https://my-org-name.visualstudio.com/'\'': '
01:04:55.171917 git.c:371               trace: built-in: git 'rev-parse' '--git-dir' '--is-inside-git-dir' '--is-bare-repository' '--is-inside-work-tree' '--short' 'HEAD'

Note, I snipped out some of the SSH handshakes from GIT_TRACE_CURL and replace my organization, project, and repo names with some generic ones.

azure-devops bug

All 6 comments

@corsairmarks thank you for the report and the rather detailed and useful GIT_TRACE+GIT_TRACE_CURL+GCM_TRACE log; and an even bigger thank you for not posting your secrets on a public issue tracker. That's awesome! 馃槂

Unfortunately, the error is happening in a portion of the code where the trace cannot.. er, well... trace. 馃槥

The failure is happening here: 01:04:53.040701 ...uthentication.cs:116 trace: [InteractiveLogon] interactive logon for 'https://my-org-name.visualstudio.com/' failed, and that can only be traced via a tool like Fiddler.

One thing to look at is proxies: do you have any proxies in your network? Historically, they've been rather difficult to work with. Additionally, I'll see if I can find Azure Authentication people who can help take a look at get things unblocked for you.

The PC I was using for this is a personal one, hardwired to my Linksys AC1900 router at home. I shouldn't have any proxies but I'll verify. I'll also set up Fiddler as a proxy and see if I can get any additional interesting info.

For what it's worth, my personal laptop (on WiFi via the same router) does work. However, I have older versions:
git --version 2.8.3.windows.1
Git Credential Manager for Windows version 1.3.0
Windows 10 Pro
1607
Build 14393.1066

I'm on my desktop PC now, the one experiencing the issue. Using Fiddler, I captured the network traffic of a log session alongside the git logs.

I don't want to attach the .saz file because I have Fiddler set to decrypt https traffic (so I could see the actual traffic content between my PC and the cloud). If it would be useful, I can try and sanitize it. The request log is below. It looks like I get a 302 redirect after my login submission, which sends me to the same page. (I tried twice - the last 4 lines are two sets of a 302 followed by a 200)

    #   Result  Protocol    Host    URL Body    Caching Content-Type    Process
C聽S聽M   1   200 HTTP    Tunnel to   login.microsoftonline.com:443   0           git-credential-manager:15336
C聽S聽M   2   200 HTTPS   login.microsoftonline.com   /{guid}/oauth2/authorize?resource={guid}&client_id={guid}&response_type=code&haschrome=1&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&client-request-id={guid}&prompt=login&x-client-SKU=PCL.Desktop&x-client-Ver=3.13.8.999&x-client-CPU=x64&x-client-OS=Microsoft+Windows+NT+6.2.9200.0   14,092  no-cache, no-store; Expires: -1 text/html; charset=utf-8    git-credential-manager:15336
C聽S聽M   3   200 HTTP    Tunnel to   secure.aadcdn.microsoftonline-p.com:443 0           git-credential-manager:15336
C聽S聽M   4   200 HTTP    Tunnel to   secure.aadcdn.microsoftonline-p.com:443 0           git-credential-manager:15336
C聽S聽M   5   200 HTTP    Tunnel to   secure.aadcdn.microsoftonline-p.com:443 0           git-credential-manager:15336
C聽S聽M   6   304 HTTPS   secure.aadcdn.microsoftonline-p.com /ests/2.1.5781.14/content/cdnbundles/jquery.1.11.min.js 0       application/x-javascript    git-credential-manager:15336
C聽S聽M   7   304 HTTPS   secure.aadcdn.microsoftonline-p.com /ests/2.1.5781.14/content/cdnbundles/login.min.css  0       text/css    git-credential-manager:15336
C聽S聽M   8   304 HTTPS   secure.aadcdn.microsoftonline-p.com /ests/2.1.5781.14/content/cdnbundles/aad.login.min.js   0       application/x-javascript    git-credential-manager:15336
C聽S聽M   9   304 HTTPS   secure.aadcdn.microsoftonline-p.com /ests/2.1.5781.14/content/cdnbundles/login_hover.min.css    0       text/css    git-credential-manager:15336
C聽S聽M   10  200 HTTPS   login.microsoftonline.com   /common/userrealm?user=my-user%40my-company.com&api-version=2.1&stsRequest={big-nasty-hash}&checkForMicrosoftAccount=true   1,764   private application/json; charset=utf-8 git-credential-manager:15336
C聽S聽M   11  200 HTTP    Tunnel to   sts.ga.my-company.com:443   0           git-credential-manager:15336
C聽S聽M   12  200 HTTPS   sts.ga.my-company.com   /adfs/ls/?wfresh=0&wauth=http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fauthenticationmethod%2fpassword&client-request-id={guid}&username=my-user%40my-company.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3d{big-nasty-hash}&popupui=1  16,636  no-cache,no-store; Expires: -1  text/html; charset=utf-8    git-credential-manager:15336
C聽S聽M   13  302 HTTPS   sts.ga.my-company.com   /adfs/ls/?wfresh=0&wauth=http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fauthenticationmethod%2fpassword&client-request-id={guid}&username=my-user%40my-company.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3d{big-nasty-hash}&popupui=1  0       text/html; charset=utf-8,text/html; charset=utf-8   git-credential-manager:15336
C聽S聽M   14  200 HTTPS   sts.ga.my-company.com   /adfs/ls/?wfresh=0&wauth=http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fauthenticationmethod%2fpassword&client-request-id={guid}&username=my-user%40my-company.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3d{big-nasty-hash}&popupui=1&ssoCookie={sso-guid} 16,730  no-cache,no-store; Expires: -1  text/html; charset=utf-8    git-credential-manager:15336
C聽S聽M   15  302 HTTPS   sts.ga.my-company.com   /adfs/ls/?wfresh=0&wauth=http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fauthenticationmethod%2fpassword&client-request-id={guid}&username=my-user%40my-company.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3d{big-nasty-hash}&popupui=1&ssoCookie={sso-guid} 0       text/html; charset=utf-8,text/html; charset=utf-8   git-credential-manager:15336
C聽S聽M   16  200 HTTPS   sts.ga.my-company.com   /adfs/ls/?wfresh=0&wauth=http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fauthenticationmethod%2fpassword&client-request-id={guid}&username=my-user%40my-company.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3d{big-nasty-hash}&popupui=1&ssoCookie={sso-guid} 16,730  no-cache,no-store; Expires: -1  text/html; charset=utf-8    git-credential-manager:15336

(again, tried to redact guid and session hashes and whatnot)

@corsairmarks is there any chance that you're company requires multi-factor authentication, and there is some disconnect about the tokens you get via your corporate STS and what is required for VSTS access?

I'm mostly groping the dark here. I have asked experts from VSTS, who understand the back-end workings better than I do, to jump in here an assist.

Hi Nick,

I am the manager for the Visual Studio Team Services Identity team. We don't think the issue is with VSTS itself but we can help analyze the problem and hopefully figure out where the issue needs to be routed. Can you please email the .saz file with all of the original information to vscsidri -AT- microsoft -DOT- com? This will go to my team and someone will look at the file promptly to figure out what we can see. Obviously we will hold all your personal information in the strictest confidence.

Thanks,
Chris

My company is not using multifactor authentication (although I'd be the first to recommend to add it, 2FA for everything!).

I've sent along the .saz file to @ccrookms. Thanks for the elevated support!

One additional tidbit I've discovered: this seems to affect ADAL prompts from other program, such as Outlook. I was recently forced to reset my password (unrelated to this issue) and ran into it when I was updating my Outlook settings. What that means here is that it's now fairly unlikely this is a bug in Git Credential Manager.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

wayneuroda picture wayneuroda  路  3Comments

xt0rted picture xt0rted  路  5Comments

MythreyaK picture MythreyaK  路  5Comments

panuganti picture panuganti  路  4Comments

eromoe picture eromoe  路  5Comments