Git-credential-manager-for-windows: Git for Windows Authentication failed

Created on 1 Feb 2018  路  12Comments  路  Source: microsoft/Git-Credential-Manager-for-Windows

Done an upgrade from Git for Windows 2.14 to 2.15. Somehow after the upgrade, I no longer able to login to my Git repo on visualstudio.com. I know I'm using the correct credentails to login because I can still login via browser / git from another PC. I've tried downgrade, install a different version of GCM, turn off GCM. Nothing works. Below is the trace log, hope someone could suggest what I could do next.

15:47:34.763052 git.c:328 trace: built-in: git 'pull'
15:47:34.768059 run-command.c:626 trace: run_command: 'fetch' '--update-head-ok'
15:47:34.789056 git.c:328 trace: built-in: git 'fetch' '--update-head-ok'
15:47:34.800055 run-command.c:626 trace: run_command: 'remote-https' 'origin' 'https://myrepo.visualstudio.com/repo'
15:47:34.822060 git.c:560 trace: exec: 'git-remote-https' 'origin' 'https://myrepo.visualstudio.com/repo'
15:47:34.823061 run-command.c:626 trace: run_command: 'git-remote-https' 'origin' 'https://myrepo.visualstudio.com/repo'
15:47:38.170096 run-command.c:626 trace: run_command: 'git credential-manager get'
15:47:38.234111 git.c:560 trace: exec: 'git-credential-manager' 'get'
15:47:38.235099 run-command.c:626 trace: run_command: 'git-credential-manager' 'get'
15:47:44.401753 run-command.c:626 trace: run_command: 'git credential-manager erase'
15:47:44.463758 git.c:560 trace: exec: 'git-credential-manager' 'erase'
15:47:44.464756 run-command.c:626 trace: run_command: 'git-credential-manager' 'erase'
15:47:44.840772 git.c:328 trace: built-in: git 'rev-parse' '--git-dir' '--is-inside-git-dir' '--is-bare-repository' '--is-inside-work-tree' '--short' 'HEAD'

azure-devops question user-experience

Most helpful comment

@gitp31415926 can try something (apologies for the slow reply, I've been buried). Try deleting the file %LocalAppData%\GitCredentialManager\tenant.cache, and then re-attempting you authentication with your AAD backed host.

All 12 comments

Seems you know how to enable GIT_TRACE so that's awesome. Please enable GCM_TRACE as well and we'll find a way to get you unblocked asap.

See the GCM Logs below. Thanks

18:53:12.566941 ...Common.cs:524 trace: [Main] git-credential-manager (v1.12.0) 'get'
18:53:12.699950 ...Where.cs:239 trace: [FindGitInstallations] found 1 Git installation(s).
18:53:12.708950 ...Configuration.cs:405 trace: [LoadGitConfiguration] git All config read, 38 entries.
18:53:12.714950 ...Where.cs:239 trace: [FindGitInstallations] found 1 Git installation(s).
18:53:12.715953 ...Configuration.cs:405 trace: [LoadGitConfiguration] git All config read, 38 entries.
18:53:12.721951 ...Common.cs:461 trace: [LoadOperationArguments] http.proxy = 'http://proxy:8080'.
18:53:12.722952 ...tionArguments.cs:522 trace: [SetProxy] successfully set proxy to 'http://proxy:8080/'.
18:53:12.750954 ...Common.cs:74 trace: [CreateAuthentication] detecting authority type for 'https://myrepo.visualstudio.com/'.
18:53:12.760956 ...uthentication.cs:137 trace: [DetectAuthority] 'https://myrepo.visualstudio.com/' is subdomain of 'visualstudio.com', checking AAD vs MSA.
18:53:12.834961 ...uthentication.cs:139 trace: [GetAuthentication] not github.com, authentication creation aborted.
18:53:12.834961 ...Common.cs:169 trace: [CreateAuthentication] authority for 'https://myrepo.visualstudio.com/' is basic with NTLM=Auto.
18:53:13.008980 ...uthentication.cs:132 trace: [AcquireCredentials] prompting user for credentials for 'https://myrepo.visualstudio.com/'.
18:53:22.437114 ...Dialog.cs:99 trace: [DisplayModal] successfully acquired credentials from user.
18:53:22.441113 ...seSecureStore.cs:210 trace: [WriteCredential] credentials for 'git:https://myrepo.visualstudio.com' written to store.
18:53:22.442114 ...Common.cs:556 trace: [QueryCredentials] credentials found.
18:53:22.975431 ...Common.cs:524 trace: [Main] git-credential-manager (v1.12.0) 'erase'
18:53:23.097439 ...Where.cs:239 trace: [FindGitInstallations] found 1 Git installation(s).
18:53:23.106440 ...Configuration.cs:405 trace: [LoadGitConfiguration] git All config read, 38 entries.
18:53:23.109439 ...Where.cs:239 trace: [FindGitInstallations] found 1 Git installation(s).
18:53:23.110446 ...Configuration.cs:405 trace: [LoadGitConfiguration] git All config read, 38 entries.
18:53:23.118439 ...Common.cs:461 trace: [LoadOperationArguments] http.proxy = 'http://proxy:8080'.
18:53:23.119441 ...tionArguments.cs:522 trace: [SetProxy] successfully set proxy to 'http://proxy:8080/'.
18:53:23.143451 ...Common.cs:74 trace: [CreateAuthentication] detecting authority type for 'https://myrepo.visualstudio.com/'.
18:53:23.155446 ...uthentication.cs:137 trace: [DetectAuthority] 'https://myrepo.visualstudio.com/' is subdomain of 'visualstudio.com', checking AAD vs MSA.
18:53:23.219455 ...uthentication.cs:139 trace: [GetAuthentication] not github.com, authentication creation aborted.
18:53:23.220452 ...Common.cs:169 trace: [CreateAuthentication] authority for 'https://myrepo.visualstudio.com/' is basic with NTLM=Auto.
18:53:23.220452 ...Common.cs:189 trace: [DeleteCredentials] deleting basic credentials for 'https://myrepo.visualstudio.com/'.
18:53:23.259450 ...aseSecureStore.cs:59 trace: [Delete] credentials for 'git:https://myrepo.visualstudio.com' deleted from store.

Um... this is very wrong:

18:53:12.834961 ...Common.cs:169 trace: [CreateAuthentication] authority for 'https://myrepo.visualstudio.com/' is basic with NTLM=Auto.

Can you run git config --list --show-origin | findstr /I credential and share the output? Seems like you might have a config attempting to force GCM into basic authentication for visualstudio.com.

Thanks a lot. That's what I figured as well. Just don't know where to look for such setting.

$ git config --list --show-origin | findstr /I credential
FINDSTR: Cannot open credential

The full git config output as per below:
file:"C:\ProgramData/Git/config" core.symlinks=false
file:"C:\ProgramData/Git/config" core.autocrlf=true
file:"C:\ProgramData/Git/config" core.fscache=true
file:"C:\ProgramData/Git/config" color.diff=auto
file:"C:\ProgramData/Git/config" color.status=auto
file:"C:\ProgramData/Git/config" color.branch=auto
file:"C:\ProgramData/Git/config" color.interactive=true
file:"C:\ProgramData/Git/config" help.format=html
file:"C:\ProgramData/Git/config" rebase.autosquash=true
file:"C:\Program Files\Git\mingw64/etc/gitconfig" http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
file:"C:\Program Files\Git\mingw64/etc/gitconfig" http.sslbackend=openssl
file:"C:\Program Files\Git\mingw64/etc/gitconfig" diff.astextplain.textconv=astextplain
file:"C:\Program Files\Git\mingw64/etc/gitconfig" filter.lfs.clean=git-lfs clean -- %f
file:"C:\Program Files\Git\mingw64/etc/gitconfig" filter.lfs.smudge=git-lfs smudge -- %f
file:"C:\Program Files\Git\mingw64/etc/gitconfig" filter.lfs.required=true
file:"C:\Program Files\Git\mingw64/etc/gitconfig" filter.lfs.process=git-lfs filter-process
file:"C:\Program Files\Git\mingw64/etc/gitconfig" credential.helper=manager
file:C:/Users/dli/.gitconfig http.proxy=http://proxy:8080
file:C:/Users/dli/.gitconfig https.proxy=http://proxy:8080
file:.git/config core.repositoryformatversion=0
file:.git/config core.filemode=false
file:.git/config core.bare=false
file:.git/config core.logallrefupdates=true
file:.git/config core.symlinks=false
file:.git/config core.ignorecase=true
file:.git/config remote.origin.url=https://myrepo.visualstudio.com/
file:.git/config remote.origin.fetch=+refs/heads/:refs/remotes/origin/
file:.git/config branch.master.remote=origin
file:.git/config branch.master.merge=refs/heads/master
file:.git/config gitflow.branch.master=master
file:.git/config gitflow.branch.develop=develop
file:.git/config gitflow.prefix.feature=feature/
file:.git/config gitflow.prefix.bugfix=bugfix/
file:.git/config gitflow.prefix.release=release/
file:.git/config gitflow.prefix.hotfix=hotfix/
file:.git/config gitflow.prefix.support=support/
file:.git/config gitflow.prefix.versiontag=
file:.git/config gitflow.path.hooks=D:/Source/myrepo/.git/hooks

Ah - oh, guh... Looks like another proxy issue.

file:C:/Users/dli/.gitconfig http.proxy=http://proxy:8080
file:C:/Users/dli/.gitconfig https.proxy=http://proxy:8080

The :8080 give me hopes that your proxy might be TFS. If it is, try your failing command using git -c http.sslBackend=schannel {command}. It'll either fail horribly (your Git is too old) or succeed. If it does succeed, you can make the http.sslBackend=schannel a permanent thing via git config --global http.sslBackend schannel.

We have fixes in the soon-ish to be released GCM v1.15 for handling proxies, hopefully that'll help you.

Still no luck using http.sslBackend=schannel

However I notice I can connect to my other repos on visualstudio.com using Live Account authentication. Looks like the issue is to do with AAD?

Sure does. I'll need to ask around about this. Apologies for the delay.

One idea, have you tried GCM v1.14.0?

@gitp31415926 can try something (apologies for the slow reply, I've been buried). Try deleting the file %LocalAppData%\GitCredentialManager\tenant.cache, and then re-attempting you authentication with your AAD backed host.

Yes. Have tried v1.14.0 and deleting tenant.cache, still no luck. Get the same error and same entries in logs.

This is the GCM window shows up which is not the usual white background popup we see

gcm

@gitp31415926 that is the "basic authentication" dialog. It is not for visualstudio.com, github.com, or bitbucket.org hosted repositories. The logic for deciding which dialog to present goes something like this:

  1. Does the GCM already have credentials cached for the host?
  2. If not, is the host .visualstudio.com/ ?
  3. If not, is the host .github.com/ ?
  4. If not, is the host .bitbucket.org/ ?
  5. If not, does the host understand NTLM?
  6. Use basic authentication...

So, for some reason the URL you have isn't matching "visualstudio.com". What I would look at is: does your URL contain non-ascii characters which look like ascii characters? Does your URL contain hidden white-space characters? If not, then I'd need to ask you to debug the issue locally (assuming you know how to do that).

Was this page helpful?
0 / 5 - 0 ratings