We use a private nuget repo, via a VPN, (hosted on local TFS) and since one of the recent Calalina upgrades, I can no longer connect to the feed.
I keep getting repeatedly asked for my credentials. I have tried inputting them in format of either domain\username and username#company.com but they don't work. I have also tried using a Personal Access token too, but get the same issue.
I can access the nugget feed from windows or the TFS Portal without any problems.
TFS Version 16.131.28106.2
Related
After updating from TFS 2018 v3 to DevOps Server 2019.0.1 last weekend I now receive this authentication error when attempting to manage security:
TF30063: You are not authorized to access tfs.
I receive this error when attempting to manage security from the Server Administration Console via Application Tier > Administer Security. I also receive the error when I attempt to set permissions via tfssecurity cli tool. I am in the local administrator group and I am listed in the console administration user section.
I'm trying to set permissions because after the update I received several reports from employees that receive errors when they try to access their projects. Those errors are:
TF40049: You do not have licensing rights to access this feature: Code.
*** Edit: Update
This error reoccurred when I upgraded from 2019 to 2020 RC1. The difference is, this upgrade required a migration of the server- since server requirements changed for the new version of DevOps Server.
I spent 8 hrs working through this issue yesterday, and this is what fixed our problem:
deleted DevOps server cache. (location of cache listed in devops admin console on server)
reboot server.
I deleted the cache off the server based on an article I read with the same error, a user was having security/permissions issues with visual studio and they deleted the vs cache on their local machine and it solved their problem. I don't know if deleting the cache or the reboot would have fixed it independently because I did them both as a single troubleshooting step.
Hope this helps someone.
** Edit: Update 08/13/20 **
After upgrading again, I have ran into the same issue and this does not fix my error anymore. I've tried deleting the server cache, rebooting, reapplying permissions, configuring a new service account, reapplying changes, rebooting again, etc. I still have not found a solution for this error. I cannot schedule backups through the supplied backup scheduler without permissions to manage security settings through the configuration panel.
GitKraken has successfully cloned a repository hosted on Team Foundation Server, but on subsequent fetch and push it asks for login information. Even when provided it will ask again, offering no error or explanation. "Remember me" is checked.
Everything works perfectly fine using the cmd.
Note that the issue occurs on a virtual machine. I have tested interacting with the repository on my physical machine using GitKraken - no problem there. However, I have previously experienced the same type of problem with other projects on my physical machine. Seems GitKraken sometimes has problems with TFS, but not sure.
I have tried reinstalling GitKraken, but it didn't resolve the issue. Any ideas on how to fix this?
Edit 2018-01-24 as per #Cece Dongs comment
I am using GitKraken 3.3.3 - recently upgraded, but issue still occurs.
TFS is version 15.117.26714.0 and using the web portal does not give me problems. I login once like normally.
When cloning a GitHub repo everything is working properly. However, when attempting to clone a TFS repo from Visual Studio I get an unauthorized error. (TF30063). I assume it could be related to the Active Directory settings not set up properly because of the Hyper-V setup I am using. Will investigate further and provide more details here.
After using \domain\username instead of just username as login credentials to TFS everything is working.
Using only the username will work on my physical machine as that machine is recognized on the domain, but as the virtual machine is not, the domain is required.
I have setup TFS 2017 in a VM, create a project and added the package feed extension. I then created a feed and a personal access token with full access.
My problem is that I cannot push a package to the feed from the command line using nuget.exe 3.5.0 and a personal access token. I am using the instructions found here and on the feed page (2nd command below)
My commands:
nuget.exe sources Add -Name MyFeed -Source "http://server2016:8080/tfs/DefaultCollection/_packaging/MyFeed/nuget/v3/index.json" -Username administrator -Password x7m5hochjcf4vabp3zqeekrzi7mtbyk6at5tujdt2ny5fgienlgq
nuget.exe push -Source "MyFeed" -ApiKey VSTS C:\temp\octopack.3.4.6.nupkg
nuget.exe list -Source MyFeed
The output I get for both push and list:
Using credentials from config. UserName: administrator
Please provide credentials for: http://server2016:8080/tfs/DefaultCollection/_packaging/MyFeed/nuget/v3/index.json
UserName:
I tried entering the username and PAT again, but it just prompted me again.
If I use my Windows credentials (same account as the PAT) it works fine. I checked with Fiddler and the auth challenge is getting sent and responded to. The server returns a 401.
Any idea why TFS isn't accepting the PAT?
As of nuget 5.0, you have access to set "ValidAuthenticationTypes". See nuget sources -?
-ValidAuthenticationTypes Comma-separated list of valid authentication types for this source. By default,
all authentication types are valid. Example: basic,negotiate
This controls a new key in your nuget.config
<add key="ValidAuthenticationTypes" value="basic" />
Which prevents nuget from attempting Negotiate/NTLM/Kerberos auth against your local TFS/AzureDevOps Server.
Some History
The problem here is usually Negotiate getting in the way. Nuget (and tools built on the underlying libs like 'msbuild /restore' or 'dotnet') is good at making auth simple when you are logged in and AD can negotiate NTLM/Kerberos for you. Unfortunately when configuring Basic creds it can try to pass these off during negotiate, which fails. It is worth noting this was only a problem with the local Server instances and not the azure.dev.com/visualstudio.com cloud hosted instances since Negotiate wouldn't trigger in the cloud scenarios.
This was addressed in part under credentialProvider plugin flows, which could return an auth type for its creds, and if a specific environment variable were set nuget would disable UseDefaultCredentials and skip negotiate (this was used in Azure Pipelines for nuget auth for TFS/AzureDevops Server).
It got a final fix in nuget 5.0 with https://github.com/NuGet/NuGet.Client/pull/2297, which lets you set the auth type even in config files, when manually specifying PATs/passwords for basic auth. As of now, nuget docs are still pending.
I could reproduce your issue if use nuget.exe 3.5.0 and a personal access token. But there is no issue if you use nuget.exe 3.4.3 and a personal access token in TFS 2017.
Please get the nuget.exe 3.4.3 from Nuget page directly instead of using nuget.exe 3.5.0.
Maybe you need to add the -StorePasswordInClearText option to the nuget.exe sources Add command.
We are working on Xcode Project connected to our local TFS 2013 (Update 3) Server via TFS Provided Git Repository.
When we use older version of Xcode, we are successfully able to check-in the files and perform all other Git operations. We are also able to perform all Git Operations via command line Git.
The trouble is when we use latest version of Xcode - Version 7.1 (7B91b).
On entering valid credentials, we are getting error saying
Authentication failed because the user name or password was incorrect.
The same credentials / configuration work on older version of Xcode and Git Command Line Options.
To add more to the surprises, we are able to connect to github.com successfully.
We are able to reproduce issue on other systems too. Please provide us the best way to resolve this error.
For us it turned out to be because Xcode 7 does not support Windows Authentication. The solution described here solved it for us:
"This happens because XCode 7 doesn't support Windows Authentication.
I don't know why. It seems to be a common problem amongst users
because there are many posts about it in google.
To make it all work you should enable Basic Authentication in your IIS
TFS website on "tfs" virtual folder.
Be careful though because basic authentication sends your credentials
over network as plain text. You definitely must use SSL in this case."
(source)
BEFORE: I had a TFS 2010 on a temporary test environment set up with a project and I had web users and everything worked great.
NOW: I've installed it on a permanent environment (same O/S, domain, everything) but any permissions I set no longer seem to have any effect.
It seems only the service account can access any features.
Authentication is NTLM.
Any network users I give access to are either being asked for their credentials to connect to the server and being rejected regardless (they can connect to the default IIS fine) or they get:
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
Ridiculous, but the problem is that the new install was on the E: not the C: so the local NETWORK SERVICE account (that I use as a service account for TFS) did not have access to the files/folders under \Program Files\Microsoft Team Foundation Server 2010\