I have been attempting to create a nettcp port binding on the IIS default website for the port 9999; however always get the following error from the net.tcp listener;
An error occurred while parsing the net.tcp binding '9999:' of the site '1', thus the protocol is disabled for the site temporarily. See the exception message for more details.
Binding: net.tcp:9999:
Source: System.ServiceModel.Activation.ListenerAdapter/12547953
Exception: System.UriFormatException: The protocol binding '9999:*' is not valid for 'net.tcp'. This might be because the port number is out of range.
at System.ServiceModel.Channels.BaseUriWithWildcard..ctor(String protocol, Int32 defaultPort, String binding, Int32 segmentCount, String path, String sampleBinding)
at System.ServiceModel.Channels.BaseUriWithWildcard.CreateHostedUri(String protocol, String binding, String path)
at System.ServiceModel.Activation.ListenerAdapter.RegisterBindings(IActivatedMessageQueue queue, Int32 siteId, String[] bindings, String path)
Process Name: SMSvcHost
Process ID: 1120
Anyone have any ideas on what could be the problem? Or an approach on how we might be able to investigate the issue further? I have checked the firewall settings and it seems the port is not specifically blocked.
Verify that Non-HTTP Activation feature is installed on the machine.
Turns out that my Net.TCP listener adapter service had stopped running for some reason; turning this on resolved the issue. Steps given below;
On the server; open Services from Administrative Tools
Verify that the Net.Pipe Listener Adapter or the Net.Tcp Listener Adapter service is running. If not, right-click on the service and click Start.
Saurabh Chowdhury's answer above is also a common troubleshooting step; however this was not the issue in my case.
This link also gives a good overview of some of the other points to look out for.
Related
What's the best way to know if my app is running under Kestrel or HTTP.sys. All that I have found so far is to check for "Kestrel" in one of the HttpConext property class names.
Within an MVC controller I can do something like this:
Boolean IsKestrel = HttpContext.Features.GetType().ToString().Contains("Kestrel");
i.e. check this:
Features = {Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.Http1Connection<Microsoft.AspNetCore.Hosting.HostingApplication.Context>}
When using HTTP.sys I only get:
Features = {Microsoft.AspNetCore.Http.Features.FeatureCollection}
(Is "Http" here enough to know that this is HTTP.sys?)
There must be a better way. Is there an obvious property somewhere that contains the name of the host being used?
A broader question might be, how do I know what the builder pattern built?
Update
Found something better, but still looking for a Property that has the server name or type.
In an MVC controller:
var isKestrel = HttpContext.Request.Headers.GetType().ToString().Contains(".Kestrel.");
var isHTTPsys = HttpContext.Request.Headers.GetType().ToString().Contains(".HttpSys.");
At the operating system level, netsh http show servicestate will list all active URLs listening via HTTP.SYS.
From code you can locate an instance of Microsoft.AspNetCore.Hosting.Server.IServer and check what its implementation is, in netcore 6:
Kestrel => Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl
IIS ==> Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer
HTTP.SYS => Microsoft.AspNetCore.Server.HttpSys.MessagePump
This relies on implementation details (so can break), also other extensions can change these e.g. CoreWcf creates CoreWCF.Configuration.WrappingIServer that wraps one of the above implementations.
you can use System.Diagnostics.Process.GetCurrentProcess().ProcessName
I am not sure whether you want to check this information using the code only or you are just looking for a way to know on which web server your app is running.
In my search result, I found that we could set the ports for a specific web server. When the application will run on that specific web server then it will use that pre-configured port. I am assuming your app also has a similar configuration. You could set the different ports for Kestrel, Http.sys, or IIS. By checking the port number you could say that on which web server your site is running.
You could try to go to the launchSettings.json file in your project where you could configure ports for IIS and Kestral.
Helpful References:
Kestrel Web Server in ASP.NET Core
Understand HTTP.sys Web Server In ASP.NET Core
Hello this is a good question, you question is asking how to find out from inside the code and not from a console.
OOB I did not find anything. So, I had to get very creative to figure this out, sorry for the typo's its brand new stuff...
Option 1:
Since the Kestrel section & endpoints are inside the appsettings.json I used that to find out if its hosted by Kestrel!
//Please create a static class to hold the config.
public static class MyStartupIsItKestrelConfiguration
{
public static IConfiguration Configuration;
public bool static IsKestrel()
{
//check your section kestrel??
var kestrel = configuration.GetSection("Kestrel");
// now check kestrel section or any other section
// see picture for kestrel endpoint in app setting sbelow
return true;
}
}
Now you can access it anywhere and see if you used Kestrel
//Now add it/save it in your startup and access later
public Startup(IConfiguration configuration)
{
Configuration = configuration;
MyStartupIsItKestrelConfiguration.Configuration = configuration;
}
Once you have this
//you can use it in ** YOUR CONTROLLER
MyStartupIsItKestrelConfiguration.IsKestrel();
Option 2:
Please check this public Microsoft.AspNetCore.Http.Features.IFeatureCollection Features { get; }
You can get the features public TFeature? Get<TFeature> (); as a Key Value Pair - and then check the feature for e.g. KESTREL DOES NOT ALLOW PORT SHARING
they split the features namespace in .net core 6 there are breaking changes
You should use the features collection
We have an evirironment as follows:
CPE: 2 Servers
ICN: 2 servers
Application Server: WAS 8.5.5 Base
Both content Engine and Navigator are configured for high availability using Load Balancer. However, in case ICN 1 is connected to CPE1 and CPE1 is dwn, then Navigator is unable to connect to CPE2 even though load balancer of CPE is pointing to CPE2.
The logs are as follows:
javax.naming.NamingException: NMSV0610I: A NamingException is being thrown from a javax.naming.Context implementation. Details follow:
Context implementation: com.ibm.ws.naming.jndicos.CNContextImpl
Context method: lookupExt
Context name: HDOSYS0202Node01Cell/nodes/HDOSYS0202Node01/servers/server1
Target name: FileNet/Engine,10.39.128.66:2809/FileNet/Engine
Other data:
Exception stack trace: javax.naming.NamingException: Error during resolve [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07 completed: No]
at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1867)
at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1776)
at com.ibm.ws.naming.jndicos.CNContextImpl.lookupExt(CNContextImpl.java:1433)
at com.ibm.ws.naming.jndicos.CNContextImpl.lookup(CNContextImpl.java:615)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:165)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
at org.apache.aries.jndi.DelegateContext.lookup(DelegateContext.java:161)
at javax.naming.InitialContext.lookup(InitialContext.java:436)
com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1864)
Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07 completed: No
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:412)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:271)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:258)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:376)
at java.net.Socket.connect(Socket.java:546)
at com.ibm.ws.orbimpl.transport.WSTCPTransportConnection.createSocket(WSTCPTransportConnection.java:370)
at com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:366)
at com.ibm.ws.orbimpl.transport.WSTransport.getConnection(WSTransport.java:437)
at com.ibm.CORBA.transport.TransportBase.getConnection(TransportBase.java:188)
at com.ibm.rmi.iiop.TransportManager.get(TransportManager.java:100)
at com.ibm.rmi.iiop.GIOPImpl.getConnection(GIOPImpl.java:134)
at com.ibm.rmi.iiop.GIOPImpl.createRequest(GIOPImpl.java:178)
at com.ibm.rmi.corba.ClientDelegate._createRequest(ClientDelegate.java:2010)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1186)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1272)
Content Platform Engine does not support session replication which would be required to failover. Once the connection is established, the client will bind to the specific endpoint so neither corbaloc nor a load balancing alias will help. If the nodes are not in a Cluster the peer will not be in the JNDI tree so do not know about each other. What you have is called a "stovepipe" configuration. You can load balance the front end, but each front end will talk to a specific backend, so not highly available. You could put the CE's behind a hardware load balancer (SNAT) but it would still lack fail over. CPE will run on JBOSS but ICN does not, so to be highly available you'll need to deploy to WebSphere ND or Weblogic.
Could you share the URI used to establish CPE connection?
When Content Platform Engine is made highly available through an application server cluster configuration the Content Platform Engine URI should have the following form (with no carriage returns):
corbaloc::node1_hostname:BOOTSTRAP_ADDRESS,:node2_hostname:BOOTSTRAP_ADDRESS/cell/clusters/your_websphere_cluster_name/FileNet/Engine
Example:
corbaloc::testnode1:9810,:testnode2:9810/cell/clusters/testwascluster/FileNet/Engine
This configuration requires the WebSphere cluster name in addition to the node names as part of the URI. The bootstrap port for a cluster configuration (by default, port 9810) is usually different from the bootstrap port on a non-cluster (standalone) configuration (by default, port 2809).
Only one URI is used regardless of SSL use. WebSphere EJB over SSL is automatically established if EJB security is enabled.
I found a link containing code to solve the issue in my case. The only problem is how to implement this code for Content Navigator
"This may help. I have recently written an EJB print app which is used by other apps at my company to generate printable documents. I am also using an access bean on the client to remotely call my EJB. The client is a 4 server cluster, and my EJB is a 2 server cluster. I have also experienced problems with the "connection refused" exception if I stop the application server(s) running my EJB when calling without restarting the client. Here is what I've done so far to resolve the issue.
Looking at the access bean, after you create an instance, when you call your remote method (whatever that may be and in my case is renderDocuments() which i will use in my example below) the access bean does the following:"
public DocumentRenderOutputContext renderDocuments
DocumentRequestList documentRequestList)
{
try
{
instantiateEJB();
return ejbRef().renderDocuments
documentRequestList);
}
catch (NamingException ne)
{
throw new DocumentRenderException(ne);
}
catch (CreateException ce)
{
throw new DocumentRenderException(ce);
}
catch (RemoteException re)
{
THE EXCEPTION THROWN WHEN THE APP SERVER IS
BROUGHT DOWN WITHOUT RESTARTING THE CLIENT
WILL BE CAUGHT HERE
}
}
If you bring down your EJB app server(s) without re-starting the client, the remote exception above will catch the "connect refused" exception.
So what i do inside the remote exception catch is the following:
try
{
//see below for methods
reset();
return retryRenderDocuments(documentRequestList);
}
catch (NamingException ne)
{
throw new DocumentRenderException(ne);
}
catch (CreateException ce)
{
throw new DocumentRenderException(ce);
}
catch (RemoteException remote)
{
throw new DocumentRenderException(re);
}
private void reset() throws NamingException
{
resetHomeCache();
resetEJBRef();
}
private DocumentRenderOutputContext retryRenderDocuments
DocumentRequestList documentRequestList)
throws
RemoteException,
NamingException,
CreateException,
DocumentRenderException
{
DocumentRenderOutputContext outputContext = null;
Properties properties = new Properties();
properties.put(
javax.naming.Context.PROVIDER_URL,
getInit_NameServiceURLName()); //im assuming youve
properties.put(
PROPS.JNDI_CACHE_OBJECT,
PROPS.JNDI_CACHE_OBJECT_CLEARED);
InitialContext initialContext = new InitialContext(properties);
Object object = initialContext.lookup(getInit_JNDIName());
ECommercePrintHome homeRef = (ECommercePrintHome) object;
ECommercePrint printEngine = homeRef.create();
outputContext = printEngine.renderDocuments(documentRequestList);
return outputContext;
}
Ref:- http://www.theserverside.com/discussions/thread.tss?thread_id=31495
When my Zuul Filter is unable to route to a configured URL, the 'RibbonRoutingFilter' class throws a ZuulException saying "Forwarding error" and the control goes to the 'SendErrorFilter' class.
Now when the SendErrorFilter class tries to do a forward, another exception happens during this forward call.
dispatcher.forward(ctx.getRequest(), ctx.getResponse());
The exception happening during this forward call is
Caused by: java.lang.IllegalArgumentException: UT010023: Request org.springframework.cloud.netflix.zuul.filters.pre.Servlet30WrapperFilter$Servlet30RequestWrapper#6dc974ea was not original or a wrapper
at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:103) ~[undertow-servlet-1.1.3.Final.jar:1.1.3.Final]
at org.springframework.cloud.netflix.zuul.filters.post.SendErrorFilter.run(SendErrorFilter.java:74) ~[spring-cloud-netflix-core-1.0.0.RELEASE.jar:1.0.0.RELEASE]
at com.netflix.zuul.ZuulFilter.runFilter(ZuulFilter.java:112) ~[zuul-core-1.0.28.jar:na]
at com.netflix.zuul.FilterProcessor.processZuulFilter(FilterProcessor.java:197) ~[zuul-core-1.0.28.jar:na]
Finally when the control comes to my custom ZuulErrorFilter , i do not get the original exception. Instead the exception object i get is the one that occurs during the forward.
Update:
I found that a errorPath property can be configured to point to a Error Handling Service. If it is not configured, Zuul by default looks for a service named /error and tries to dispatch to that service. Since we did not have any service for /error , the dispatcher.forward() was throwing error.
Question
How can we skip this fwd to an error handling service ? We have a ErrorFilter to log the error. We do not want to have a error handling service.
We had faced the same issue and there is a simple solution to fix the Undertow "eating" the original exception, following my blog post:
http://blog.jmnarloch.io/2015/09/16/spring-cloud-zuul-error-handling/
You need to set the flag allow-non-standard-wrappers to true. In Spring Boot this is doable through registering custom UndertowDeploymentInfoCustomizer. Example:
#Bean
public UndertowEmbeddedServletContainerFactory embeddedServletContainerFactory() {
UndertowEmbeddedServletContainerFactory factory = new UndertowEmbeddedServletContainerFactory();
factory.addDeploymentInfoCustomizers(new UndertowDeploymentInfoCustomizer() {
#Override
public void customize(DeploymentInfo deploymentInfo) {
deploymentInfo.setAllowNonStandardWrappers(true);
}
});
return factory;
}
Now regarding the question, either way I would highly encourage you to implement your own ErrorController, because otherwise you may experience odd Spring Boot behaviour (in our setup - ralying on the default was always generating the Whitelabel error page with 200 HTTP status code - which never happens on Tomcat in contradiction) and in this way was not consumable by AJAX calls for instance.
Related Github issue: https://github.com/spring-cloud/spring-cloud-netflix/issues/524
I am running the following code from Scott Allen's ASP.Net Fundamentals course
using System;
using Microsoft.Owin.Hosting;
using Owin;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
string uri = "http://localhost:8080";
using (WebApp.Start<Startup>(uri))
{
Console.WriteLine("Started!");
Console.ReadKey();
Console.WriteLine("Stopping!");
}
}
}
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseWelcomePage();
//app.Run(
// ctx => ctx.Response.WriteAsync("Hello Owin!"));
}
}
}
However when I run the console app I get a message
Unhandled Exception: System.Reflection.TargetInvocationException: Exception has
been thrown by the target of an invocation. ---> System.Net.HttpListenerExceptio
n: Failed to listen on prefix 'http://localhost:8080/' because it conflicts with
an existing registration on the machine.
at System.Net.HttpListener.AddAllPrefixes()
at System.Net.HttpListener.Start()
at Microsoft.Owin.Host.HttpListener.OwinHttpListener.Start(HttpListener liste
ner, Func`2 appFunc, IList`1 addresses, IDictionary`2 capabilities, Func`2 logge
rFactory)
at Microsoft.Owin.Host.HttpListener.OwinServerFactory.Create(Func`2 app, IDic
tionary`2 properties)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments,
Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Objec
t[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invoke
Attr, Binder binder, Object[] parameters, CultureInfo culture)
at Microsoft.Owin.Hosting.ServerFactory.ServerFactoryAdapter.Create(IAppBuild
er builder)
at Microsoft.Owin.Hosting.Engine.HostingEngine.StartServer(StartContext conte
xt)
at Microsoft.Owin.Hosting.Engine.HostingEngine.Start(StartContext context)
at Microsoft.Owin.Hosting.Starter.DirectHostingStarter.Start(StartOptions opt
ions)
at Microsoft.Owin.Hosting.Starter.HostingStarter.Start(StartOptions options)
at Microsoft.Owin.Hosting.WebApp.StartImplementation(IServiceProvider service
s, StartOptions options)
at Microsoft.Owin.Hosting.WebApp.Start(StartOptions options)
at Microsoft.Owin.Hosting.WebApp.Start[TStartup](StartOptions options)
at Microsoft.Owin.Hosting.WebApp.Start[TStartup](String url)
at ConsoleApplication1.Program.Main(String[] args) in e:\EShared\Dev2015\WebA
ppScottAllen\ConsoleApplication1\ConsoleApplication1\Program.cs:line 12
Press any key to continue . . .
I ran the Resource Monitor from the Task Manager Performance Tab and can see that there are 2 entries on Listening Ports for 8080.
Both have Image=System, PID=4, IPv6 unspecified, Protocol TCP, Firewall Status Not allowed, not restricted
I am new to Listening Ports, how do I get the code working?
When faced with error: "Failed to listen on prefix 'http://someURL:somePortNo/' because it conflicts with an existing registration on the machine." It is not really necessary that there is an application actively listening on that port - thus output of Netstat -abno may not always help. If the already registered application is running it can help you narrow down to which application is causing the issue by looking at the info Netstat provides.
However, you will get this error even after the application in question is stopped since the error indicates a registration. The correct diagnostic command therefore is:
netsh http show urlacl
We need to examine the output and check whether any of the listed reserved URLs is configured to listen on the specific port your application is trying to use. You need to note the value of the "Reserved URL" field for that specific application. You will need it later for deleting the registration which is causing the error.
Uninstalling that specific application - assuming their uninstall procedure does include an un-registration - may resolve the problem. Alternatively you could take a more direct and precise approach of using the command for deleting a URL reservation:
(Note that if the conflict is legitimate, it may be better to reconfigure your application to listen on a different port instead.)
netsh http delete urlacl url=<value of "Reserved URL" in the output of netsh http show urlacl>
When the command works you will see output: URL reservation successfully deleted.
Upon running netsh http show urlacl a second time you will now see that the url registration is indeed gone. And now running your application should not result in the error you were seeing earlier.
I was able to solve the problem by uninstalling several programs.
Unfortunately I did not test after each, so I don't know which one it was.
They included Dropbox, Goto Assist, Goto Meeting and a winforms application
I had the same issue, and it was a silly fix. I had other console apps open that was using the same port number, so after I have closed all the console apps, I was able to run and did not get this error.
I had the same error in Visual Studio which was kind enough to tell me which port was wrong. I then ran this command in an Administrator Command Prompt:
netsh http delete urlacl url=http://+:44308/
Note : It is important to remember to final slash. Otherwise you will get an error.
I am currently using TFS 2013 (local installation) to try to build from an internal GitHub Enterprise installation using LDAP Authentication.
The problem I am getting is that it cannot access the source code, how can I configure TFS Build to use a specific authentication?
From the TFS Build Log
Exception Message: An error was raised by libgit2. Category = Net (Error).
VS30063: You are not authorized to access https://user:password#githubrepository.corp.company.net. (type LibGit2SharpException)
Exception Data Dictionary:
libgit2.code = -1
libgit2.category = 11
Exception Stack Trace:
Server stack trace:
at LibGit2Sharp.Core.Ensure.HandleError(Int32 result)
at LibGit2Sharp.Core.Proxy.git_clone(String url, String workdir, GitCloneOptions opts)
at LibGit2Sharp.Repository.Clone(String sourceUrl, String workdirPath, Boolean bare, Boolean checkout, TransferProgressHandler onTransferProgress, CheckoutProgressHandler onCheckoutProgress, Credentials credentials)
at Microsoft.TeamFoundation.Build.Activities.Git.GitPull.GitClone.GetRepository(String repositoryUrl, String workingFolder)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
at System.Func3.EndInvoke(IAsyncResult result)
at Microsoft.TeamFoundation.Build.Activities.Git.GitPull.GitRepositoryBase.EndExecute(AsyncCodeActivityContext context, IAsyncResult result)
at System.Activities.AsyncCodeActivity1.System.Activities.IAsyncCodeActivity.FinishExecution(AsyncCodeActivityContext context, IAsyncResult result)
at System.Activities.AsyncCodeActivity.CompleteAsyncCodeActivityData.CompleteAsyncCodeActivityWorkItem.Execute(ActivityExecutor executor, BookmarkManager bookmarkManager)
Follow up
I have tried the URL params for authentication (example)
https://username:password#domain.com/user/project.git
More Follow up
Completely uninstalled and update to the 2013 RC, error message has been updated as well, as it is different.
I have also tried setting up the build controller to run as an authenticated LDAP user in the github enterprise installation.
Libgit2 does support the url credentials, however TFS build activities for GitPull overrides the default behavior with a Microsoft.TeamFoundation.Build.Activities.Git.TfsSmartSubtransport class for the http and https protocol.
This class unfortunately ignores credentials in the URL and instead tries to retrieve credentials from the registry.
I was able to successfully get a TFS build server to pull source code from a gitlab server using TFS build with the default GitTemplate.12.xaml workflow.
Setup the TFS build's repository URL without any credentials in the URL.
Encrypted your credential's password with the following bit of code. This needs to get run on the build server as the encryption process is specific to the local machine it's executed on.
var password = "your_password";
var bytes = Encoding.Unicode.GetBytes(password);
var bytes2 = ProtectedData.Protect(bytes, null, DataProtectionScope.LocalMachine);
var base64 = Convert.ToBase64String(bytes2);
Add the following registry settings to your build server.
NOTE: The URL in the registry must exactly match the absolute URL of your repository or TFS won't find the credentials.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TeamFoundationServer\12.0\HostedServiceAccounts\Build\http://githubrepository.corp.company.net]
"Microsoft_TFS_UserName"="<username goes here>"
"Microsoft_TFS_Password"="<bas64 encrypted password goes here>"
"Microsoft_TFS_CredentialsType"="Windows"
The only other alternatives to this approach that I could think of is to modify the default workflow and replace the GitPull activity with something else.
I'm not suggesting that this is the best method, but it worked for me.
That's odd. It looks like the HTTP transport should honor url-encoded credentials.
In any case, it might be better and safer to set up the remote to get the credentials from elsewhere. The clone code is a good example of how to do this: here's how to set up the callback, and here's an example of how to generate the credential object.