Git-Credential-Manager-for-Windows
Git-Credential-Manager-for-Windows copied to clipboard
microsoft
Credentials prompt not working when passwords are changed
Git version 1.18.1.windows.1 having problems when the passwords are changed. It is not auto prompting for new password. It used to work fine in 1.16.2.windows.1
The repository in question is hosted on TFS Version 16.131.27701.1 and uses ssl.
Rolling back to 1.16.2 fixed the issue. Also, the install and rollback were done using choco if that has anything to do with this.
The repository in question is hosted on TFS Version 16.131.27701.1 and uses ssl.
By SSL you mean HTTPS and not SSH? Have to check here as GCM does not cover SSH (without a lot of special case setup and hand holding).
Rolling back to 1.16.2 fixed the issue. Also, the install and rollback were done using choco if that has anything to do with this.
The failing version is GCM v1.17.0, or Git for Windows v1,18.1.windows.1?
Have you tried GCM v1.17.0? The credential handling code as well as the service detection code was improved significantly, especially with regards to TFS on-premises.
I'm having the same problem accessing TFS. I run git push and it gives me the error, "fatal: Authentication failed for 'http://server:8080/tfs/project/_git/repo/'".
This repo used to work but I haven't used it in a few weeks. It uses Active Directory authentication and I have changed my password since I last accessed it.
TFS version is 15.105.25910.0. Git for Windows version is 2.18.0.windows.1. I tried installing GCMW 1.17.1 and got the same result.
I ran git config --global --unset credential.helper and when I pushed, I was prompted for a user name and password - that worked. When I installed GCMW 1.17.1 again, the same error came back.
@rorymacleod would you be willing to capture a trace log of the failure?
To do so...
- Run
SET GIT_TRACE=1 - Run
SET GCM_TRACE=1 - Reproduce the issue.
The log should be dumped to the console as the operation progresses. Thanks!
Our team has the same problem with on-premises TFS. I changed my Active Directory password, and now I get Authentication failed:
PS C:\Temp> git fetch
13:38:41.559203 ...\Common.cs:677 trace: [Main] git-credential-manager (v1.17.1) 'get'
13:38:41.628203 ...\Git\Where.cs:361 trace: [FindGitInstallations] found 1 Git installation(s).
13:38:41.634203 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 65 entries.
13:38:41.697203 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'http://tfs.intranet:8080/'.
13:38:41.849203 ...\Common.cs:196 trace: [CreateAuthentication] authority for 'http://tfs.intranet:8080/' is basic with NTLM=Auto.
13:38:41.855203 ...seSecureStore.cs:195 trace: [ReadCredentials] credentials for 'git:http://tfs.intranet:8080' read from store.
13:38:41.856203 ...\Common.cs:711 trace: [QueryCredentials] credentials found.
13:38:42.426203 ...\Common.cs:677 trace: [Main] git-credential-manager (v1.17.1) 'erase'
13:38:42.492203 ...\Git\Where.cs:361 trace: [FindGitInstallations] found 1 Git installation(s).
13:38:42.499203 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 65 entries.
13:38:42.547203 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'http://[email protected]:8080/'.
13:38:42.715203 ...\Common.cs:196 trace: [CreateAuthentication] authority for 'http://[email protected]:8080/' is basic with NTLM=Auto.
13:38:42.716203 ...\Common.cs:220 trace: [DeleteCredentials] deleting basic credentials for 'http://[email protected]:8080/'.
13:38:42.722203 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:http://[email protected]:8080'.
fatal: Authentication failed for 'http://tfs.intranet:8080/tfs/Collection/Project/_git/Repo/'
Relevant entry from cmdkey /list
Target: LegacyGeneric:target=git:http://tfs.intranet:8080
Type: Generic
User: MyUsername
Running cmdkey /delete:git:http://tfs.intranet:8080 does fix the problem
I am experiencing the same issue with on on-premise GitLab repository. You can re-create it by entering incorrect credentials when GCM first prompts. From then on, GCM will not prompt again, and the invalid credentials aren't deleted from the Windows credential store.
set GIT_TRACE=1
set GCM_TRACE=1
git fetch
12:56:20.810288 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
12:56:20.812584 git.c:415 trace: built-in: git fetch
12:56:20.812584 run-command.c:637 trace: run_command: GIT_DIR=.git git remote-https origin https://source-it/uk-it-infrastructure/powershell-scripts.git/
12:56:20.843836 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
12:56:20.843836 git.c:654 trace: exec: git-remote-https origin https://source-it/uk-it-infrastructure/powershell-scripts.git/
12:56:20.843836 run-command.c:637 trace: run_command: git-remote-https origin https://source-it/uk-it-infrastructure/powershell-scripts.git/
12:56:20.859462 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
12:56:20.924133 run-command.c:637 trace: run_command: 'git credential-manager get'
12:56:20.982672 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
12:56:20.985675 git.c:654 trace: exec: git-credential-manager get
12:56:20.985675 run-command.c:637 trace: run_command: git-credential-manager get
12:56:21.095231 ...\Common.cs:665 trace: [Main] git-credential-manager (v1.16.2) 'get'
12:56:21.229155 ...\Git\Where.cs:343 trace: [FindGitInstallations] found 1 Git installation(s).
12:56:21.239159 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 31 entries.
12:56:21.281710 ...\Common.cs:84 trace: [CreateAuthentication] detecting authority type for 'https://source-it/'.
12:56:21.328583 ...\Common.cs:195 trace: [CreateAuthentication] authority for 'https://source-it/' is basic with NTLM=Auto.
12:56:21.328583 ...seSecureStore.cs:195 trace: [ReadCredentials] credentials for 'git:https://source-it' read from store.
12:56:21.344210 ...\Common.cs:699 trace: [QueryCredentials] credentials found.
12:56:21.392972 run-command.c:637 trace: run_command: 'git credential-manager erase'
12:56:21.437496 exec-cmd.c:236 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
12:56:21.437496 git.c:654 trace: exec: git-credential-manager erase
12:56:21.437496 run-command.c:637 trace: run_command: git-credential-manager erase
12:56:21.567406 ...\Common.cs:665 trace: [Main] git-credential-manager (v1.16.2) 'erase'
12:56:21.709415 ...\Git\Where.cs:343 trace: [FindGitInstallations] found 1 Git installation(s).
12:56:21.719415 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 31 entries.
12:56:21.757421 ...\Common.cs:84 trace: [CreateAuthentication] detecting authority type for 'https://MyUserName@source-it/'.
12:56:21.786746 ...\Common.cs:195 trace: [CreateAuthentication] authority for 'https://MyUserName@source-it/' is basic with NTLM=Auto.
12:56:21.786746 ...\Common.cs:219 trace: [DeleteCredentials] deleting basic credentials for 'https://MyUserName@source-it/'.
12:56:21.802372 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:https://MyUserName@source-it'.
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://source-it/uk-it-infrastructure/powershell-scripts.git/'
It looks like it is trying to erase the cached credentials once the authentication has failed, but fails as it is trying to erase the credentials for git:https://MyUserName@source-it rather than git:https://source-it/
cmdkey /list
Target: LegacyGeneric:target=git:https://source-it
Type: Generic
User: MyUserName
Local machine persistence
@gistofj Would it be possible to get some action on this issue? As @X-Guardian says, it looks like a quick and easy fix
@gistofj Would it be possible to get some action on this issue? As @X-Guardian says, it looks like a quick and easy fix
No, I'm sorry. I am no longer associated with Microsoft, and therefore have no role in this project. Hopefully whom ever has taken over the reigns in my absence follows up. Best of luck.
We're looking at picking up work on this bug early in 2019. We're also very happy to review pull requests!
Seems related to this: https://github.com/Microsoft/Git-Credential-Manager-for-Windows/issues/817 I believe both issues are a regression introduced by this PR: https://github.com/Microsoft/Git-Credential-Manager-for-Windows/pull/547 @gistofj @shiftkey
I am no longer associated with Microsoft, and therefore no longer contribute to this project. @jeschu1 as a replacement for me (I'll be unsubscribing).
Hi,
this issue is quite annoying as our company (and many other) requires to reset the password every now and then. We as the administrators have to go to everyone who recently changed their password and remove the old entries manually. I want to help to fix this issue, as it persists since half a year now. But I need some information. First let's see what I found out on my machine: We use Git LFS in our company and move the binary files to a Artifactory server (let's call it artifactory.company.example). If there are no credentials for git:https://artifactory.company.example, the user will be queried to enter a username and password. This will create TWO entries:
- git:https://artifactory.company.example
- git:https://[email protected]
This is no problem as long as the credentials are correct. As soon as the credentials are expired, the following happens (compiled with debug to get more information):
- GCM detects an authority for 'https://artifactory.company.example' and seems to do nothing with it
- GCM detects an authority for 'https://[email protected]' and deletes it from the store
- 'https://artifactory.company.example' will be detected again (and nothing will be done with it)
- 'https://[email protected]' will be detected, tried to delete but not be found (as it was deleted previously)
- Step 3 and 4 will be repeated until some kind of max repetition trigger value gets hit.
The user will not be queried until the entry of 'https://artifactory.company.example' gets be deleted manually.
The value of 'https://[email protected]' seems pretty useless to us. I would want to get rid of it, or delete the value of 'https://artifactory.company.example' as soon as the value of 'https://[email protected]' contains wrong credentials.
But this is only for our use case of the GCM with Git LFS. What do you think of the ideas? And why do we need the username in the URL as the credential store seems to be hard-wired to the user account?
I am having same issue with VS2019 Enterprise version now. All machines where we installed VS2019 along with VS2017 are foo bar now. We have stopped migration of remaining team members to VS2019. I do not get any prompts. Here are the logs.
15:54:21.339986 git.c:340 trace: built-in: git 'clone' '--progress' '--verbose' '--recurse-submodules' 'http://xxxxx' 'C:\Users\xxxxxxx'
15:54:21.402486 run-command.c:626 trace: run_command: 'remote-http' 'origin' 'http://xxxxx'
15:54:21.433736 git.c:572 trace: exec: 'git-remote-http' 'origin' 'http://xxxxx'
15:54:21.433736 run-command.c:626 trace: run_command: 'git-remote-http' 'origin' 'http://xxxx'
15:54:21.480608 run-command.c:626 trace: run_command: 'git credential-manager get'
15:54:21.683730 git.c:572 trace: exec: 'git-credential-manager' 'get'
15:54:21.699356 run-command.c:626 trace: run_command: 'git-credential-manager' 'get'
15:54:21.777484 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.18.4) 'get'
15:54:21.839977 ...\Git\Where.cs:348 trace: [FindGitInstallations] found 1 Git installation(s).
15:54:21.855605 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 26 entries.
15:54:21.855605 ...\Common.cs:427 trace: [LoadOperationArguments] GCM_HTTP_USER_AGENT = 'git-credential-manager (Microsoft Windows NT 10.0.17763.0; Win32NT x64) CLR/4.0.30319 VS15/16.0.0'.
15:54:21.855605 ...\Common.cs:479 trace: [LoadOperationArguments] interactive = 'Auto'.
15:54:21.855605 ...\Common.cs:497 trace: [LoadOperationArguments] validate = 'True'.
15:54:21.855605 ...\Common.cs:513 trace: [LoadOperationArguments] modalPrompt = 'True'.
15:54:21.902522 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'http://xxxxxx'.
15:54:21.918104 ...\Common.cs:224 trace: [CreateAuthentication] authority for 'http:xxxxx' is basic with NTLM=Auto.
15:54:21.918104 ...\Common.cs:765 trace: [QueryCredentials] querying 'Auto' for credentials.
15:54:25.001047 ...uthentication.cs:119 trace: [AcquireCredentials] 'http://xxxxx' supports NTLM, sending NTLM credentials instead
15:54:25.001047 ...\Common.cs:780 trace: [QueryCredentials] credentials found.
15:54:25.032300 run-command.c:626 trace: run_command: 'git credential-manager erase'
15:54:25.094831 git.c:572 trace: exec: 'git-credential-manager' 'erase'
15:54:25.094831 run-command.c:626 trace: run_command: 'git-credential-manager' 'erase'
15:54:25.157334 ...\Common.cs:744 trace: [Main] git-credential-manager (v1.18.4) 'erase'
15:54:25.235456 ...\Git\Where.cs:348 trace: [FindGitInstallations] found 1 Git installation(s).
15:54:25.235456 ...Configuration.cs:222 trace: [LoadGitConfiguration] git All config read, 26 entries.
15:54:25.235456 ...\Common.cs:427 trace: [LoadOperationArguments] GCM_HTTP_USER_AGENT = 'git-credential-manager (Microsoft Windows NT 10.0.17763.0; Win32NT x64) CLR/4.0.30319 VS15/16.0.0'.
15:54:25.235456 ...\Common.cs:479 trace: [LoadOperationArguments] interactive = 'Auto'.
15:54:25.235456 ...\Common.cs:497 trace: [LoadOperationArguments] validate = 'True'.
15:54:25.235456 ...\Common.cs:513 trace: [LoadOperationArguments] modalPrompt = 'True'.
15:54:25.266667 ...\Common.cs:85 trace: [CreateAuthentication] detecting authority type for 'http://xxxxxx'.
15:54:25.282334 ...\Common.cs:224 trace: [CreateAuthentication] authority for 'http://xxxxxx' is basic with NTLM=Auto.
15:54:25.282334 ...\Common.cs:252 trace: [DeleteCredentials] deleting basic credentials for 'http://xxxxxxx'.
15:54:25.297955 ...aseSecureStore.cs:59 trace: [Delete] credentials not found for 'git:http://xxxxxx'.
I am having this issue as well but I was able to find a work-around.
Fortunately, I also have WSL (Ubuntu) set up so I was able to use the Linux version of git to push the changes I had made through windows.
We're facing the same issue. Password needs to be change every 90 days due to companys IT-policies (forced by ActiveDirectory). After password is changed, git credential manager does not notice the changed password and keeps trying with the old credentials until.... the users account is locked -> Fun begins for the user account support team...
- git credential manager should really not try until forever when the auth attempt failed
- git credential manager should ask for the credentials if the auth attempt failed
solution here: https://github.com/microsoft/Git-Credential-Manager-for-Windows/issues/871#issuecomment-622827349
What is going on with this bug? This is a critical issue that has gone unresolved for >2 years!?
This should be relatively easy to fix: If ("using secrets stored from credential manager" and "authentication fails") { prompt for new credentials if (auth is successful) { edit stored credentials (or delete and recreate credentials) } else { fail message } }
I'm having the same issue. I guess they want us to move to other authentication methods.
I'm having the same issue. I guess they want us to move to other authentication methods.
Why, yes: https://github.blog/changelog/2019-08-08-password-based-http-basic-authentication-deprecation-and-removal/
I think they will be deprecating this project in favor of the new Git Credential Manager Core which is multiplatform and now offered as part of the Git For Windows Installation:
https://github.com/microsoft/Git-Credential-Manager-Core
I think they will be deprecating this project in favor of the new Git Credential Manager Core which is multiplatform and now offered as part of the Git For Windows Installation:
https://github.com/microsoft/Git-Credential-Manager-Core
Indeed, this has already happened: https://github.com/microsoft/Git-Credential-Manager-for-Windows/issues/918