Unable to download symbols with Windows Auth container on Windows 11

[pibcht]

Hi all!

Describe the bug

I create container with BcContainerHelper with -Auth Windows. Credential provided is identical to my Windows account (It's a Microsoft account). When I try to Download Symbols, no username/password prompt (That's normal) but instantly dotnet error shown:

Processing of message 'al/downloadSymbols' failed with error: 'No credentials are available in the security package'.

To Reproduce

1️⃣ BcContainerHelper.config.json

{
    "sandboxContainersAreMultitenantByDefault": false,
    "defaultNewContainerParameters": {
        "restart": "no"
    }
}

New-BcContainer -accept_eula -auth Windows -artifactUrl https://bcartifacts.azureedge.net/sandbox/19.1.31886.33316/fr -containerName bcwin -Credential (Get-Credential)

2️⃣

3️⃣ launch.json

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Your own server",
            "request": "launch",
            "type": "al",
            "environmentType": "Sandbox",
            "server": "http://bcwin",
            "serverInstance": "BC",
            "authentication": "Windows",
            "tenant": ""
        }
    ]
}

4️⃣

Expected behavior

[2021-12-05 23:01:14.29] Sending request to http://bcwin:7049/BC/dev/metadata
[2021-12-05 23:01:36.02] Sending request to http://bcwin:7049/BC/dev/packages?publisher=Microsoft&appName=System&versionText=1.0.0.0&appId=8874ed3a-0643-4247-9ced-7a7002f7135d
[2021-12-05 23:01:36.02] Sending request to http://bcwin:7049/BC/dev/packages?publisher=Microsoft&appName=Application&versionText=19.0.0.0&appId=00000000-0000-0000-0000-000000000000
[2021-12-05 23:01:36.65] The following dependencies will be queried for propagated dependencies:
System Application by Microsoft (19.1.0.0)
Base Application by Microsoft (19.1.0.0)
[2021-12-05 23:01:36.66] Sending request to http://bcwin:7049/BC/dev/packages?publisher=Microsoft&appName=System Application&versionText=19.1.0.0&appId=63ca2fa4-4f03-4f2b-a480-172fef340d3f
[2021-12-05 23:01:36.66] Sending request to http://bcwin:7049/BC/dev/packages?publisher=Microsoft&appName=Base Application&versionText=19.1.0.0&appId=437dbf0e-84ff-417a-965d-ed2bb9650972
[2021-12-05 23:01:37.74] All reference symbols have been downloaded.

(Simulated using UserPassword container)

Actual behavior

1️⃣ Business Central Web Client works perfectly, but i'm asked to log in.

@freddydk said on another Issue (https://github.com/microsoft/AL/issues/6532#issuecomment-800873052)

When you create a container using Windows Auth, and you can access the Web Client in a Browser without logging in you are fine.

2️⃣

[2021-12-05 22:53:27.25] Using reference symbols cache path: w:\Code\Temp\EFF\./.alpackages
[2021-12-05 22:53:27.28] Targeting server 'http://bcwin', server instance 'BC' and tenant 'default'.
[2021-12-05 22:53:27.28] Using Windows authentication.
[2021-12-05 22:53:27.30] Sending request to http://bcwin:7049/BC/dev/metadata?tenant=default
[2021-12-05 22:53:27.38] Sending request to http://bcwin:7049/BC/dev/metadata?tenant=default
[Error - 22:53:27] Please report this issue to https://github.com/microsoft/al/issues including information on how to reproduce it, if possible.
Processing of message 'al/downloadSymbols' failed with error: 'Aucune information d’identification n’est disponible dans le package de sécurité'
Details:
System.ComponentModel.Win32Exception (0x8009030E): Aucune information d’identification n’est disponible dans le package de sécurité
   at System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob, Boolean throwOnError, SecurityStatusPal& statusCode)
   at System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob)
   at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, Boolean async, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at Microsoft.Dynamics.Nav.Deployment.Telemetry.TelemetryHttpClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\Telemetry\TelemetryHttpClientHandler.cs:line 61
   at Microsoft.Dynamics.Nav.Deployment.Http.NavHttpClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\Http\NavHttpClientHandler.cs:line 35
   at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
   at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerInfoApiClient.GetServerInfo() in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerInfoApiClient.cs:line 46
   at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerRegistry.QueryMetadata(ConnectionOptions options, IEmitLogger logger) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerRegistry.cs:line 153
   at Microsoft.Dynamics.Nav.Deployment.ApiClients.ServerRegistry.GetServerInfo(ConnectionOptions options, IEmitLogger logger) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\ServerRegistry.cs:line 56
   at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.SendRequest(IHttpClient client, SymbolReferenceSpecification reference) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 135
   at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.DownloadPackage(IHttpClient client, SymbolReferenceSpecification specification, String directory, Boolean isSecondLevelDependency) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 172
   at Microsoft.Dynamics.Nav.Deployment.ApiClients.PackagesApiClient.DownloadPackages(ImmutableArray`1 references, String targetDir) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ApiClients\PackagesApiClient.cs:line 61
   at Microsoft.Dynamics.Nav.Deployment.ReferenceDownloader.NavDevServerPackageDownloader.DownloadPackages(ImmutableArray`1 packages, String targetDirectory) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.Deployment\ReferenceDownloader\NavDevServerPackageDownloader.cs:line 32
   at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.DownloadSymbolsRequestHandler.DownloadFiles(DownloadSymbolsRequest request, String cacheDirectory, ImmutableArray`1 referencesToDownload) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\DownloadSymbolsRequestHandler.cs:line 125
   at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.DownloadSymbolsRequestHandler.ProcessRequestAsync(DownloadSymbolsRequest request, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\DownloadSymbolsRequestHandler.cs:line 93
   at Microsoft.Dynamics.Nav.EditorServices.Protocol.LanguageServer.Extensions.NavServerRequestHandler`2.HandleAsync(T request, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\LanguageServer\Extensions\NavServerRequestHandler.cs:line 40
   at Microsoft.Dynamics.Nav.EditorServices.Protocol.MessageProtocol.RequestHandlerBase`1.HandleAsync(JToken requestContents, Int32 requestId, CancellationToken cancellationToken) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\MessageProtocol\RequestHandlerBase.cs:line 63
   at Microsoft.Dynamics.Nav.EditorServices.Protocol.RequestRegistry.Process(Message message) in D:\a\1\s\source\Prod\Microsoft.Dynamics.Nav.EditorServices.Protocol\Endpoints\RequestRegistry.cs:line 64

Error translation:

🇫🇷 Processing of message 'al/downloadSymbols' failed with error: 'Aucune information d’identification n’est disponible dans le package de sécurité' 🇺🇸 Processing of message 'al/downloadSymbols' failed with error: 'No credentials are available in the security package'.

Versions

• Windows: 11 21H2 (10.0.22000 Build 22000)
• AL Language: 8.2.550913
• BcContainerHelper: 2.0.22
• Visual Studio Code: 1.62.3
• Business Central: all? (Tested on: 19.1.31886.33316 and 18.5.29545.33366)
• List of Visual Studio Code extensions that you have installed:

1. andrzejzwierzchowski.al-code-outline
2. ankitbko.vscode-pull-request-azdo
3. arcticicestudio.nord-visual-studio-code
4. Calliope.al-extension-pack
5. david-rickard.git-diff-and-merge-tool
6. DavidAnson.vscode-markdownlint
7. davidfeldhoff.al-codeactions
8. DotJoshJohnson.xml
9. howardzuo.vscode-git-tags
10. humao.rest-client
11. j-brooke.fracturedjsonvsc
12. jamespearson.al-test-runner
13. lacroixdavid1.vscode-format-context-menu
14. marp-team.marp-vscode
15. mhutchie.git-graph
16. ms-azuretools.vscode-docker
17. ms-dynamics-smb.al
18. ms-vscode.live-server
19. nabsolutions.nab-al-tools
20. nwallace.createGUID
21. PKief.material-icon-theme
22. ryu1kn.annotator
23. statical.prism-al
24. stefanmaron.businesscentral-lintercop
25. usernamehw.errorlens
26. waderyan.gitblame
27. waldo.crs-al-language-extension
28. zhuangtongfa.material-theme

Final Checklist

Please remember to do the following:

• [x ] Search the issue repository to ensure you are reporting a new issue
• [x ] Reproduce the issue after disabling all extensions except the AL Language extension
• [x ] Simplify your code around the issue to better isolate the problem

[thloke]

@freddydk - can you have a look at this to determine if it's an issue with our VSIX or with the docker setup?

[pibcht]

💡 I tried with "tenant": "default" and with "tenant": "". I'm not sure I pasted the right launch.json with the right error message, but the error is the same in both cases.

[NavNab]

While researching an issue I face, I stumbled upon your issue, which made me curious about your situation. In my experience, BC Containers using Windows authentication fail unless the PC/Server is domain-joined. However, they work well with a domain-connected PC/Server. I hope this insight proves helpful.

[pibcht]

Hi @NavNab ! I feel like it's always worked for me with a LOCAL account. Today, I am on a Domain account managed by Intune (My PC is not in the domain, it is in a personalized WORKGROUP)

I think that the 2 events are not linked, given the dates, but I cannot completely exclude that it plays a role…