提问人:Mike Mastro 提问时间:11/4/2023 更新时间:11/4/2023 访问量:29
无法将 Azure 代理或 Git 从多台计算机连接到 Azure DevOps Server 2022
Unable to connect Azure Agents or Git to Azure Devops Server 2022 from multiple machines
问:
日安
我试图克服 Azure 代理和 Git Bash/Visual Studio 内部无法连接到 Azure Devops Server 2022 的问题。我可以从 Web 浏览器和 Visual Studio 中的 Team Exploer 连接到 Azure Devops Server 2022。还有几个提交已发生,但无法推送到Azure DevOps Server。
设置如下: SQL 服务器: Windows Server 2019、SQL Server 2019(具有 2 个实例)。为 SQL Server 2019 的两个实例设置的 SPN。一个实例包含 AzureDevOps_Configuration 和 Collection 数据库。
适用于 Azure DevOps 的服务器:
Windows 服务器 2019、IIS 10、Azure DevOps Server 2022 (19.205.33618.1 (Azure DevOps Server 2022.0.1)) 。为 AzureService 域帐户设置的 SPN。
IIS 安装程序:
身份验证 = 禁用除 Windows 身份验证之外的所有身份验证。配置编辑器:system.webServer/security/authentication/windowsAuthentication authPersistNonNTLM = True,authPersistSingleRequest = False,enabled = True,提供程序:Negotiate,NTLM,useAppPoolCredentials = True,useKernelMode = True。SSL 设置:需要选中 SSL,客户端证书:忽略。临时设置状态代码 401,403 的失败请求跟踪规则。绑定 http 端口 80、https 端口 443 和当前 SSL 证书。
客户: 已加入 Windows 10 专业版域。Visual Studio 2022 (17.7.6)、适用于 Windows 的 Git 2.41.0.windows.3、Azure 代理 3.225.0。使用域帐户连接到 Azure DevOps Server 2022。在 Visual Studio Git 全局设置中:加密网络提供程序 = 安全通道,凭据帮助程序 = GCM。环境>帐户:使用 = Windows 身份验证代理添加和重新验证帐户。
故障排除步骤:
- 清除了“通用凭据”部分中所有 git 和 devops 连接的 Windows 凭据管理器。
- 清除了 Credential 和 credential.helper 的 git 配置。
- 在 Git BASH 中,运行 git fetch origin --verbose 并收到:fatal:“https://devops.xxx.com/xxxDevelopment%20Team/Identity/_git/Identity/”身份验证失败
- 运行以下命令: GIT_TRACE=true GIT_TRACE_PACKET=true GIT_TRACE_CURL_NO_DATA=true GIT_CURL_VERBOSE=true git fetch origin --verbose
14:24:26.703049 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
14:24:26.709048 git.c:462 trace: built-in: git fetch origin --verbose
14:24:26.711088 run-command.c:661 trace: run_command: GIT_DIR=.git git remote-https origin 'https://devops.xxx.com/xxxTeam/Identity/_git/Identity'
14:24:26.719617 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:26.725618 git.c:748 trace: exec: git-remote-https origin 'https://devops.xxx.com/xxxDevelopment%20Team/Identity/_git/Identity'
14:24:26.725618 run-command.c:661 trace: run_command: git-remote-https origin 'https://devops.xxx.com/xxxDevelopment%20Team/Identity/_git/Identity'
14:24:26.734583 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:26.745631 http.c:843 == Info: Couldn't find host devops.xxx.com in the (nil) file; using defaults
14:24:26.751635 http.c:843 == Info: Trying 192.168.0.x:443...
14:24:26.767369 http.c:843 == Info: Connected to devops.xxx.com (192.168.0.x) port 443 (#0)
14:24:26.767369 http.c:843 == Info: schannel: disabled automatic use of client certificate
14:24:26.794563 http.c:843 == Info: using HTTP/1.x
14:24:26.794563 http.c:790 => Send header, 0000000270 bytes (0x0000010e)
14:24:26.794563 http.c:802 => Send header: GET /xxxDevelopment%20Team/Identity/_git/Identity/info/refs?service=git-upload-pack HTTP/1.1
14:24:26.794563 http.c:802 => Send header: Host: devops.xxx.com
14:24:26.794563 http.c:802 => Send header: User-Agent: git/2.41.0.windows.3
14:24:26.794563 http.c:802 => Send header: Accept: */*
14:24:26.794563 http.c:802 => Send header: Accept-Encoding: deflate, gzip, br, zstd
14:24:26.794563 http.c:802 => Send header: Pragma: no-cache
14:24:26.794563 http.c:802 => Send header: Git-Protocol: version=2
14:24:26.794563 http.c:802 => Send header:
14:24:26.819997 http.c:790 <= Recv header, 0000000027 bytes (0x0000001b)
14:24:26.819997 http.c:802 <= Recv header: HTTP/1.1 401 Unauthorized
14:24:26.819997 http.c:790 <= Recv header, 0000000025 bytes (0x00000019)
14:24:26.819997 http.c:802 <= Recv header: Content-Type: text/html
14:24:26.819997 http.c:790 <= Recv header, 0000000055 bytes (0x00000037)
14:24:26.819997 http.c:802 <= Recv header: X-TFS-ProcessId: 5536491d-fd8a-4654-a6b9-bb9e667ac916
14:24:26.819997 http.c:790 <= Recv header, 0000000064 bytes (0x00000040)
14:24:26.819997 http.c:802 <= Recv header: Strict-Transport-Security: max-age=31536000; includeSubDomains
14:24:26.819997 http.c:790 <= Recv header, 0000000050 bytes (0x00000032)
14:24:26.819997 http.c:802 <= Recv header: ActivityId: 97034b94-a0de-43e3-9768-fe811e29ee20
14:24:26.819997 http.c:790 <= Recv header, 0000000053 bytes (0x00000035)
14:24:26.819997 http.c:802 <= Recv header: X-TFS-Session: 97034b94-a0de-43e3-9768-fe811e29ee20
14:24:26.819997 http.c:790 <= Recv header, 0000000051 bytes (0x00000033)
14:24:26.819997 http.c:802 <= Recv header: X-VSS-E2EID: 97034b94-a0de-43e3-9768-fe811e29ee20
14:24:26.819997 http.c:790 <= Recv header, 0000000064 bytes (0x00000040)
14:24:26.819997 http.c:802 <= Recv header: X-VSS-SenderDeploymentId: 2e05db99-456f-4eba-bcd5-b34f4d5e3ccf
14:24:26.819997 http.c:790 <= Recv header, 0000000026 bytes (0x0000001a)
14:24:26.819997 http.c:802 <= Recv header: WWW-Authenticate: Bearer
14:24:26.819997 http.c:790 <= Recv header, 0000000061 bytes (0x0000003d)
14:24:26.819997 http.c:802 <= Recv header: WWW-Authenticate: Basic realm="https://devops.xxx.com/"
14:24:26.819997 http.c:790 <= Recv header, 0000000029 bytes (0x0000001d)
14:24:26.819997 http.c:802 <= Recv header: WWW-Authenticate: Negotiate
14:24:26.820949 http.c:790 <= Recv header, 0000000024 bytes (0x00000018)
14:24:26.820949 http.c:802 <= Recv header: WWW-Authenticate: NTLM
14:24:26.820949 http.c:790 <= Recv header, 0000000023 bytes (0x00000017)
14:24:26.820949 http.c:802 <= Recv header: X-Powered-By: ASP.NET
14:24:26.820949 http.c:790 <= Recv header, 0000000124 bytes (0x0000007c)
14:24:26.820949 http.c:802 <= Recv header: P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
14:24:26.820949 http.c:790 <= Recv header, 0000000024 bytes (0x00000018)
14:24:26.820949 http.c:802 <= Recv header: Lfs-Authenticate: NTLM
14:24:26.820949 http.c:790 <= Recv header, 0000000033 bytes (0x00000021)
14:24:26.820949 http.c:802 <= Recv header: X-Content-Type-Options: nosniff
14:24:26.820949 http.c:790 <= Recv header, 0000000037 bytes (0x00000025)
14:24:26.820949 http.c:802 <= Recv header: Date: Fri, 03 Nov 2023 18:24:26 GMT
14:24:26.820949 http.c:790 <= Recv header, 0000000022 bytes (0x00000016)
14:24:26.820949 http.c:802 <= Recv header: Content-Length: 1293
14:24:26.820949 http.c:790 <= Recv header, 0000000002 bytes (0x00000002)
14:24:26.820949 http.c:802 <= Recv header:
14:24:26.820949 http.c:843 == Info: Connection #0 to host devops.mrm2inc.com left intact
14:24:26.820949 run-command.c:661 trace: run_command: 'git credential-manager get'
14:24:27.393753 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.398766 git.c:748 trace: exec: git-credential-manager get
14:24:27.398766 run-command.c:661 trace: run_command: git-credential-manager get
14:24:27.459644 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.464644 git.c:462 trace: built-in: git config --null --list
14:24:27.568673 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.573675 git.c:462 trace: built-in: git version
14:24:27.584490 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.589528 git.c:462 trace: built-in: git config --null --type=path http.https://devops.mrm2inc.com.sslCAInfo
14:24:27.598503 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.604500 git.c:462 trace: built-in: git config --null --type=path http.devops.mrm2inc.com.sslCAInfo
14:24:27.613124 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.619158 git.c:462 trace: built-in: git config --null --type=path http.https://mrm2inc.com.sslCAInfo
14:24:27.629133 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.635130 git.c:462 trace: built-in: git config --null --type=path http.mrm2inc.com.sslCAInfo
14:24:27.645134 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.651129 git.c:462 trace: built-in: git config --null --type=path http.sslCAInfo
14:24:27.660129 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.666129 git.c:462 trace: built-in: git config --null --type=path http.https://devops.mrm2inc.com.cookieFile
14:24:27.675123 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.681124 git.c:462 trace: built-in: git config --null --type=path http.devops.mrm2inc.com.cookieFile
14:24:27.691128 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.697157 git.c:462 trace: built-in: git config --null --type=path http.https://mrm2inc.com.cookieFile
14:24:27.706123 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.712130 git.c:462 trace: built-in: git config --null --type=path http.mrm2inc.com.cookieFile
14:24:27.722124 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.727129 git.c:462 trace: built-in: git config --null --type=path http.cookieFile
14:24:27.809812 http.c:843 == Info: Found bundle for host: 0x2c085567ad0 [serially]
14:24:27.809812 http.c:843 == Info: Re-using existing connection #0 with host devops.mrm2inc.com
14:24:27.810811 http.c:790 => Send header, 0000000270 bytes (0x0000010e)
14:24:27.810811 http.c:802 => Send header: GET /xxxDevelopment%20Team/Identity/_git/Identity/info/refs?service=git-upload-pack HTTP/1.1
14:24:27.810811 http.c:802 => Send header: Host: devops.xxx.com
14:24:27.810811 http.c:802 => Send header: User-Agent: git/2.41.0.windows.3
14:24:27.810811 http.c:802 => Send header: Accept: */*
14:24:27.810811 http.c:802 => Send header: Accept-Encoding: deflate, gzip, br, zstd
14:24:27.810811 http.c:802 => Send header: Pragma: no-cache
14:24:27.810811 http.c:802 => Send header: Git-Protocol: version=2
14:24:27.810811 http.c:802 => Send header:
14:24:27.822442 http.c:790 <= Recv header, 0000000027 bytes (0x0000001b)
14:24:27.822442 http.c:802 <= Recv header: HTTP/1.1 401 Unauthorized
14:24:27.822442 http.c:790 <= Recv header, 0000000025 bytes (0x00000019)
14:24:27.822442 http.c:802 <= Recv header: Content-Type: text/html
14:24:27.822442 http.c:790 <= Recv header, 0000000055 bytes (0x00000037)
14:24:27.822442 http.c:802 <= Recv header: X-TFS-ProcessId: 5536491d-fd8a-4654-a6b9-bb9e667ac916
14:24:27.822442 http.c:790 <= Recv header, 0000000064 bytes (0x00000040)
14:24:27.822442 http.c:802 <= Recv header: Strict-Transport-Security: max-age=31536000; includeSubDomains
14:24:27.822442 http.c:790 <= Recv header, 0000000050 bytes (0x00000032)
14:24:27.822442 http.c:802 <= Recv header: ActivityId: 97034b96-a0de-43e3-9768-fe811e29ee20
14:24:27.822442 http.c:790 <= Recv header, 0000000053 bytes (0x00000035)
14:24:27.822442 http.c:802 <= Recv header: X-TFS-Session: 97034b96-a0de-43e3-9768-fe811e29ee20
14:24:27.822442 http.c:790 <= Recv header, 0000000051 bytes (0x00000033)
14:24:27.822442 http.c:802 <= Recv header: X-VSS-E2EID: 97034b96-a0de-43e3-9768-fe811e29ee20
14:24:27.822442 http.c:790 <= Recv header, 0000000064 bytes (0x00000040)
14:24:27.822442 http.c:802 <= Recv header: X-VSS-SenderDeploymentId: 2e05db99-456f-4eba-bcd5-b34f4d5e3ccf
14:24:27.822442 http.c:790 <= Recv header, 0000000026 bytes (0x0000001a)
14:24:27.822442 http.c:802 <= Recv header: WWW-Authenticate: Bearer
14:24:27.822442 http.c:790 <= Recv header, 0000000061 bytes (0x0000003d)
14:24:27.822442 http.c:802 <= Recv header: WWW-Authenticate: Basic realm="https://devops.xxx.com/"
14:24:27.822442 http.c:790 <= Recv header, 0000000029 bytes (0x0000001d)
14:24:27.822442 http.c:802 <= Recv header: WWW-Authenticate: Negotiate
14:24:27.822442 http.c:790 <= Recv header, 0000000024 bytes (0x00000018)
14:24:27.822442 http.c:802 <= Recv header: WWW-Authenticate: NTLM
14:24:27.822442 http.c:790 <= Recv header, 0000000023 bytes (0x00000017)
14:24:27.822442 http.c:802 <= Recv header: X-Powered-By: ASP.NET
14:24:27.822442 http.c:790 <= Recv header, 0000000124 bytes (0x0000007c)
14:24:27.822442 http.c:802 <= Recv header: P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
14:24:27.822442 http.c:790 <= Recv header, 0000000024 bytes (0x00000018)
14:24:27.822442 http.c:802 <= Recv header: Lfs-Authenticate: NTLM
14:24:27.822442 http.c:790 <= Recv header, 0000000033 bytes (0x00000021)
14:24:27.822442 http.c:802 <= Recv header: X-Content-Type-Options: nosniff
14:24:27.822442 http.c:790 <= Recv header, 0000000037 bytes (0x00000025)
14:24:27.822442 http.c:802 <= Recv header: Date: Fri, 03 Nov 2023 18:24:27 GMT
14:24:27.822442 http.c:790 <= Recv header, 0000000022 bytes (0x00000016)
14:24:27.822442 http.c:802 <= Recv header: Content-Length: 1293
14:24:27.822442 http.c:790 <= Recv header, 0000000002 bytes (0x00000002)
14:24:27.822442 http.c:802 <= Recv header:
14:24:27.822442 http.c:843 == Info: Ignoring the response-body
14:24:27.822442 http.c:843 == Info: Connection #0 to host devops.xxx.com left intact
14:24:27.822442 http.c:843 == Info: Issue another request to this URL: 'https://devops.xxx.com/xxxDevelopment%20Team/Identity/_git/Identity/info/refs?service=git-upload-pack'
14:24:27.822442 http.c:843 == Info: Found bundle for host: 0x2c085567ad0 [serially]
14:24:27.822442 http.c:843 == Info: Re-using existing connection #0 with host devops.mrm2inc.com
14:24:27.822442 http.c:843 == Info: Connection #0 to host devops.xxx.com left intact
14:24:27.822442 run-command.c:661 trace: run_command: 'git credential-manager erase'
14:24:27.883526 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.888531 git.c:748 trace: exec: git-credential-manager erase
14:24:27.888531 run-command.c:661 trace: run_command: git-credential-manager erase
14:24:27.940602 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:27.946607 git.c:462 trace: built-in: git config --null --list
14:24:28.024607 run-command.c:661 trace: run_command: 'git credential-manager erase'
14:24:28.080563 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:28.085603 git.c:748 trace: exec: git-credential-manager erase
14:24:28.085603 run-command.c:661 trace: run_command: git-credential-manager erase
14:24:28.139495 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:24:28.145484 git.c:462 trace: built-in: git config --null --list
fatal: Authentication failed for 'https://devops.xxx.com/xxxDevelopment%20Team/Identity/_git/Identity/'
在执行此操作时,我从未收到过 credetials 的弹出窗口。 5. 卸载了适用于 Windows 的 Git。 6. 重启 7. 安装了适用于 Windows 的 Git。 8. 重启 9. 在上面尝试了多次,但没有成功。
检查失败请求日志文件仅显示以下内容:
ModuleName
IIS Web Core
Notification
AUTHENTICATE_REQUEST
HttpStatus
401
HttpReason
Unauthorized
HttpSubStatus
2
ErrorCode
Access is denied.
(0x80070005)
ConfigExceptionInfo
我还尝试为多个帐户获取Azure DevOps Server的PAT,但也没有奏效。
至于运行 Config 并使用 Negotiate(使用单独的域帐户)时的 Azure 代理,我进入了代理池,但它永远找不到池。如果我将其作为集成运行,我会通过池但经过池,但它会失败,因为您无权访问。尝试了 PAT,但它的结局与 Negotiate 相同。
尝试运行网络监视器和 wireshark,但我在其中任何一个都没有看到任何内容会进入现场说明它失败的原因。
我还尝试了来自多个不同来源的建议:
https://stackoverflow.com/questions/68862670/how-to-use-pat-on-azure-devops-server-to-clone-a-git-repo
https://stackoverflow.com/questions/34837173/authentication-failed-for-azure-git
https://stackoverflow.com/questions/53661818/fatal-authentication-failed-with-git-credential-manager
https://stackoverflow.com/questions/56772309/git-failed-with-a-fatal-error-authentication-failed-when-clone-repository-from-v
https://stackoverflow.com/questions/59726007/cant-push-local-git-to-azure-devops-git-repo-because-of-authentication-failed
https://stackoverflow.com/questions/70734634/authentication-failed-for-git-push-to-azure
https://stackoverflow.com/questions/62716476/azure-devops-onpremise-fatal-authentication-failed-for-when-cloning-git-repo
https://stackoverflow.com/questions/55406885/login-failed-when-trying-to-perform-git-push-to-azure-devops
https://stackoverflow.com/questions/62748505/unable-to-push-code-to-azure-devops-because-of-wrong-cached-credentials
https://stackoverflow.com/questions/62593521/how-to-authenticate-when-i-try-to-git-clone-from-azure-git
https://developercommunity.visualstudio.com/t/git-pullclone-fails-with-fatal-authentication-fail/436249?viewtype=all
https://developercommunity.visualstudio.com/t/always-get-authentication-failed-when-i-input-corr/436172
我也向 MS 提交了自己的申请,但进展缓慢(https://developercommunity.visualstudio.com/t/Azure-Devops-Server-2022-no-longer-allow/10496327?scope=follow)
我从上面尝试或阅读的任何内容都无助于将代理和Git连接到Azure DevOps Server。
请注意,Azure DevOps Server 2022 中不存在“生成 Git 凭据”按钮。
寻找任何关于我尚未尝试过的建议,以便能够让事情再次正常工作。同样,正如我之前所说,需要从多台机器推送多个提交,但没有任何东西能够连接。此外,虽然我说过团队资源管理器能够连接,但如果退出 Visual Studio,则会失去连接,并且必须重新连接。三周前,当所有这些问题开始时,情况并非如此。
已尝试卸载/重新安装Git for Windows。 尝试过个人身份验证令牌 尝试查看失败的请求日志 尝试过 Wireshark / 网络监视器 尝试从 Windows 凭据管理器中删除凭据 没有通过 Git 或 Azure 代理与 Azure DevOps Server 建立连接。
答: 暂无答案
评论