scalar: Scalar clone fails with "http 401: Not authorized: from POST) from Azure Devops Server 2019

Problem was my bad. I had a typeo in the hostname. This is legit fixed.

@derrickstolee It works! Thank you!

Thanks for the confirmation.

Thanks for the logs. I’m going to dig into this and try to repro it.

@derrickstolee I have dumped a traffic of scalar clone scenario (by MITM SSL proxy):

4	0.044948	192.168.234.130	xx.xx.xx.xxx	HTTP	207	GET /tfs/DefaultCollection/_git/Monorepo/gvfs/config HTTP/1.1 
20	0.071292	xx.xx.xx.xxx	192.168.234.130	HTTP	1064	HTTP/1.1 401 Unauthorized  (text/html)
21	0.084979	192.168.234.130	xx.xx.xx.xxx	HTTP	290	GET /tfs/DefaultCollection/_git/Monorepo/gvfs/config HTTP/1.1 , NTLMSSP_NEGOTIATE
22	0.089048	xx.xx.xx.xxx	192.168.234.130	HTTP	826	HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
23	0.091766	192.168.234.130	xx.xx.xx.xxx	HTTP	850	GET /tfs/DefaultCollection/_git/Monorepo/gvfs/config HTTP/1.1 , NTLMSSP_AUTH, User: XX\xxxxxxxxx
25	0.148437	xx.xx.xx.xxx	192.168.234.130	HTTP	59	HTTP/1.1 200 OK  (application/json)
32	0.588760	192.168.234.130	xx.xx.xx.xxx	HTTP	207	GET /tfs/DefaultCollection/_git/Monorepo/gvfs/config HTTP/1.1 
48	0.604670	xx.xx.xx.xxx	192.168.234.130	HTTP	1064	HTTP/1.1 401 Unauthorized  (text/html)
49	0.655143	192.168.234.130	xx.xx.xx.xxx	HTTP	290	GET /tfs/DefaultCollection/_git/Monorepo/gvfs/config HTTP/1.1 , NTLMSSP_NEGOTIATE
50	0.657395	xx.xx.xx.xxx	192.168.234.130	HTTP	826	HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
51	0.658967	192.168.234.130	xx.xx.xx.xxx	HTTP	850	GET /tfs/DefaultCollection/_git/Monorepo/gvfs/config HTTP/1.1 , NTLMSSP_AUTH, User: XX\xxxxxxxxx
53	0.703934	xx.xx.xx.xxx	192.168.234.130	HTTP	59	HTTP/1.1 200 OK  (application/json)
60	0.947751	192.168.234.130	xx.xx.xx.xxx	HTTP	229	GET /tfs/DefaultCollection/_git/Monorepo/info/refs?service=git-upload-pack HTTP/1.1 
76	0.962236	xx.xx.xx.xxx	192.168.234.130	HTTP	1090	HTTP/1.1 401 Unauthorized  (text/html)
77	1.013688	192.168.234.130	xx.xx.xx.xxx	HTTP	312	GET /tfs/DefaultCollection/_git/Monorepo/info/refs?service=git-upload-pack HTTP/1.1 , NTLMSSP_NEGOTIATE
78	1.021687	xx.xx.xx.xxx	192.168.234.130	HTTP	826	HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
79	1.024790	192.168.234.130	xx.xx.xx.xxx	HTTP	872	GET /tfs/DefaultCollection/_git/Monorepo/info/refs?service=git-upload-pack HTTP/1.1 , NTLMSSP_AUTH, User: XX\xxxxxxxxx
2363	1.819622	xx.xx.xx.xxx	192.168.234.130	HTTP	307	HTTP/1.1 200 OK  (application/x-git-upload-pack-advertisement)
2367	2.000284	192.168.234.130	yy.yy.yy.yyy	HTTP	205	GET /tfs/DefaultCollection/_git/Monorepo/vsts/info HTTP/1.1 
2383	2.029313	yy.yy.yy.yyy	192.168.234.130	HTTP	1062	HTTP/1.1 401 Unauthorized  (text/html)
2384	2.074604	192.168.234.130	yy.yy.yy.yyy	HTTP	288	GET /tfs/DefaultCollection/_git/Monorepo/vsts/info HTTP/1.1 , NTLMSSP_NEGOTIATE
2385	2.076533	yy.yy.yy.yyy	192.168.234.130	HTTP	826	HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
2386	2.078313	192.168.234.130	yy.yy.yy.yyy	HTTP	848	GET /tfs/DefaultCollection/_git/Monorepo/vsts/info HTTP/1.1 , NTLMSSP_AUTH, User: XX\xxxxxxxxx
2388	2.148547	yy.yy.yy.yyy	192.168.234.130	HTTP	164	HTTP/1.1 200 OK  (application/json)
2395	6.753925	192.168.234.130	yy.yy.yy.yyy	HTTP	429	POST /tfs/DefaultCollection/_git/Monorepo/gvfs/objects HTTP/1.1  (application/json)
2397	6.761487	yy.yy.yy.yyy	192.168.234.130	HTTP	282	HTTP/1.1 401 Unauthorized  (text/plain)
2404	7.423241	192.168.234.130	xx.xx.xx.xxx	HTTP	305	HEAD / HTTP/1.1 
2405	7.451755	xx.xx.xx.xxx	192.168.234.130	HTTP	215	HTTP/1.1 403 Forbidden 
===================   gvfs-helper shows a window with login and password prompt     =================
2412	16.563984	192.168.234.130	xx.xx.xx.xxx	HTTP	480	POST /tfs/DefaultCollection/_git/Monorepo/gvfs/objects HTTP/1.1  (application/json)
Hypertext Transfer Protocol
    POST /tfs/DefaultCollection/_git/Monorepo/gvfs/objects HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): POST /tfs/DefaultCollection/_git/Monorepo/gvfs/objects HTTP/1.1\r\n]
        Request Method: POST
        Request URI: /tfs/DefaultCollection/_git/Monorepo/gvfs/objects
        Request Version: HTTP/1.1
    Host: xxxxxxxx.xxx.xx\r\n
    Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXX\r\n
        Credentials: XX\xxxxxxxxx:xxxxxxxx
    User-Agent: git/2.26.2.vfs.1.1\r\n
    X-TFS-FedAuthRedirect: Suppress\r\n
    Pragma: no-cache\r\n
    Content-Type: application/json\r\n
    Accept: application/x-git-packfile\r\n
    Accept: application/x-git-loose-object\r\n
    Content-Length: 74\r\n
    \r\n
    [Full request URI: http://xxxxxxxx.xxx.xx/tfs/DefaultCollection/_git/Monorepo/gvfs/objects]
    [HTTP request 1/1]
    [Response in frame: 2414]
    File Data: 74 bytes
2414	16.571470	xx.xx.xx.xxx	192.168.234.130	HTTP	282	HTTP/1.1 401 Unauthorized  (text/plain)
===================   end    =================

As we can see /gvfs/objects request doesn’t try to use NTLM. It asks password and uses plain text authentication. (Not sure if it is allowed in Azure DevOps) It is a reason of the bug probably.

@derrickstolee In fact, I am using the HTTPS endpoint since the beginning. I only wanted to compare it with the non-https experience. This situation occurs whether I’m using the HTTPS endpoint or the HTTP endpoint.

Thanks for the clarification. We’ll continue to dig in.

Thanks! The strange thing is that you are getting a 200 response from the gvfs/config request, but somehow not from the gvfs/prefetch request. It may be a difference between the C# layer making a request and getting good authentication versus the Git client using the git-gvfs-helper not getting the same auth mechanism.

@jeffhostetler: have you seen this sort of issue?

@jrbriggs: Do you know if there is a reason we would purposely send a 401 in Azure Repos based on a config setting or something?