Login/Register
Jenkins Windows slave: Authentication failed if running as service
Asked Answered
Solved windowsgitjenkinsbuild-agent
M

1

4

I have a Jenkins slave running on Windows 10 (1607). If I run the slave direct as JNLP this slave can clone from the git repository (authentification with username and password).

If I start the same slave as a service, git clone fails with Authentication failed for ....

The service is created over the "File" menu of the slave and is running as "Local System Account".

What's going wrong?

Here is the output from Jenins:

00:00:00.003 Started by user <commit-user>
00:00:00.005 ln -s builds/lastSuccessfulBuild /var/jenkins_home/jobs/Xamarin/jobs/MyProject/jobs/CIBuild/lastSuccessful failed: 95 Not supported
00:00:00.005 ln -s builds/lastStableBuild /var/jenkins_home/jobs/Xamarin/jobs/MyProject/jobs/CIBuild/lastStable failed: 95 Not supported
00:00:00.005 Building remotely on Win10Xamarin (Win10 Xamarin Git NetCore) in workspace c:\Jenkins\workspace\Xamarin\iRec Common\iRecy Common CI
00:00:00.025 Cloning the remote Git repository
00:00:00.031 Cloning repository http://git-server/MyGroup/test-project
00:00:00.032  > C:\Program Files\Git\cmd\git.exe init c:\Jenkins\workspace\Xamarin\iRec Common\iRecy Common CI # timeout=10
00:00:00.252 Fetching upstream changes from http://git-server/MyGroup/test-project
00:00:00.255  > C:\Program Files\Git\cmd\git.exe --version # timeout=10
00:00:00.351  > C:\Program Files\Git\cmd\git.exe -c core.askpass=true fetch --tags --progress http://git-server/MyGroup/test-project +refs/heads/*:refs/remotes/origin/*
00:00:01.148 ERROR: Error cloning remote repo 'origin'
00:00:01.149 hudson.plugins.git.GitException: Command "C:\Program Files\Git\cmd\git.exe -c core.askpass=true fetch --tags --progress http://git-server/MyGroup/test-project +refs/heads/*:refs/remotes/origin/*" returned status code 128:
00:00:01.149 stdout: 
00:00:01.149 stderr: fatal: Authentication failed for 'http://git-server/MyGroup/test-project/'
00:00:01.149 
00:00:01.149    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1740)
00:00:01.149    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1476)
00:00:01.149    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
00:00:01.149    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
00:00:01.149    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:506)
00:00:01.149    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:152)
00:00:01.149    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:145)
00:00:01.149    at hudson.remoting.UserRequest.perform(UserRequest.java:153)
00:00:01.149    at hudson.remoting.UserRequest.perform(UserRequest.java:50)
00:00:01.149    at hudson.remoting.Request$2.run(Request.java:332)
00:00:01.149    at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
00:00:01.149    at java.util.concurrent.FutureTask.run(Unknown Source)
00:00:01.150    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
00:00:01.150    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
00:00:01.150    at hudson.remoting.Engine$1$1.run(Engine.java:85)
00:00:01.150    at java.lang.Thread.run(Unknown Source)
00:00:01.150    at ......remote call to Win10Xamarin(Native Method)
00:00:01.150    at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
00:00:01.150    at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
00:00:01.150    at hudson.remoting.Channel.call(Channel.java:781)
00:00:01.150    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
00:00:01.150    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
00:00:01.150    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
00:00:01.150    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
00:00:01.150    at java.lang.reflect.Method.invoke(Method.java:498)
00:00:01.153    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
00:00:01.153    at com.sun.proxy.$Proxy65.execute(Unknown Source)
00:00:01.153    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1046)
00:00:01.153    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
00:00:01.153    at hudson.scm.SCM.checkout(SCM.java:495)
00:00:01.153    at hudson.model.AbstractProject.checkout(AbstractProject.java:1269)
00:00:01.153    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:604)
00:00:01.153    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
00:00:01.153    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:529)
00:00:01.153    at hudson.model.Run.execute(Run.java:1741)
00:00:01.153    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
00:00:01.153    at hudson.model.ResourceController.execute(ResourceController.java:98)
00:00:01.153    at hudson.model.Executor.run(Executor.java:410)
00:00:01.153 ERROR: null
00:00:01.153 Skipped archiving because build is not successful
00:00:01.154 Recording NUnit tests results
00:00:01.160 FATAL: No NUnit test report files were found. Configuration error?
00:00:01.165 Build step 'Publish NUnit test result report' marked build as failure
00:00:01.180 Finished: FAILURE
Mundy answered 8/9, 2016 at 6:25 Comment(0)
U
3

Check how your service is started: if it uses the Local System account, it would not have the same %USERPROFILE% and would not benefit from the same git configuration (usually stored in %USERPROFILE%\.gitconfig)

I usually create my service using a user account:

sc create JenkinsSlave binPath= d:\Jenkins_Slave\jenkins-slave.exe DisplayName= "Jenkins Slave xxx for https://<url>/jenkins" start= auto obj= DOMAIN\aUSER password= <password>

Note the space after obj= and password=.

Note that is was not working with a Local System account because of a Windows Credential issue, as illustrated in JENKINS-34082.

I uninstalled "git" in windows slave machine and the install without using "Windows credential manager".

The OP WeDucer comments:

Works: The installed credential manager prevented Local System Account from clone.

Undersexed answered 8/9, 2016 at 7:1 Comment(9)
It works, if I change from Local System Account to a specific user. But I not understand why. The specific user have also no .gitconfig and credeantials are passed from Jenkins in both cases.Mundy
@Mundy Are the url in https or ssh? I see: https. Jenkins must use the credentials associated with the user running the job. In your Jenkins, there must be a credential stored for that user, but there won't be a credential for "Local System Account"Undersexed
I use http. The user the service is runnig with is different from user stored in credential store. (e.g: service user is "build-agent" and git user is "gitAgent").Mundy
@Mundy Do you mean gitAgent is not in the Jenkins Credential Store? Then Git (on the slave) must use a credential helper (do, as gitAgent, a git config -l to see if that is the case)Undersexed
No. I mean the slave service run with some user and Jenkins (server) has gitAgent in the credential store. Local on the slave machine git credential helper is not set.Mundy
@Mundy Maybe git is using the Windows credential manager? (issues.jenkins-ci.org/browse/…)Undersexed
Thanks for the link. I will try the solution. Sound like mine.Mundy
Works. The installed credential manager prevented Local System Account from clone.Mundy
@Mundy Well done. I have included your comment and the Jenkins issue in the answer for more visibility.Undersexed

© 2022 - 2024 — McMap. All rights reserved.