Why does the Jenkins SVN plugin give error E170001 when connecting to my VisualSVN server?

13.4k views Asked by At

What I know about the VisualSVN server: it supports Windows Active Directory authentication and "basic" authentication using my Windows username and password. I can use TortoiseSVN, CollabNet, and Mac OS X Subversion clients successfully.

To replicate the error, do the following:

  1. Install the Windows Jenkins package (version 1.616).
  2. Update the SVN plugin to version 2.5.
  3. Create a freestyle project.
  4. Under Source Code Management, choose Subversion.
  5. Input the repository URL.
  6. Add your Windows username and password as credentials.

I then see the following error below "Credentials":

Unable to access https://<svn-server> : svn: E170001: Negotiate authentication failed: 'No valid credentials provided'

org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Negotiate authentication failed: 'No valid credentials provided'
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication$1.run(DefaultHTTPNegotiateAuthentication.java:175)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication$1.run(DefaultHTTPNegotiateAuthentication.java:166)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.authenticate(DefaultHTTPNegotiateAuthentication.java:221)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:450)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:371)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:359)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94)
    at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282)
    at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043)
    at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:370)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

When I build the project, I get the following output:

Started by user anonymous
Building in workspace C:\Program Files (x86)\Jenkins\jobs\asdf\workspace
Checking out a fresh workspace because there's no workspace at C:\Program Files (x86)\Jenkins\jobs\asdf\workspace
Cleaning local Directory .
Checking out https://<svn-server> at revision '2015-06-08T15:40:47.620 -0400'
ERROR: Failed to check out https://<svn-server>
org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Negotiate authentication failed: 'No valid credentials provided'
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication$1.run(DefaultHTTPNegotiateAuthentication.java:175)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication$1.run(DefaultHTTPNegotiateAuthentication.java:166)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.authenticate(DefaultHTTPNegotiateAuthentication.java:221)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:450)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:371)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:359)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.getLatestRevision(DAVRepository.java:175)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.getRevisionNumber(SvnNgRepositoryAccess.java:118)
    at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.getLocations(SvnRepositoryAccess.java:184)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepositoryFor(SvnNgRepositoryAccess.java:45)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.checkout(SvnNgAbstractUpdate.java:756)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgCheckout.run(SvnNgCheckout.java:26)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgCheckout.run(SvnNgCheckout.java:11)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20)
    at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
    at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1259)
    at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
    at hudson.scm.subversion.CheckoutUpdater$1.perform(CheckoutUpdater.java:115)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:170)
    at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:133)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162)
    at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:991)
    at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:972)
    at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:948)
    at hudson.FilePath.act(FilePath.java:991)
    at hudson.FilePath.act(FilePath.java:969)
    at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:897)
    at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:833)
    at hudson.scm.SCM.checkout(SCM.java:485)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1280)
    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:610)
    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:532)
    at hudson.model.Run.execute(Run.java:1744)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:374)
java.io.IOException: Failed to check out https://<svn-server>
    at hudson.scm.subversion.CheckoutUpdater$1.perform(CheckoutUpdater.java:126)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:170)
    at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:133)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162)
    at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:991)
    at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:972)
    at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:948)
    at hudson.FilePath.act(FilePath.java:991)
    at hudson.FilePath.act(FilePath.java:969)
    at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:897)
    at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:833)
    at hudson.scm.SCM.checkout(SCM.java:485)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1280)
    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:610)
    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:532)
    at hudson.model.Run.execute(Run.java:1744)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:374)
Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Negotiate authentication failed: 'No valid credentials provided'
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication$1.run(DefaultHTTPNegotiateAuthentication.java:175)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication$1.run(DefaultHTTPNegotiateAuthentication.java:166)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.authenticate(DefaultHTTPNegotiateAuthentication.java:221)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:450)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:371)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:359)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.getLatestRevision(DAVRepository.java:175)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.getRevisionNumber(SvnNgRepositoryAccess.java:118)
    at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.getLocations(SvnRepositoryAccess.java:184)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepositoryFor(SvnNgRepositoryAccess.java:45)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.checkout(SvnNgAbstractUpdate.java:756)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgCheckout.run(SvnNgCheckout.java:26)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgCheckout.run(SvnNgCheckout.java:11)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20)
    at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
    at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1259)
    at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
    at hudson.scm.subversion.CheckoutUpdater$1.perform(CheckoutUpdater.java:115)
    ... 20 more
Finished: FAILURE

I tried this solution of setting the http-auth-types global server option to basic. In %APPDATA%\Subversion I added

http-auth-types=basic

to the global section of the servers file. I still receive the above errors.

4

There are 4 answers

0
Andrew Keeton On BEST ANSWER

In the user's Subversion folder (%APPDATA%\Subversion for Windows, ~/.subversion for Linux/Mac OS x) add

http-auth-types=Basic

to the global section of the servers file. Note that the case is different between Basic and basic.


For me, VisualSVN reports the following list of authentication options that it supports:

Negotiate
NTLM
Basic realm="VisualSVN Server"

When the Jenkins Subversion plugin uses http-auth-types to order this list, it does a case-sensitive comparison. So Basic is different from basic and the server's Basic option remains at the bottom of the list. Negotiate gets used instead and apparently the SVN plugin cannot deal with that.

1
Sergey Azarkevich On

Check https://issues.jenkins-ci.org/browse/JENKINS-26158

Seems last comment contains workaround.

Though I try it with Jenkins 1.617 + Subversion plugin 2.5 + VisualSVN Server 3.2.2 and all works correctly.

0
Gurce On

FWIW, I was also getting a E170001 (403 Forbidden) error from svnkit, but I ended up discovering it being due to our svn-server locking access to a specific svn client version.

So I had to force svnkit to report itself to be the same client-version that our server was expecting in order to get access.

For my needs, I was able to set the desired version string by adding this java call into our tooling:

org.tmatesoft.svn.util.Version.setUserAgent("SVN/x.y.z")

(where x.y.z is the version your server is locked down to).

Another possible option might be:

System.setProperty("svnkit.version.string", "x.y.z")

Or perhaps passed in as a JVM parameter of -Dsvnkit.version.string=x.y.z, but it didn't work for me, so I stuck with the former way and I was sorted.

0
jsosnowski On

I had the same problem, but it was difficult to discover the reason of this. Jenkins (v2.107) only said:

org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Negotiate authentication failed: 'No valid credentials provided'
...

I've double check all credential and all was correct. Moreover standalone svn works great - for example:

svn info --username xxx --password xxx --no-auth-cache --non-interactive --trust-server-cert https://server.xxx.corp/svn/REPO

So how to find bug/problem?

Hint: Jenkins uses SVNKit.

So we can download SVNKit (https://svnkit.com/) and use jsvn tool from this distribution:

svnkit-1.9.3/bin/jsvn info --username xxx --password xxx --no-auth-cache --non-interactive --trust-server-cert https://server.xxx.corp/svn/REPO

Initially I obtain similar error:

svn: E170001: Negotiate authentication failed: 'No valid credentials provided'

But inside directory svnkit-1.9.3/conf is logging.properties.disabled file. When I removed .disabled suffix then jsvn put all logs to svnkit-1.9.3/bin/svnkit.0.

This shows all problems. For me:

HTTP/1.1 407 Proxy Authentication Required (...)

Great, it wasn't problem with credential to SVN but credential to Company Proxy. In your case the problem can be different, but this method may help find the source of problem.

Additional info:

Jenkins provide settings to proxy server. But SVN uses completely different external configuration from:

C:\Users\<user>\AppData\Roaming\Subversion\servers

To configure proxy I must provide to above file:

http-proxy-host = super.proxy.company.com
http-proxy-port = 80
http-proxy-username = defaultusername or DOMAIN\defaultusername
http-proxy-password = defaultpassword

But this also doesn't work as well as I expect - some tools (maven, svn...) have problems with connecting to Internet via some Proxy servers. Alternative is to provide local proxy using CNTLM tool (http://cntlm.sourceforge.net/). Cntlm is fully configured with company proxy URL, port and my domain account login and password (hashed not plain text). SVN uses directly only Cntlm local proxy (without need to provide any username nor passwords).

http-proxy-host = mylocal.host.url.at.domain.com
http-proxy-port = 8089
# with neither username nor password

Schema:

SVN    <---(anonymous)--> CNTLM Proxy <---(login, password)---> Company Proxy <----> Internet
SVNKit <---(anonymous)----^
any other tools (Jenkins, maven, ...) can also use CNTLM 

This works great for me.