I'm trying to connect from Team Explorer Everywhere command line client on Windows to a Team Foundation Service project at visualstudio.com, but I get "access denied" messages.
The username and password I'm passing are definitely correct, and are the email and password from my microsoft live ID used to create the account. I have no problems accessing the service through the website, or via Visual Studio 2012 on a different machine.
tf workspace /new /server:https://<something>.visualstudio.com/defaultcollection
Username: example#microsoft.com
Password: ********
Any ideas? One thought I had was that maybe the '#' character in the e-mail was causing the username to be interpreted as a Windows domain, or that maybe SSL wasn't being used correctly?
You cannot authenticate with a Live ID using the Team Explorer Everywhere command-line client. We cannot raise a web browser from the client and capture the Live ID authentication tokens in a secure way across platforms.
Instead, you need to set up alternate credentials as described at https://tfs.visualstudio.com/en-us/home/news/2012/aug-27/ .
If anyone is has received this error after March 18th 2014, this is because the password requirements for visualstudio.com have been tightened.
If all of a sudden you get this message 'Failed to erase credential: Element not found
fatal: Authentication failed for 'https://*.visualstudio.com/defaultcollection/_git/*/''
I was able to solve it by deleting my alternate credentials, and recreating them (at which point I also found out my old password wasn't usable anymore).
Related
We've got an install of Azure Devops server that currently authenticates against our active directory server and authentication works, but it appears to do so by means of browser basic authentication (the browser modal prompt that asks for a simple user name and password).
I'm wondering if there is some way to configure authentication such that users that have never logged in, actually get a login page... not just the basic authentication prompt in the browser.
I appreciate any input, I've used and administered azure devops in the cloud for a LONG time, but the devops server stuff I'm new to.
NOTE: I've played with IIS settings for authentication (enabling and disabling basic authentication and forms auth etc, but nothing really seemed to help there)
it appears to do so by means of browser basic authentication (the
browser modal prompt that asks for a simple user name and password).
I'm wondering if there is some way to configure authentication such
that users that have never logged in, actually get a login page... not
just the basic authentication prompt in the browser.
What's the login page do you mean?
1.If you mean the login page to connect to TFS web portal, as I know using basic prompt with username+password is the only appraoch.
Web Portal:
Only logic page:
2.But if you mean something used for authentication when accessing the code. I think you must be familiar with PAT which is widely used in Azure Devops Service. IIS Basic Authentication is not recommended. You can check Enabling IIS Basic Authentication invalidates using Personal Access Tokens and Use the TFS Cross Platform Command Line with TFS using basic authentication or personal access tokens (PATs).
Hope it helps to resolve your puzzle :)
So after lots of research, I found that in the differences between azure devops server and azure devops services documentation. In this documentation it states that it uses windows authentication, and you will never be presented with any login experience.
I'd vote that this should be something that be configured to show a login screen, as sometimes we want to log in as users other than the users we logged into the machine as.
Our organisation required us to add 2FA to github. Unfortunately,
now we cant commit our work in visual studio code. VSCode prompts for username and password. It doesnt know about 2FA.
There are some very old posts saying to use a personal access token (PAT), e.g.
https://colinmackay.scot/2015/07/15/two-factor-authentication-with-github-and-visual-studio-2013/comment-page-1/#comment-29984
http://www.anilsezer.com/connecting-github-from-visual-studio-after-twofactor-authentication-enabled
However, this does not work either.
The first article says enter the PAT as the username and leave the password blank in the VSCode github login dialog. This does not work as you cant sumbmit with a blank password. Entering a random password gives
Fatal: HttpRequestException encountered.
An error occurred while sending the request.
fatal: HttpRequestException encountered.
An error occurred while sending the request.
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/xxx/xxx.git/'
The second article says to use your user/email as the username, and enter the PAT as the password. This is also what the VSCode documentation says. Tired this too, same problem.
Anyone got this working?
Also, does anyone know which of the "scopes" is required for VSCode? I just ticked "repo". Could this be the problem, are more required?
I would advise you can use Personal access tokens.
Just click on your profile picture on the site https://github.com/ (after login), then on Settings > Personal access tokens > Generate new token. Follow the wizard to select what to grant, at least you'll need repo.
On VS Code you provide your usual user name and for password you provide the newly generated PAT.
I can see the message using network capture tool Microsoft Message Analyzer. I can see the I receive Kerberos error "KDC_ERR_C_PRINCIPAL_UNKNOWN: Client not found in Kerberos database".
I can see all parts of the message, I have been searching online and tried a few things and did not work.
But in order to understand the problem, what does the "client" mean here?
- Is it the Server / Computer that is requesting
- Is it the Application that is requesting
The error is for KRB_TGS_REQ which means that its requesting for a token.
Would be great if anyone could help understand, which I believe can lead to a resolution.
Added more Details:
We have a SharePoint farm setup with SQL Reporting Services (SharePoint Integrated mode) and Excel Services. We have a datasource defined in Sharepoint which are used in SSRS Reports and Excel Reports. We use Windows Authentication from Sharepoint to SQL. When we test connection on Sharepoint datasource we get an error which says Cannot convert Windows token to Claims token. On opening the reports in SSRS we also receive error.
Strange part is that it works for some users which is why I'm not sure how to tackle this issue. If its SQL Server previlage issue, we have assigned sys admin role, this user also added as admin in SSRS. If AD or SPN issue it must not work for all users not for individual users.
I can see successful KRB_TGS_REQ for an admin user but fails for a normal user. No clue what to look for.
Kerberos Message :
KRB_TGS_ERROR, KDC_ERR_C_PRINCIPAL_UNKNOWN: Client not found in Kerberos database, Cname: nothing, Realm: SUB.DOMAIN.COM, Sname: SP_SVC_ACT
Does this mean that the delegation is not working?
Hi I am new to SAP Business Object Central Management Console and trying to schedule a crystal report. For this I made an ODBC connection to a database(NCBODS) in the Server machine using windows authentication. I also gave same windows credentials in CMC as shown in below image. But It gives me an error saying
Error Message:
Error in File C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\Data\procSched\SDDVCTRTRCH11.reportjobserver\~tmp5448125TH7b9b16.rpt: Unable to connect: incorrect log on parameters. Details: [Database Vendor Code: 18456 ]
I have given the same windows credentials that I use to connect to the app server. Still I am getting "incorrect log on parameters"
But when I use a SQL Authenticated Login in the ODBC connection and also use the same SQL Login credentials in CMC it works fine.
So the problem here is when I use the windows credentials it throws error but works fine when SQL credentials are used. Is there any way I can use windows credentials in CMC?? I really appreciate if any one can help me on this
If you create an ODBC DSN with authentication set to trusted connection (Windows authentication), be aware that a different account will be used when creating the DSN and when using it in BusinessObjects:
When creating the connection: the DSN is created using the credentials you're logged on with (i.e. your Windows AD user account)
When running a report: the connection to the database is initiated through BusinessObjects, thus the account which BusinessObjects is running with, will be used to connect to the database.
In other words, you need to make sure that following requirements are met:
Your SIA (Server Intelligence Agent) which runs your CMS, Crystal Reports servers, etc must be configured to run with an Active Directory service account. By default, it runs with the Local System Account, which will not be able to log on to your database (as it's a local account, it's not even able to access network resources).
You need to grant the service account you used to configure the SIA in step 1 the necessary rights to your database.
Remarks:
If you're using AD SSO, you cannot schedule the report so that it uses the Active Directory credentials of a certain user (because BOBJ doesn't store these credentials, it only verifies them at logon).
If you're not using AD SSO, but are authenticating users to the BusinessObjects platform (InfoView) with manual AD authentication, you can set the option Synchronization of Credentials. This forces BOBJ to store the AD credentials when the user authenticates.
The credentials are stored in the user profile (Database Credentials).
I'm kind of new with websphere. I was following an internal guide for setting up one of our company apps in websphere, but I changed one parameter in the admin console and after restarting the server, we cannot access with the administration console.
I checked the first option, when before the second one was, with user admin, and password admin also. Now, because It says "Server identity generated automatically" I have no idea what combination of user and password I need to enter in the administration console..
The administration console I'm referring to is the one located in server:port/ibm/console.
Thanks, this is really a serious problem for me, I would really appreciate any help I can get...
You should still be able to use whatever password you were using for admin user before making the change. Server user id is not used for restricting access to administrative console (see What is security property 'Server user identity' used for in Websphere Application Server?).
Nonetheless, since you can't access admin console at the moment (I'm assuming you mean that admin colsole login page shows up but you can't get admin user authenticated due to wrong password), first thing I'd suggest is turning of global security, so that you can use admin console to fix your settings and re-enable security. Once security is turned off, you won't be asked for a password during admin console login. Changing security settings in WebSphere Application Server with wsadmin technote gives step by step instructions.
If you are not sure about what password you have used for admin user, you must reset the password in the user repository you have configured (for example if you've configured LDAP, you must reset password at LDAP), before enabling security. If you are using a federated repository (this is default if you've not changed it), most probably admin user resides in file based repository, which is the first member of federated repository. In this case, you can just follow steps at How to reset the administrator's password in the file registry technote to reset your password. Otherwise you can try alternative documented at Updating your WAS administrator password (the link is from Lotus documentation but still is applicable).
Given that you have the command line 'xmlstarlet' in your terminal and,
WAS_HOME = Is your Websphere root location
PROFILENAME = IS your
profile's name
CELLNAME = Is your cell's name
Then,
xmlstarlet edit --update "/security:Security[#enabled='true']/#enabled" --value "false" $WAS_HOME/profiles/$PROFILENAME/config/cells/$CELLNAME/security.xml > /tmp/security.xml
cp /tmp/security.xml $WAS_HOME/profiles/$PROFILENAME/config/cells/$CELLNAME/security.xml
Summary: You are simply editing the correct security.xml file by changing the enabled="true" attribute to enabled="false" programmatically using xmlstarlet. Note that sed,awk,ed and other GNU tools lack the necessary ability to properly deal with the nested tree structure of XML.