Reputation: 121
I'm running Jenkins CI inside a corporate network which uses a proxy for internet access.
I tried to configure proxy details in Plugins->Advanced, but even though the credentials are correct (yeah, I checked it a bunch of times), it cannot validate "Test URL" even on http://google.com and returns
Failed to connect to http://google.com (code 407).
Strangely, Jenkins is still able to download plugins itself (whoa!), but totally unable to connect to any HTTP resource. The message that outputs from the console is:
←[0mApr 16, 2015 1:58:56 PM org.apache.commons.httpclient.HttpMethodDirector pro cessProxyAuthChallenge INFO: Failure authenticating with NTLM @proxyrye.asg.com:80 Apr 16, 2015 2:09:09 PM org.apache.commons.httpclient.HttpMethodDirector execute WithRetry INFO: I/O exception (java.net.ConnectException) caught when processing request: Connection timed out: connect Apr 16, 2015 2:09:09 PM org.apache.commons.httpclient.HttpMethodDirector execute WithRetry INFO: Retrying request Apr 16, 2015 2:09:10 PM org.apache.commons.httpclient.auth.AuthChallengeProcesso r selectAuthScheme INFO: ntlm authentication scheme selected ←[31mApr 16, 2015 2:09:10 PM org.apache.commons.httpclient.HttpMethodDirector au thenticate SEVERE: Credentials cannot be used for NTLM authentication: org.apache.commons.h ttpclient.UsernamePasswordCredentials org.apache.commons.httpclient.auth.InvalidCredentialsException: Credentials cann ot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePasswo rdCredentials at org.apache.commons.httpclient.auth.NTLMScheme.authenticate(NTLMScheme .java:332)
Upvotes: 12
Views: 23674
Reputation: 1
Solution is so simple If you tried to edit jdk.http.auth.tunneling.disabledSchemes=Basic to jdk.http.auth.tunneling.disabledSchemes= at location C:.......\java-1.8.0-openjdk\jre\lib\net.properties
Then later try to enter fill this section with proper entries Done. Check this screenshot
Upvotes: 0
Reputation: 25
for Java JDK8 and above, Oracle has disabled basic auth tunnelling for Basic authentication. If you want to use Basic mode again (security will be compromised), execute Jenkins adding this parameter to your JAVA_OPTS variable
"-Djdk.http.auth.tunneling.disabledSchemes="
default value is
"-Djdk.http.auth.tunneling.disabledSchemes=Basic",
as Basic scheme is DISABLED by default, it will return HTTP 407 error even if your credentials were OK.
more on link https://issues.jenkins-ci.org/browse/JENKINS-48775 Thanks to Israel Romero Fiji
Upvotes: 2
Reputation: 104
I have also faced same issue of jenkins-proxy-407-error
I have found work around for that, I Hope it will be useful for other users :
You can install Cntlm Authentication Proxy , it stands between your applications and the corporate proxy, adding NTLM authentication on-the-fly.
See here http://cntlm.sourceforge.net/
Once you install CNTLM, add your NTLM credentials in a file cntlm.ini . You can also configure Listen port or default to 3128 .
Find detailed instruction of CNTLM installation here
Start CNTLM service and go to jenkins, add
host: host name or localhost
port: Listen port specified in cntlm.ini or default 3128
keep username and password blank and you are set to use Jenkins.
Upvotes: 0
Reputation: 479
I found this question while affected by bug: https://issues.jenkins-ci.org/browse/JENKINS-48775
The temporary workaround is to open the Jenkins script console and type
ProxyConfiguration.open(new java.net.URL("http://jenkins.io")).content
Since it's an http url, and not an https url, it will refresh some caches and make the plugin manager work with the proxy settings, at least for some time. See the bug report for more details.
Upvotes: 1
Reputation: 71
Simple Hack:
Try using the IP of the domain rather than the address. -Dhttp.auth.preference="basic"
actually didn't work for me :(
PS. Change both the browser and proxy and the Jenkins proxy to the IP
Upvotes: 0
Reputation: 56
I was getting this error while running jenkins with jetty server on jdk 8.
To resolve issue follow below steps:
Step 1:
Open URL https://updates.jenkins.io/ in browser
Step 2:
To export the Intermediate certificate:
Internet Explorer -> Tools -> Internet Options -> Content -> Certificates -> Go to Trusted Root Certification Authorities Tab and find out the DST Root CA X3 certificate. Then Export the Certificate: Select Certificate -> Export -> DER encoded Binary Format -> Save save the certificate as jenkins.cer (for me it was saved to C:\jenkins\jenkins.cer
( From Firefox -> Tools -> Options -> Advanced -> Encryption -> View Certificates )
Step 3: create keystore with name cacertskeystore
JAVA_HOME\bin\keytool -keystore C:\jenkins\cacertskeystore -genkey -alias cacerts
Step 4:
Add jenkins.cer to cacertskeystore using below command
JAVA_HOME\bin\keytool -import -trustcacerts -Keystore C:\jenkins\cacertskeystore -alias jenkins -file C:\jenkins\jenkins.cer
Step 5: Start jetty server with below command JAVA_HOME\bin\java -DJENKINS_HOME=C:/jenkins/home -Djavax.net.ssl.trustStore=C:/jenkins/cacertskeystore -Djavax.net.ssl.trustStorePassword=password-provided-while-creating-keystore -jar jenkins.war --httpPort=8080--httpListenAddress=localhost
Upvotes: 1
Reputation: 11
The below solution worked for me for the 407 problem in Windows 7 machine.
Upvotes: 1
Reputation: 332
I got the Failed to connect to http://google.com (code 407) error in Test. But jenkins can check new version and install plugins&updates.
Put in credentials regardless of the Test. Then Save and go to available plugins/check jenkins version to check if it works.
Upvotes: 0
Reputation: 9500
We had this issue a rather long time with our Jenkins behind our company's proxy. The other day they changed the order of authentication schemes our proxy desires. This was the day our Jenkins stopped connecting to the internet.
Obviously Jenkins is not able to connect via a proxy that requires NTML authentication. This was what lead me to issue an improvement for Jenkins to extend the proxy configuration screen. During the work on the extension I discovered that Jenkins does not make use of all proxy related system properties, therefore it cannot work with NTLM.
As such the answer for a proxy that allows only NTLM authentication is: it will not work via the Jenkins UI.
But if your proxy allows other authentication schemes, you can follow our workaround, it is rather simple: add the java system property -Dhttp.auth.preference="basic"
to your Jenkins startup script or to that one of your container.
This will force the underlying libraries and Java mechanisms Jenkins makes use of to connect to your proxy using basic authentication, not NTLM.
Upvotes: 8
Reputation: 899
I ran into this issue today, and it finally ended up being a space at the end of the Spira URI in the Spira configuration. Must've been a bad copy and paste.
Upvotes: 0
Reputation: 1349
If you parse the exception, it states
Credentials cannot be used for NTLM authentication
So according to https://www.safaribooksonline.com/library/view/jenkins-the-definitive/9781449311155/ch04s09.html you might need to provide a domain name as well.
If your proxy is using Microsoft’s NTLM authentication scheme, then you will need to provide a domain name as well as a username. You can place both in the User name field: just enter the domain name, followed by a back-slash (\), followed by the username, such as “MyDomain\Joe Bloggs”.
Maybe that's the issue?
Upvotes: 0