I'm running Jenkins CI inside a corporate network which uses a proxy for internet access.

I tried to configure proxy details in Plugins->Advanced, but even though the credentials are correct (yeah, I checked it a bunch of times), it cannot validate "Test URL" even on http://google.com and returns

Failed to connect to http://google.com (code 407).

Strangely, Jenkins is still able to download plugins itself (whoa!), but totally unable to connect to any HTTP resource. The message that outputs from the console is:

←[0mApr 16, 2015 1:58:56 PM org.apache.commons.httpclient.HttpMethodDirector pro cessProxyAuthChallenge INFO: Failure authenticating with NTLM @proxyrye.asg.com:80 Apr 16, 2015 2:09:09 PM org.apache.commons.httpclient.HttpMethodDirector execute WithRetry INFO: I/O exception (java.net.ConnectException) caught when processing request: Connection timed out: connect Apr 16, 2015 2:09:09 PM org.apache.commons.httpclient.HttpMethodDirector execute WithRetry INFO: Retrying request Apr 16, 2015 2:09:10 PM org.apache.commons.httpclient.auth.AuthChallengeProcesso r selectAuthScheme INFO: ntlm authentication scheme selected ←[31mApr 16, 2015 2:09:10 PM org.apache.commons.httpclient.HttpMethodDirector au thenticate SEVERE: Credentials cannot be used for NTLM authentication: org.apache.commons.h ttpclient.UsernamePasswordCredentials org.apache.commons.httpclient.auth.InvalidCredentialsException: Credentials cann ot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePasswo rdCredentials at org.apache.commons.httpclient.auth.NTLMScheme.authenticate(NTLMScheme .java:332)

We had this issue a rather long time with our Jenkins behind our company's proxy. The other day they changed the order of authentication schemes our proxy desires. This was the day our Jenkins stopped connecting to the internet.

Obviously Jenkins is not able to connect via a proxy that requires NTML authentication. This was what lead me to issue an improvement for Jenkins to extend the proxy configuration screen. During the work on the extension I discovered that Jenkins does not make use of all proxy related system properties, therefore it cannot work with NTLM.

As such the answer for a proxy that allows only NTLM authentication is: it will not work via the Jenkins UI.

But if your proxy allows other authentication schemes, you can follow our workaround, it is rather simple: add the java system property -Dhttp.auth.preference="basic" to your Jenkins startup script or to that one of your container.

This will force the underlying libraries and Java mechanisms Jenkins makes use of to connect to your proxy using basic authentication, not NTLM.

I was getting this error while running jenkins with jetty server on jdk 8.

To resolve issue follow below steps:

Step 1:

Open URL https://updates.jenkins.io/ in browser

Step 2:

To export the Intermediate certificate:

Internet Explorer -> Tools -> Internet Options -> Content -> Certificates -> Go to Trusted Root Certification Authorities Tab and find out the DST Root CA X3 certificate. Then Export the Certificate: Select Certificate -> Export -> DER encoded Binary Format -> Save save the certificate as jenkins.cer (for me it was saved to C:\jenkins\jenkins.cer

( From Firefox -> Tools -> Options -> Advanced -> Encryption -> View Certificates )

Step 3: create keystore with name cacertskeystore

JAVA_HOME\bin\keytool -keystore C:\jenkins\cacertskeystore -genkey -alias cacerts

Step 4:

Add jenkins.cer to cacertskeystore using below command

JAVA_HOME\bin\keytool -import -trustcacerts -Keystore C:\jenkins\cacertskeystore -alias jenkins -file C:\jenkins\jenkins.cer

Step 5: Start jetty server with below command JAVA_HOME\bin\java -DJENKINS_HOME=C:/jenkins/home -Djavax.net.ssl.trustStore=C:/jenkins/cacertskeystore -Djavax.net.ssl.trustStorePassword=password-provided-while-creating-keystore -jar jenkins.war --httpPort=8080--httpListenAddress=localhost

I found this question while affected by bug: https://issues.jenkins-ci.org/browse/JENKINS-48775

The temporary workaround is to open the Jenkins script console and type ProxyConfiguration.open(new java.net.URL("http://jenkins.io")).content

Since it's an http url, and not an https url, it will refresh some caches and make the plugin manager work with the proxy settings, at least for some time. See the bug report for more details.

If you parse the exception, it states

Credentials cannot be used for NTLM authentication

So according to https://www.safaribooksonline.com/library/view/jenkins-the-definitive/9781449311155/ch04s09.html you might need to provide a domain name as well.

If your proxy is using Microsoft’s NTLM authentication scheme, then you will need to provide a domain name as well as a username. You can place both in the User name field: just enter the domain name, followed by a back-slash (\), followed by the username, such as “MyDomain\Joe Bloggs”.

Maybe that's the issue?

I ran into this issue today, and it finally ended up being a space at the end of the Spira URI in the Spira configuration. Must've been a bad copy and paste.

I got the Failed to connect to http://google.com (code 407) error in Test. But jenkins can check new version and install plugins&updates.

Put in credentials regardless of the Test. Then Save and go to available plugins/check jenkins version to check if it works.

The below solution worked for me for the 407 problem in Windows 7 machine.

• 1. Stop Jenkins from Windows Services
• 2. Goto Services.msc > Jenkins > Right Click > Properties > Logon > This account and type in your username and password
• 3. Click Apply and Ok
• 3. Start Jenkins

Simple Hack: Try using the IP of the domain rather than the address. -Dhttp.auth.preference="basic" actually didn't work for me :(

PS. Change both the browser and proxy and the Jenkins proxy to the IP