{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Team Foundation Server 2013 Express - Can't co》','https://www.manongdao.com/q-666609.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've setup an install of TFS Express 2013 on my build machine. I can connect via web and Visual Studio 2013 just fine with my domain credentials (NTLM), however no 3rd party tools or command line tools can authenticate. When entering in my credentials on the command line, all I get is fatal: Authentication failed
The server forces https with a self-signed certificate and I use my domain credential for access. I've added the cert to my dev machine's root CA and use sslVerify=false in my gitconfig - the normal SSL issues have been resolved (but may be something related).
So far I've tried several options I found in this question, but no luck.
- Removed special chars from password
- Dropping to msysgit 1.8.1
- Using/reinstalling gitcredentialstore, no luck. Setting credentials there manually didn't work either.
- Made a local user on the build machine, added into the TFS project, still unable to connect.
- Enabling basic auth in IIS, nothing, so turned it off leaving just Windows auth.
Allowing http works fine but not willing to let that be production.
I can connect just fine to github on command line, but not TFS.
Any extra insight would be much appreciated.
Edward's comment helped, was able to rule out msysgit - didn't know that it supported NTLM (had read mixed stuff elsewhere about CURL).
Poked around with Wireshark (terribly convoluted, info overload) and Fiddler (much easier to use) but nothing really jumped out.
So, turns out it's total administrator error (me) in IIS.
By default, TFS Express installs itself into its own site on port 8080 (or at least it did for me since I had an existing site). I wanted it to be under the main site, so just turned it off and added a new virtual directory into my main. Did a bit of configuration for SSL, but forgot something - fully matching the authentication settings in IIS. It worked enough to allow web and VS access, but msysgit had issues.
The TFS default install allows only Windows authentication (had that) and only NTLM as a provider (still had Negotiate in there). Second was the advanced properties on Windows Auth - had the Extended Protection as Accept. TFS defaulted that to Off.
Works now.