Jenkins proxy 407 error

Question

Jenkins proxy 407 error

I am running Jenkins CI inside a corporate network that uses proxies to access the Internet.

I tried to configure proxy data in plugins-> Advanced, but even if the credentials are correct (yes, I checked it several times), it can’t check the “test URL” even at http://google.com and returns

Failed to connect to http://google.com (code 407).

Oddly, Jenkins can still load plugins (whoa!), But cannot fully connect to any HTTP resource. The message that appears from the console:

← [0mApr 16, 2015 1:58:56 PM org.apache.commons.httpclient.HttpMethodDirector pro cessProxyAuthChallenge INFO: Authentication failed with NTLM @ proxyrye.asg.com: 80 April 16, 2015 14:09:09 org. apache.commons.httpclient.HttpMethodDirector execute WithRetry INFO: I / O exception (java.net.ConnectException) detected during processing the request: connection time: connect April 16, 2015 14:09:09 org.apache.commons.httpclient. HttpMethodDirector execute WithRetry INFO: request for re-verification April 16, 2015 2:09:10 org.apache.commons.httpclient.auth.AuthChallengeProcesso r selectAuthScheme INFO: selected authentication scheme ntlm ← [31mApr 16, 2015 2:09:10 PM org.apache.commons.httpclient.HttpMethodDirector au thenticate SEVERE: credentials cannot use Authentication for NTLM: org.apache.commons.h ttpclient.UsernamePasswordCredentials org.apache.commons.httpclient.auth.InvalidCredentialsException: Credentials cannot be used for NTLM authentication: org.apache.commons.httpclient.UsernamePassdent at rd .commons.httpclient.auth.NTLMScheme.authenticate (NTLMScheme.java: 332)

+7

java apache proxy jenkins ntlm

Ilves Apr 16 '15 at 18:13

source share

10 answers

cheffe · Answer 1 · 2016-03-02T06:19:37+0000

We had this problem for quite some time with our Jenkins behind the proxy server of our company. The other day, they changed the authentication order that our proxy wants. It was the day when our Jenkins stopped connecting to the Internet.

Obviously, Jenkins cannot connect through a proxy that requires NTML authentication . That is what led me to improve Jenkins to expand the proxy configuration screen . While working on the extension, I found that Jenkins does not use all the proxy-related system properties, so it cannot work with NTLM.

So the answer is for a proxy that only allows NTLM authentication: this will not work through the Jenkins interface.

But , if your proxy server allows other authentication schemes, you can follow our workaround, it's quite simple: add the java system -Dhttp.auth.preference="basic" to your Jenkins script or to that of your container.

This will force the core Jenkins Java libraries and mechanisms to use to connect to your proxy using basic authentication rather than NTLM.

Sharad gaikwad · Answer 2 · 2017-12-22T12:40:01+0000

I was getting this error when starting jenkins with the berth server on jdk 8.

To resolve the issue, follow these steps:

Step 1:

Open URL https://updates.jenkins.io/ in a browser

Step 2:

To export an intermediate certificate:

Internet Explorer → Tools → Internet Options → Content → Certificates → Go to the Trusted Root Certification Authorities tab and find out the DST Root CA X3 certificate. Then export the certificate: Choose "Certificate" → "Export" → DER-encoded binary format → Save save the certificate as jenkins.cer (for me it was saved in C: \ jenkins \ jenkins.cer

(From Firefox → Tools → Options → Advanced → Encryption → View certificates)

Step 3: create a keystore named cacertskeystore

JAVA_HOME \ bin \ keytool -keystore C: \ jenkins \ cacertskeystore -genkey -alias cacerts

Step 4:

Add jenkins.cer to cacertskeystore using the following command

JAVA_HOME \ bin \ keytool -import -trustcacerts -Keystore C: \ jenkins \ cacertskeystore -alias jenkins -file C: \ jenkins \ jenkins.cer

Step 5: Start the berth server using the command below JAVA_HOME \ bin \ java -DJENKINS_HOME = C: / jenkins / home -Djavax.net.ssl.trustStore = C: / jenkins / cacertskeystore -Djavax.net.ssl.trustStorePassword = password- provided-while-creation-keystore -jar jenkins.war --httpPort = 8080 - httpListenAddress = localhost

Jorge yanes diez · Answer 3 · 2018-08-30T09:16:07+0000

I found this question, although it was affected by an error: https://issues.jenkins-ci.org/browse/JENKINS-48775

The workaround is to open the Jenkins script console and type ProxyConfiguration.open(new java.net.URL("http://jenkins.io")).content

Since this is an http url, not an https url, it will update some caches and make the plugin manager work with proxy settings for at least some time. See the bug report for more details.

Vasu · Answer 4 · 2019-04-09T13:11:40+0000

for Java JDK8 and later, Oracle has disabled basic authentication tunneling for basic authentication. If you want to use basic mode again (security will be compromised), start Jenkins by adding this parameter to the JAVA_OPTS variable

  "-Djdk.http.auth.tunneling.disabledSchemes="

default value

  "-Djdk.http.auth.tunneling.disabledSchemes=Basic",

since the base scheme is disabled by default, it will return an HTTP 407 error, even if your credentials were ok.

more at https://issues.jenkins-ci.org/browse/JENKINS-48775 Thanks to Israel Romero Fiji

Joey · Answer 5 · 2015-04-16T18:45:41+0000

If you parse an exception, it indicates

Credentials Cannot Be Used for NTLM Authentication

Thus, according to https://www.safaribooksonline.com/library/view/jenkins-the-definitive/9781449311155/ch04s09.html , you may also need to specify a domain name.

If your proxy uses the Microsoft NTLM authentication scheme, you need to specify the domain name as well as the username. You can put both in the Username field: just enter the domain name and then the backslash (\) and then the username, for example "MyDomain \ Joe Bloggs".

Maybe a problem?

ricksmt · Answer 6 · 2016-03-01T16:59:20+0000

Today I ran into this problem and finally ended up at the end of the Spira URI in the Spira configuration. There must have been a bad copy and paste.

Rox · Answer 7 · 2017-02-17T12:24:08+0000

I got the message “Failed to connect to the http://google.com error (code 407) in the test. But jenkins can check the new version and install plugins and updates.

Enter your credentials regardless of test. Then save and go to available plugins / check jenkins version to see if it works.

Alperen Kethudaoğlu · Answer 8 · 2017-09-22T07:52:50+0000

The solution below worked for me for problem 407 on a Windows 7 machine.

1. Stop Jenkins from Windows Services.
2. Goto Services.msc> Jenkins> Right-click> Properties> Login> This account and enter your username and password
3. Click "Apply" and "OK"
3. Start Jenkins

Ravindu kumarasiri · Answer 9 · 2018-01-24T12:25:04+0000

Simple hack: Try using the IP address of the domain, not the address. -Dhttp.auth.preference="basic" didn't actually work for me: (

PS. Change the browser and proxy server and Jenkins proxy server to IP address

Nilkha · Answer 10 · 2019-04-09T11:32:21+0000

I also ran into the same jenkins-proxy-407-error problem

I found a solution for this, I hope it will be useful for other users:

You can install Cntlm Authentication Proxy , it stands between your applications and the corporate proxy, adding NTLM authentication on the fly.

See here http://cntlm.sourceforge.net/

After installing CNTLM, add your NTLM credentials to the cntlm.ini file. You can also configure the listening port or the default value is 3128.

Detailed CNTLM installation instructions can be found here.

https://vijiboy.wordpress.com/2018/03/14/configure-cntlm-to-generate-hash-for-your-password-h-and-verify-m/

Start the CNTLM service and go to jenkins, add

host: hostname or localhost

port: listening port specified in cntlm.ini or default 3128

leave the username and password blank and you are configured to use Jenkins.

Jenkins proxy 407 error

More articles: