Can't access TFS through proxy server

Can't access TFS through proxy server

• simon_

  I'm glad it's working, but I'm not sure how the bug you mentioned is related to the problem here. In this case, the TFS client will only work once the start page has loaded - which makes it seem like this problem is actually with the TFS client, not with the start page.

  Also, thanks for responding to my post. I appreciate the help on this stuff.

  
  

• Ants Hurdley

  Good observation about the Host header.

  Can you try going into IE, turning off the "Bypass proxy server for local addresses", closing IE, then restarting VS to see if it makes a difference

  
  
  

• bkrcove

  And to be more specific, when trying the URL's directly, you're better off using an actual instance of IE rather than the browser built-in to VS for these reasons.

  
  
  

• gokce

  I did try to connect with just HTTP and had the same problem. The network trace looks identical in both cases (except for the port) because the failed negotiation is with the proxy.

  One interesting data point is that if I leave DevStudio open for a while (I suspect it is an hour or more), then some other component authenticates the proxy and the TFS client starts working perfectly. Unfortunately the DevStudio web browser doesn't have that effect or it would be a great work-around.

  Here is a trace of a failed connection as a reference:

  CONNECT tfs.domain.net:443 HTTP/1.1
  Host: proxy
  Connection: Keep-Alive

  HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
  Via: 1.1 PROXYISAW2K3
  Proxy-Authenticate: Negotiate
  Proxy-Authenticate: Kerberos
  Proxy-Authenticate: NTLM
  Proxy-Authenticate: Basic realm="proxy.domain.com"
  Connection: close
  Proxy-Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Type: text/html
  Content-Length: 731

  <HTML><HEAD><TITLE>Error Message</TITLE>
  <META http-equiv=Content-Type content="text/html; charset=windows-1252">
  <BODY>
  <TABLE><TR><TD id=L_dt_1><B>Network Access Message: The page cannot be displayed<B></TR></TABLE>
  <TABLE><TR><TD height=15></TD></TR></TABLE>
  <TABLE>
  <TR><TD id=L_dt_2>Technical Information (for Support personnel)
  <UL>
  <LI id=L_dt_3>Error Code: 407 Proxy Authentication Required. The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209)
  <LI id=L_dt_4>IP Address: XXX.XXX.XXX.XXX
  <LI id=L_dt_5>Date: 10/6/2006 12:48:14 PM
  <LI id=L_dt_6>Server: proxy.domain.com
  <LI id=L_dt_7>Source: proxy
  </UL></TD></TR></TABLE></BODY></HTML>

  
  For reference purposes, here is a trace of the connection to https://tfs.domain.net:443/services/v1.0/ServerStatus.asmx using the web browser in DevStudio:

  CONNECT tfs.domain.net:443 HTTP/1.0
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
  Proxy-Connection: Keep-Alive
  Content-Length: 0
  Host: tfs.domain.net
  Pragma: no-cache

  HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
  Via: 1.1 PROXYISAW2K3
  Proxy-Authenticate: Negotiate
  Proxy-Authenticate: Kerberos
  Proxy-Authenticate: NTLM
  Proxy-Authenticate: Basic realm="proxy.domain.com"
  Connection: close
  Proxy-Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Type: text/html
  Content-Length: 731

  <HTML><HEAD><TITLE>Error Message</TITLE>
  <META http-equiv=Content-Type content="text/html; charset=windows-1252">
  <BODY>
  <TABLE><TR><TD id=L_dt_1><B>Network Access Message: The page cannot be displayed<B></TR></TABLE>
  <TABLE><TR><TD height=15></TD></TR></TABLE>
  <TABLE>
  <TR><TD id=L_dt_2>Technical Information (for Support personnel)
  <UL>
  <LI id=L_dt_3>Error Code: 407 Proxy Authentication Required. The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209)
  <LI id=L_dt_4>IP Address: XXX.XXX.XXX.XXX
  <LI id=L_dt_5>Date: 10/6/2006 12:52:20 PM
  <LI id=L_dt_6>Server: proxy.domain.com
  <LI id=L_dt_7>Source: proxy
  </UL></TD></TR></TABLE></BODY></HTML>

  CONNECT tfs.domain.net:443 HTTP/1.0
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
  Proxy-Connection: Keep-Alive
  Content-Length: 0
  Proxy-Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
  Pragma: no-cache
  Host: tfs.domain.net

  HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
  Via: 1.1 PROXYISAW2K3
  Proxy-Authenticate: Negotiate TlRMTVNTUAACAAAAEAAQADgAAAAFgomicjmnselgjw0AAAAAAAAAALIAsgBIAAAABQLODgAAAA9BAE0ARQBSAEkAQwBBAFMAAgAQAEEATQBFAFIASQBDAEEAUwABAB4AQQBVAFMASQBTAEEAVwAyAEsAMwBQAFMAMwAwADEABAAaAGEAbQBlAHIALgBkAGUAbABsAC4AYwBvAG0AAwBCAGEAdQBzAGkAcwBhAHcAMgBrADMAcABzADMAMAAxAC4AYQB1AHMALgBhAG0AZQByAC4AZABlAGwAbAAuAGMAbwBtAAUAEABkAGUAbABsAC4AYwBvAG0AAAAAAA==
  Connection: Keep-Alive
  Proxy-Connection: Keep-Alive
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Type: text/html
  Content-Length: 0

  CONNECT tfs.domain.net:443 HTTP/1.0
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
  Proxy-Connection: Keep-Alive
  Content-Length: 0
  Host: tfs.domain.net
  Pragma: no-cache
  Proxy-Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAIYAAAAYABgAngAAABAAEABIAAAAGAAYAFgAAAAWABYAcAAAAAAAAAC2AAAABYKIogUBKAoAAAAPQQBNAEUAUgBJAEMAQQBTAEQAYQB2AGUAXwBNAGEAdABoAGUAbgB5AFcAWABQAC0AOQBMAEYAQwBZADUAMQBWG5/C3uVrQwAAAAAAAAAAAAAAAAAAAADGP/OEeh2um/ll7N/nz9dxEaTVx9mJ0q4=

  HTTP/1.1 200 Connection established
  Via: 1.1 PROXYISAW2K3
  Connection: Keep-Alive
  Proxy-Connection: Keep-Alive
  

  
  

• EliteSniper177

  Has anyone else been able to connect to TFS through a proxy server
  

• AzurianArcher

  Yes, this is a known bug in the VS core - it doesn't support auth with your credentials from start page URL's.

  Excellent work figuring it out!

  
  
  

• Peter Kahn

  As a data point, if you switch back to HTTP (or also allow HTTP), does the through-the-proxy connection work for HTTP

  
  
  

• Isaiyavan Babu Karan

  On my system, the settings 'Automatically detect settings' and 'Use automatic configuration script' are NOT checked. I also have the proxy address set to 'proxy', the port is 80, and the 'Bypass proxy server for local addresses' is also enabled.

  IE loads the pages just fine and the trace looks identical to the trace from within DevStudio because it is just using the IE web browser control. Both traces are attached so you can see the differences - but I noticed that the TFS client does include the proxy name in the 'Host' tag.

  
  

• eldoktor007

  The bug is still there, but I think I may have finally figured out what is causing the proxy authentication to start working after DevStudio has been opened for a while.

  The component that is authenticating with the proxy is the DevStudio Start Page! I have that turned off because I like DevStudio to open with an empty environment, but there is an option that appears to refresh the data after 60 minutes anyway.

  If I open the start page and let it load, then the TFS client works fine. If I don't open the start page then the proxy authentication fails with an error 407.

  
  

• cyberw&amp;#228;lder

  Interesting - what do you have for the proxy settings in IE (tools -> options -> connections -> lan settings). We've had some problems with "automatically detect" in the past.

  How does IE hitting these pages (in either HTTP or HTTPS mode) look If IE instantly works but VS requires the start page to make the first hit before things get working, we may be reading the proxy values incorrectly.

  
  
  

• Fahad349

  I just tried that and it still doesn't work without launching the start page.
  
• Can't access TFS through proxy server