Installation of Visual Studio local help (Books Online) fails with a 407 Proxy Authentication Required error.
The problem here is that if you are behind a not-terribly-friendly corporate firewall or proxy, you may have a hard time installing local help in Visual Studio 2013.
When I fired up the Help Viewer v2.1, I would initially see the list of help topics that might be installed. Instead I'd get a notification that errors had occurred. Drilling down into that, I'd see that our corporate proxy had handed back a 407 Proxy Authentication Required response asking for NTLM authentication. Apparently, the Help Viewer isn't smart enough to respond intelligently handle this ordinary HTTP response.
The question is: how to work around this problem, since getting the network gods to set up a more transparent proxy seems...unlikely.
The question, Visual Studio Error: (407: Proxy Authentication Required) (related, but not the same problem) helped lead me to the solution, as did this conversation:
http://social.msdn.microsoft.com/Forums/vstudio/en-US/65c07e43-b652-496e-acbd-4d98861d527e/cannot-install-local-help-in-visual-studio-11?forum=vssetup
There are, apparently, 3 different processes involved in getting help installed for VS 2013:
The Microsoft Help Viewer (HlpViewer.exe)
The Microsoft Help Content Manager (HlpCtntMgr.exe)
The BITS service (Background Intelligent Transfer Service)
The above threads will lead you to monkeying with the config file for the help viewr, but that's insufficient to fix the problem. You will need to do the following:
Navigate to the help viewer's install directory (default location is C:\Program Files (x86)\Microsoft Help Viewer\v2.1).
Create or edit the file HlpViewer.exe.config so that it has a <system.net> element that looks like this:
<?xml version="1.0"?>
<configuration>
<system.net>
<settings>
<ipv6 enabled="true"/>
</settings>
<defaultProxy enabled="true" useDefaultCredentials="true">
<proxy
bypassonlocal="True"
proxyaddress="http://your-proxy-server:80/"
/>
</defaultProxy>
</system.net>
</configuration>
Depending on the vagaries of your proxy configuration, you might or might not need the <proxy> element.
Do the same for HlpCtntMgr.exe.config.
BITS (Background Intelligent Transfer Service) has a configuration value, UseLmCompat that tells it when to send NTLM authentication credentials. From the documentation,
The registry value is a DWORD. The following table lists the possible values for
UseLMCompat:
Value Description
----- -----------
0 BITS will send implicit credentials whenever the server prompts
for NTLM or Kerberos credentials.
1 BITS will send implicit credentials only if the client computer's
LMCompatibilityLevel registry value is greater than or equal to 2.
Prior to BITS 1.5: Not supported
2 BITS will send implicit credentials only if the application called
the SetCredentials method.
Prior to BITS 2.0: Not supported
The default cofiguration appears to be 2. You'll probably need to modify that in
the registry at
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/BITS/UseLmCompat
where you'll want that value to be 0, so it will provide credentials on request.
NOTE: Since Microsoft, in its infinite wisdom, has blessed us with, not one, but two registries (32-bit and 64-bit), you'll need to make the above change twice, using the appropriate instances of regedit.exe located at
32-bit: C:\Windows\regedit.exe
64-bit: C:\Windows\SysWOW64\regedit.exe
Having done that, you'll need to bounce BITS. You can do that by rebooting your machine, or via the Services control panel (services.msc), where it's listed under the name Background Intelligent Transfer Service.
At this point, you should be good to go.
Related
So in order to use NuGet and other dev tools working inside my organisation we've had to set a system wide environment variable 'http_proxy' for each user in our user specific Environment variables.
Now, this works for everything we've tried so far, all package managers like NuGet, NPM, chocolatey, all work fine with external repositories.
Recently we've tried to set up an internal NuGet server on our build server to internally host common packages. Everyone can browse to the URL where the server is located: -ip-/nuget and we can see the XML feed. The issue comes when we try to use nuget.exe, or Visual Studio 2017 for connecting to this source, the requests to find packages all time-out after 100000ms which i guess is the default timeout.
We can also browse exactly to the URL that times out out in any browser with no issue. I'm assuming that this is something to do with our internal proxy trying to route traffic out of the network when it is actually internal, but i have no way of verifying that.
Is there anything we can try to see if we can get this resolved?
Is there anything we can try to see if we can get this resolved?
Since you can also browse exactly to the URL that times out out in any browser with no issue from your office system, there should be some internet limitations in your office environment. So I suggest you contact your office IT to confirm whether they add any limitations and whether used any proxy. If they are using some proxy, you need to set the proxy settings in NuGet.Config file which store in C:\Users\user name\AppData\Roaming\NuGet:
<configuration>
<config>
<add key="http_proxy" value="http://my.proxy.address:port" />
<add key="http_proxy.user" value="mydomain\myUserName" />
<add key="http_proxy.password" value="base64encodedHopefullyEncryptedPassword" />
</config>
</configuration>
Refer to this link for details: NuGet Behind Proxy
I am trying to install Master Data Service MSD on my local machine. Theorically there are 3 steps :
pre-installation tasks
Installation tasks
post-Installation tasks
During the pre-installation tasks we verify the installation requirements.
The Master Data Services web application needs some Windows Web Server roles and role services. Among these services we have the "Windows Authentication" (under Security).
The problem is that I did not find under security node Windows Authentication. Instead I find Basic Authentication.
My OS is Windows 10.
To install (add) the the desired roles I follow the theoritical instructions:
Control panel| Programs and features| turn Windows Featues on or off. I then expand Security under World Wide Web Services but there is no Windows authentication among the check boxes, there is only basic authentication.
Also when I open IIS and double click Authentication pane there are 4 Authentication (basic, anonymous,ASP.net impersonation and formular), so again, I don't find windows Authentication.
I read some suggestions on the internet telling that we can edit the applicationHost.config file. I find 2 file on different paths.
The location of the first one is: C:\Program Files (x86)\IIS Express\AppServer
and the second location is: C:\Windows\System32\inetsrv\config
In those files I replace <windowsAuthentication /> under
<security><authentication> node by :
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
and I also add <add name="WindowsAuthenticationModule" lockItem="true" /> under <system.webServer><modules>
I did this on the 2 files because I was not sure whether it should be done only on the latter one or not (iis and not iisexpess). But even with those changes it does not work and what surprise me is that when I open iis after editing file, I also don't find windows aythentication among the authentication list in Authentication pane. So I conclude that editing did not serve at all and make no change to IIS.
Of course because I failed to enable Windows Authentication when I open MDS (to do the installation step), I get a warning error telling that IIS is not configured correctly because windows authentication is not installed on this server.
You'll find here how to add it and after that you'll be able to use it:
https://weblogs.asp.net/zroiy/missing-windows-authentication-provider-for-iis-7-on-windows-server-2008
The issue:
Help viewer is not able to fetch help catalog or to download picked items due to the proxy authentication error.
This happens because because the Help Content Manager and BITS (Background Intelligent Transfer Service) cannot fetch help data from Microsoft servers. Both Help Content Manager and BITS don't use default proxy credentials when connecting to Microsoft servers.
Fix:
Locate help viewer configuration at
C:\Program Files (x86)\Microsoft Help Viewer\v2.0\HlpViewer.exe.config
Edit the configuration file and add following to the configuration section:
<system.net>
<defaultProxy useDefaultCredentials="true" >
</defaultProxy>
</system.net>
Now, in the same folder, create configuration for content manager:
HlpCtntMgr.exe.config
and add the same proxy settings to the configuration section.
Open registry editor and locate following node:
HKLM\Software\Microsoft\Windows\CurrentVersion\BITS\
Make sure UseLMCompat value is present and it's set to 0. If the value is missing create it as a DWORD value.
Close the registry editor and restart Background Intelligent Transfer Service.
I am at my wits' end on this one.
FYI, I work in infrastructure, not .net development, so I know very little about WCF and next to nothing about Visual Studio as an environment, but I don't think that's where the problem lies.
We have a WCF service running on a couple of IIS 7.5 servers on our internal network. This is exposed to the outside world via reverse proxy on Apache 2.2.15 on Fedora 11. The reverse proxy handles load balancing between the IIS servers, as well as SSL.
The WCF service is configured to use transport level security, and the IIS servers have self-signed SSL certificates. The reverse proxy does not authenticate the IIS servers, and the only reason we have SSL on the IIS servers in the first place is so the WSDL will present the correct location URL.
We thought we had it working perfectly, but there's one annoying and crucial exception: the WSDL can't be added as a service reference in Visual Studio on machines running Windows Vista or later. On an XP machine, it's fine, but anything later throws the following error:
There was an error downloading
'[URL]'. The operation has timed out
Metadata contains a reference that
cannot be resolved: '[URL]'. An error
occurred while making the HTTP request
to [URL]. This could be due to the
fact that the server certificate is
not configured properly with HTTP.SYS
in the HTTPS case. This could also be
caused by a mismatch of the security
binding between the client and the
server. The underlying connection was
closed: An unexpected error occurred
on a send. Received an unexpected EOF
or 0 bytes from the transport stream.
If the service is defined in the
current solution, try building the
solution and adding the service
reference again.
The WSDL is accessible through a browser, or through regular SOAP, on any machine and without any SSL complaints. It's just Visual Studio that has an issue.
Initial Googling revealed that it might be a problem with the cipher suite that VS used, suggesting that VS on Vista or later would by default attempt to use TLS1.0 in HTTPS connections, and if an intermediary device didn't support that protocol, it would just drop the request. This is definitely not the case, though. The reverse proxy explicitly prefers TLS1.0, and even when viewing the WSDL through a browser, it flags up as using TLS1.0 for the connection.
Having pointed the proxy at other functioning WCF services on different IIS servers, the same error occurs, leading me to assume it revolves around the reverse proxy configuration. The trouble is that it seems to be identically configured to another reverse proxy carrying out the same task elsewhere.
It's presumably some transport level issue around how VS establishes HTTPS connections on different operating systems, but I simply don't know enough about it to hazard a guess about what that might be. Anyone have any suggestions?
Well, that was embarrassing.
I'm sure there's some unwritten cosmic law that results in me finding the incredibly simple solution to a problem I've been grinding away at for days about ten minutes after posting it up on StackOverflow.
The ServerName directive in the virtual host config didn't match the URL. It did match the certificate (which has a Subject Alternative Name, so it didn't throw up any SSL warnings), but that wasn't the name I was accessing it with.
I'm assuming there's some extension of TLS1.0 that VS uses which enforces this, which isn't used by browsers or SOAP clients. This is probably useful information for anyone else trying this with a certificate that has Subject Alternative Names. It wouldn't have come up otherwise.
I've installed TFS 2008, but I can't seem to access the server. When I try to connect to it in Visual Studio, I can't. If I try by browser on a remote PC, I get a generic page cannot be displayed. On the server, I get a 403. Nothing was touched in IIS and the service is running as a Network Service. Any ideas?
try:
http://localhost:8080/Services/V1.0/ServerStatus.asmx. This will tell you if TFS is up and running. If you are getting anything else you need to look into IIS issues.
I wrote a blog post on diagnosing these types of TFS connections.
http://blogs.msdn.com/granth/archive/2008/06/26/troubleshooting-connections-to-tfs.aspx
The very first thing I do is confirm that it works for a known-good configuration – usually my workstation.
Providing that works and the server appears to be functioning, the next thing I do is ask the user to call the CheckAuthentication web service using Internet Explorer.
The URL for this is: http://TFSSERVER:8080/services/v1.0/ServerStatus.asmx?op=CheckAuthentication
By doing this check, I am doing four things:
Eliminating Team Explorer from the picture
Eliminating the .NET networking stack from the picture
Ensuring that Windows Authentication is working correctly (that’s why I say IE)
Ensuring that proxy settings are set correctly
In most cases I’ve seen, the TFS connection issues are because the proxy settings have changed or are incorrect. Because .NET and Visual Studio use the proxy settings from Internet Explorer, it’s important to have them set correctly.
In rare cases it’s beyond this. That’s when I start looking at things like:
Can you resolve the server name?
Can you connect using the IP address?
Are there HOSTS file entries? (see: c:\windows\system32\drivers\etc\hosts)
Can you ping the server?
Can you telnet to port 8080?
Does the user actually have access? Run TfsSecurity.exe /server:servername /im n:DOMAIN\User to check their group memberships
Have you changed your domain password lately? In some cases they’ll need to logoff the workstation and log back on again to get a new security token.
Is the computer's domain certificate valid? update the certificate: gpupdate /force
Hope this helps.
Turns out the time and date on my computer was not "close enough" to the time and date on the tfs server. Changed my system clock setting and problem went away.
What happens if you send a simple HTTP request to the server directly?
ie:
telnet 8080 [enter]
GET / HTTP/1.1[enter]
[enter]
[enter]
That might give a hint about whether IIS is actually serving anything. If you can do that on the server, what about from a different machine? If the results are different a good guess is there are some security/firewall issues somewhere. HTH a little.
I went through everything on a similar problem.
I logged onto my tfs server and connected directly there.
I also used a TFS admin tool I downloaded some time ago from Microsoft, and made sure I was in all the right groups and projects.
I then went back to the client PC with the problem, tried the services/1.0/serverstatus.asmx?op=CheckAuthentication Url again, and it worked this time.
AFter that full service was restored to my PC.
So I don't have the exact answer, but I would go through the checklists presented by Grant Holliday in his answer.
Add this to the cases for future users, as i had this issue on server 2016...
if your firewall allow only Domain and Private Network, it may not work on client. make sure you give public permission, if server network is set to public...
The error you may face:
ERR_CONNECTION_TIMED_OUT
for
http://fserver:8080/tfs