[JIRA] (JENKINS-54903) Updates through proxy server with authentication not working after update to core 2.152 or higher

[kurt.loupal@rohde-schwarz.com (JIRA)]

Kurt created an issue

Jenkins / JENKINS-54903 Updates through proxy server with authentication not working after update to core 2.152 or higher Issue Type: Bug Assignee: Unassigned Attachments: JenkinsPluginManagerIssue.PNG Components: core Created: 2018-11-28 06:11 Environment: Jenkins >= 2.152, Server-JRE 1.8.0_191 on Windows Server 2008R2 Priority: Blocker Reporter: Kurt  After update to any Jenkins core higher (as of writing this ticket) then 2.151 I cannot check for updates any more from behind our company's proxy server. Error given by Jenkins Web Frontend is  There were errors checking the update sites: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json So it seems that Jenkins is no longer authenticating to the proxy with the credentials configued in the plugin manager advandced tab. From the changelog I've seen that there were changes to the update code as part of issue 54459. So I've tried setting the referenced properties (even with all the spellings as indicated in the issue ticket):   -Dhudson.PluginManager.checkUpdateSleepTimeMillis=2500 -Dhudson.PluginManager.CHECK_UPDATE_ATTEMPTS=5 -Dhudson.PluginManager.checkUpdateAttempts=5 That has changed the duration until the above error appears. But it didn't fix the problem.   The update center is configured as indicated in the attached screenshot. Strange thing is, that pressing the "Validate Proxy" button returns "Success" while the bottom of the same page shows the proxy auth required message (see screenshot). This seems to be very inconsistent. The Jenkins log contains the following (after setting above properties, same appears 5 times):   INFO: The attempt #4 to do the action check updates server failed with an allowed exception: java.io.IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) at hudson.model.DownloadService.loadJSON(DownloadService.java:167) at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:186) at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1747) at hudson.util.Retrier.start(Retrier.java:62) at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1718) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:188) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239) at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215) at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88) at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.plugins.locale.LocaleFilter.doFilter(LocaleFilter.java:42) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:503) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) at java.lang.Thread.run(Thread.java:748)Nov 28, 2018 6:48:15 AM hudson.util.Retrier start INFO: Calling the listener of the allowed exception 'Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json' at the attempt #4 to do the action check updates server Nov 28, 2018 6:48:15 AM hudson.util.Retrier start WARNING: The attempt #4 to do the action check updates server failed Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed WARNING: Failed to monitor 1sp-slave-bg for Free Temp Space java.util.concurrent.TimeoutException at hudson.remoting.Request$1.get(Request.java:316) at hudson.remoting.Request$1.get(Request.java:240) at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59) at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114) at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76) at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed WARNING: Failed to monitor 1sp-slave-bg for Free Disk Space java.util.concurrent.TimeoutException at hudson.remoting.Request$1.get(Request.java:316) at hudson.remoting.Request$1.get(Request.java:240) at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59) at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114) at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76) at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed WARNING: Failed to monitor 1sp-slave-bg for Free Swap Space java.util.concurrent.TimeoutException at hudson.remoting.Request$1.get(Request.java:316) at hudson.remoting.Request$1.get(Request.java:240) at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59) at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114) at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76) at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.util.Retrier start INFO: Attempt #5 to do the action check updates server Nov 28, 2018 6:48:18 AM hudson.util.Retrier start INFO: The attempt #5 to do the action check updates server failed with an allowed exception: java.io.IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) at hudson.model.DownloadService.loadJSON(DownloadService.java:167) at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:186) at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1747) at hudson.util.Retrier.start(Retrier.java:62) at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1718) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:188) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239) at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215) at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88) at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.plugins.locale.LocaleFilter.doFilter(LocaleFilter.java:42) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:503) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) at java.lang.Thread.run(Thread.java:748)Nov 28, 2018 6:48:18 AM hudson.util.Retrier start INFO: Calling the listener of the allowed exception 'Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json' at the attempt #5 to do the action check updates server Nov 28, 2018 6:48:18 AM hudson.util.Retrier start INFO: Attempted the action check updates server for 5 time(s) with no success Nov 28, 2018 6:48:18 AM hudson.PluginManager doCheckUpdatesServer SEVERE: Error checking update sites for 5 attempt(s). Last exception was: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json       Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[kurt.loupal@rohde-schwarz.com (JIRA)]

Kurt updated an issue

Jenkins / JENKINS-54903 Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Kurt  After *update to any Jenkins core higher (as of writing this ticket) then 2.151* I *cannot check for updates any more* from behind our company's proxy server. Error given by Jenkins Web Frontend is  {noformat} There were errors checking the update sites: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json{noformat} *So it seems that Jenkins is no longer authenticating to the proxy with the credentials configued in the plugin manager advandced tab.* From the changelog I've seen that there were changes to the update code as part of [ issue 54459 |https://issues . jenkins-ci.org/browse/JENKINS-54459].

So I've tried setting the referenced properties (even with all the spellings as indicated in the issue ticket):

{noformat} -Dhudson.PluginManager.checkUpdateSleepTimeMillis=2500 -Dhudson.PluginManager.CHECK_UPDATE_ATTEMPTS=5 -Dhudson.PluginManager.checkUpdateAttempts=5 {noformat}

That has changed the duration until the above error appears. But it didn't fix the problem.   The update center is configured as indicated in the attached screenshot. Strange thing is, that pressing the "Validate Proxy" button returns "Success" while the bottom of the same page shows the proxy auth required message (see screenshot). This seems to be very inconsistent. The Jenkins log contains the following (after setting above properties, same appears 5 times):

{noformat}

{noformat}     Downgrading Jenkins core back to 2.151 immediately removes the issue. So this cannot be related in any way to a changed proxy server configuration.

Add Comment

[kurt.loupal@rohde-schwarz.com (JIRA)]

Kurt updated an issue

Jenkins / JENKINS-54903 Updates through proxy server with authentication not working after update to core 2.152 or higher Change By: Kurt

After *update to any Jenkins core higher (as of writing this ticket) then than 2.151* I *cannot check for updates any more* from behind our company's proxy server. Error given by Jenkins Web Frontend is

{noformat} There were errors checking the update sites: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json{noformat} *So it seems that Jenkins is no longer authenticating to the proxy with the credentials configued in the plugin manager advandced tab.*

From the changelog I've seen that there were changes to the update code as part of issue 54459.

Setting this to Blocker as we're not able to install any more new plugins or plugin updates with Jenkins Core >= 2.152.

Add Comment

[martin.moessner@coop.ch (JIRA)]

Martin Mössner commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher One possible workaround: 1. Go the "Plugin Manager" "Advanced" tab. 2. Without any change press the "submit" button of the "HTTP Proxy Configuration". 3. Go to the "Updates" tab. 4. Press the "Check now" button. Works on our prod- and testsystem (V 2.153).

Add Comment

[kurt.loupal@rohde-schwarz.com (JIRA)]

Kurt updated an issue

Jenkins / JENKINS-54903

Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Kurt Priority: Blocker Critical

Add Comment

[kurt.loupal@rohde-schwarz.com (JIRA)]

Kurt commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher I can confirm that the workaround does work for us, too. Martin Mössner Good work! How did you figure that out? Have you already checked if the problem re-appears after some time or a Jenkins restart? I can't test that on my side at the moment as I cannot restart Jenkins without coordination. From theses findings, can we conclude, that the issue is related to the proxy credential storage? Anyway, I think that justifies reducing the severity to Critical (it's still possible to obtain new plugins and updates now).

Add Comment

[martin.moessner@coop.ch (JIRA)]

Martin Mössner commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

First I've made a change on "no-proxy-hosts". The change itself had nothing to do with proxy functionality, because it was a removement of an old full qualified server. So I was very wondering. Then the problem re-appears again and so I've submitted again (without change) the HTTP Proxy Configuration. I don't know how often it re-appears, but still it's happening...

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

Stephen Connolly Does this look like something your merge of JENKINS-48775 could have caused? Also CC Ramon Leon who got JENKINS-54459 merged, but I'd be more surprised if this is the cause than the other.

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck updated an issue

Jenkins / JENKINS-54903

Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Daniel Beck Labels: regression

Add Comment

[stephen.alan.connolly@gmail.com (JIRA)]

Stephen Connolly commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher Daniel Beck its hard to see how JENKINS-48755 could cause this issue: The code path should be identical to that in place before when the URL is not https... and from the reported exception, the URL is http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json which is http so jenkins48775workaround (Proxy,URL) should be a no-op The only possible risk of a delta is from the refactoring in this method because that Authenticator was written to use the inverse if condition. I have re-read it 10 times and the refactoring looks sound... but perhaps I am mistaken

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

Too bad we merged both in the same weekly. That said, to the best of my understanding, https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/jenkins-war/2.152-rc27515.bdf9e4b389d8/ corresponds to https://github.com/jenkinsci/jenkins/commit/bdf9e4b389d8 and includes https://github.com/jenkinsci/jenkins/commit/d4284565e7a3e6b044f6d6df52288e822af02fc4 but not JENKINS-54459. Could the reporter or one of the watchers run the war in the first link and report back whether the issue occurs on that version?

Add Comment

[kurt.loupal@rohde-schwarz.com (JIRA)]

Kurt commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

I'll try my best to coordinate with my colleagues for a time frame for the tests as requested in previous comment. But sadly we don't have a test instance available. So I can only do it on the productive system which would then be blocked for a couple of reboots. If I get the chance to test it I'll surely report the results immediately.

Add Comment

[manuelramonleonjimenez@gmail.com (JIRA)]

Ramon Leon commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

Daniel Beck Also CC Ramon Leon who got JENKINS-54459 merged, but I'd be more surprised if this is the cause than the other.,  The code involved in JENKINS-54459 has nothing to do with the problem, it doesn't touch the way we use proxy or get the json, IMO. What's going on is that now, this code is trying to get the update center for the number of times specified, therefore the error log shows each attempt. But the error is the same as without the retries, that is, a 407 in the update site defined. I cannot understand why the proxy was unset.

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

Stephen Connolly The workaround described by users above results in the invocation of the DataBoundConstructor. Your "refactoring" of moving the Authenticator creation into that results in it not being called on Jenkins startup, so it's null until the ProxyConfiguration is saved. Does that look about right?

Add Comment

[stephen.alan.connolly@gmail.com (JIRA)]

Stephen Connolly commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

Ahhh do we need a readResolve to set the authenticator!

Add Comment

[stephen.alan.connolly@gmail.com (JIRA)]

Stephen Connolly commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

https://github.com/jenkinsci/jenkins/pull/3786 should fix

Add Comment

[batmat@batmat.net (JIRA)]

Baptiste Mathus started work on JENKINS-54903

Change By: Baptiste Mathus Status: Open In Progress

Add Comment

[batmat@batmat.net (JIRA)]

Baptiste Mathus updated JENKINS-54903

Jenkins / JENKINS-54903

Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Baptiste Mathus Status: In Progress Review

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev updated an issue

Jenkins / JENKINS-54903 Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Oleg Nenashev Labels: lts-candidate regression

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher Should be released in 2.162

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev updated JENKINS-54903

Jenkins / JENKINS-54903

Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Oleg Nenashev Status: In Review Resolved Resolution: Fixed Released As: Jenkins 2.162

Add Comment

[ogondza@gmail.com (JIRA)]

Oliver Gondža updated an issue

Jenkins / JENKINS-54903 Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Oliver Gondža Labels: 2.150.3-rejected lts-candidate regression

Add Comment

[ogondza@gmail.com (JIRA)]

[mathieu.rousseau.31@gmail.com (JIRA)]

Mathieu Rousseau updated an issue

Jenkins / JENKINS-54903 Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Mathieu Rousseau Attachment: 003528.jpg

Add Comment

[mathieu.rousseau.31@gmail.com (JIRA)]

[mathieu.rousseau.31@gmail.com (JIRA)]

[mathieu.rousseau.31@gmail.com (JIRA)]

Mathieu Rousseau commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher I have the same issue in 2.164.3

Add Comment

[mathieu.rousseau.31@gmail.com (JIRA)]

Mathieu Rousseau updated an issue

Jenkins / JENKINS-54903

Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Mathieu Rousseau Attachment: 003528.jpg

Add Comment

[mathieu.rousseau.31@gmail.com (JIRA)]

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher Mathieu Rousseau Well, did you click "Submit" right below test URL after entering credentials?

Add Comment

[mathieu.rousseau.31@gmail.com (JIRA)]

Mathieu Rousseau commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

yes. also tried: One possible workaround: Go the "Plugin Manager" "Advanced" tab. 2. Without any change press the "submit" button of the "HTTP Proxy Configuration". 3. Go to the "Updates" tab. 4. Press the "Check now" button. no success

Add Comment

[mathieu.rousseau.31@gmail.com (JIRA)]

Mathieu Rousseau edited a comment on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

[~danielbeck]   yes. also tried : One the one possible workaround: # Go the "Plugin Manager" "Advanced" tab.

2. Without any change press the "submit" button of the "HTTP Proxy Configuration". 3. Go to the "Updates" tab. 4. Press the "Check now" button. no success

Add Comment

[mathieu.rousseau.31@gmail.com (JIRA)]

Mathieu Rousseau updated an issue

Jenkins / JENKINS-54903

Updates through proxy server with authentication not working after update to core 2.152 or higher

Change By: Mathieu Rousseau Attachment: image-2019-06-11-04-14-31-336.png

Add Comment

[mathieu.rousseau.31@gmail.com (JIRA)]

Mathieu Rousseau commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher weird thing is that: I can't check the udpates. But I can install new plugins:

Add Comment

[mathieu.rousseau.31@gmail.com (JIRA)]

Mathieu Rousseau commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

hum. replaced https to http and worked. https://updates.jenkins-ci.org/update-center.json to http://updates.jenkins-ci.org/update-center.json

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-54903

Re: Updates through proxy server with authentication not working after update to core 2.152 or higher

The canonical domain is now updates.jenkins.io, perhaps that works better?

Add Comment