Issues accessing local Git Repo after upgrade

joshea · December 10, 2022, 7:44pm

We recently upgraded Jenkins from 2.332.3 to 2.375.1. We have jobs configured to access our local Git repository running on Azure Devops which has been running fine prior to the upgrade. After the upgrade and reboot of the server, we are getting the following errors:

ERROR: Error fetching remote repo ‘origin’
stderr: fatal: unable to access ‘(Local GIT URL Masked)##########’: schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.

Not sure if there is anything that changes in the upgrade that would affect this. We noted that there were updates to Winstone and Jetty that refer to changes in flags, but not sure if that’s pertinent. Also note that jobs configured to run on Agent servers seem to resolve, but when looking at the configuration on the Jenkins primary server, we see the following failures:

Failed to connect to repository : Command “git.exe ls-remote -h – https://xxx.xxx.xxx/DefaultCollection/The%20Cloud%20Team/_git/Jenkins HEAD” returned status code 128:
stdout:
stderr: fatal: unable to access ‘https://xxx.xxx.xxx/DefaultCollection/The%20Cloud%20Team/_git/Jenkins/’: schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.

We’re running on Tomcat using Java 11.0.17.1 with a cacert containing our root certs. Again, everything was running fine after the upgrade until we rebooted the server.

Any assistance is appreciated.

MarkEWaite · December 10, 2022, 8:48pm

Since that command is failing and it is a separate process launched by Jenkins, that likely means the certificate for the git server at address xxx.xxx.xxx is not linked to a trusted authority. Something has harmed the certificate chain on your Jenkins controller. Investigate recent changes on that server related to certificate authorities.

joshea · December 21, 2022, 3:31pm

Sorry for delayed response. Investigating further, we found Schannel errors on the Windows Event Logs. This all started after a resizing and restart of the server, not immediately following the Jenkins upgrade. Highly doubt the upgrade had anything to do with the issue. Initially, we simply added git config to disable SSL verification and Jenkins jobs worked fine. Later, after another reboot of the server, Schannel errors didn’t reoccur, and git functioned fine after removing ssl verification. Chalk it up to Unidentified Failing Objects. Thanks for the reply!

Topic		Replies	Views
Failed to connect to git repository after upgrade to Jenkins 2.332.1 with Git Source Code Management Ask a question	13	10076	March 7, 2023
Found this error while using git repository to build Using Jenkins	4	3042	January 11, 2024
Jenkins can't talk to Git after upgrade Ask a question question , git	1	881	July 20, 2023
Lets encrypt server certificate verification failed Using Jenkins	9	6139	December 30, 2021
Issues with Upgrading Jenkins 2.313 to 2.440 (PKIX path building failed) Using Jenkins question	0	72	April 11, 2024

Issues accessing local Git Repo after upgrade

Related Topics