Issues accessing local Git Repo after upgrade

We recently upgraded Jenkins from 2.332.3 to 2.375.1. We have jobs configured to access our local Git repository running on Azure Devops which has been running fine prior to the upgrade. After the upgrade and reboot of the server, we are getting the following errors:

• ERROR: Error fetching remote repo ‘origin’
• stderr: fatal: unable to access ‘(Local GIT URL Masked)##########’: schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.

Not sure if there is anything that changes in the upgrade that would affect this. We noted that there were updates to Winstone and Jetty that refer to changes in flags, but not sure if that’s pertinent. Also note that jobs configured to run on Agent servers seem to resolve, but when looking at the configuration on the Jenkins primary server, we see the following failures:

• Failed to connect to repository : Command “git.exe ls-remote -h – https://xxx.xxx.xxx/DefaultCollection/The%20Cloud%20Team/_git/Jenkins HEAD” returned status code 128:
  stdout:
  stderr: fatal: unable to access ‘https://xxx.xxx.xxx/DefaultCollection/The%20Cloud%20Team/_git/Jenkins/’: schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.

We’re running on Tomcat using Java 11.0.17.1 with a cacert containing our root certs. Again, everything was running fine after the upgrade until we rebooted the server.

Any assistance is appreciated.

Since that command is failing and it is a separate process launched by Jenkins, that likely means the certificate for the git server at address xxx.xxx.xxx is not linked to a trusted authority. Something has harmed the certificate chain on your Jenkins controller. Investigate recent changes on that server related to certificate authorities.

Sorry for delayed response. Investigating further, we found Schannel errors on the Windows Event Logs. This all started after a resizing and restart of the server, not immediately following the Jenkins upgrade. Highly doubt the upgrade had anything to do with the issue. Initially, we simply added git config to disable SSL verification and Jenkins jobs worked fine. Later, after another reboot of the server, Schannel errors didn’t reoccur, and git functioned fine after removing ssl verification. Chalk it up to Unidentified Failing Objects. Thanks for the reply!