Tomcat + Jenkins 2.346.3 CRUMB error on 1st startup

Hello Everyone,
Sorry for posting another question on this one – a lot of documents already exist on this.
Any help is really appreciated.
See below, 1-3, please
~ John Dove

I see a lot of documents on the CRUMB error within Jenkins. I have read a few of them.
I am stuck trying to access Jenkins for the 1st time (1st initial request) into Tomcat 9.
This is when the Jenkins WAR will be first exploded. First access of the Jenkins application.
And I get the crumb error.

My browser, Tomcat and Jenkins are all running on my LOCAL MACHINE (nothing over the
network). I have used a LOCALHOST URL, DNS URL and IP URL. None of them work.
I get the crumb error each time.
Inside TOMCAT’S CATALINA LOG the error appears as follows:
No valid crumb was included in request for /jenkins/pluginManager/installPlugins by admin.
Returning 403.

My FIX attempt:
Based on articles I read, the following JAVA PROPERTY can be used to turn-OFF the CRUMB
checking. But it is NOT working for me. To instate this value inside of TOMCAT, I added the
following to my TOMCAT/bin/catalina.bat file

set JAVA_OPTS=-Djenkins.model.Jenkins.crumbIssuerProxyCompatibility=true

  Any ideas?
  Please and thanks.
  ~ John Dove

It’s possible that Tomcat is not sending along the remote IP. Can you try the following?

Hi Alex,

Thanks very much.

I will take a look at that article.

I will respond back to this thread with my results.

Will keep you updated.

~ John

1 Like

Why don’t you run jenkins.war standalone, without Tomcat?


Tomcat + Jenkins is the standard where I work.

We’ve been using that configuration for years.

Use Apache HTTP as a reverse proxy, and it’s a pretty sweet setup.

~ John

Unsure what to make of this.
See below, 1-2.

As a shot in the dark, I tried my first access into Jenkins 2.346.3 + Tomcat 9, from a DIFFERENT machine over the network. And it WORKED SUCCESSFULLY. No CRUMB error.

But LOCAL HOST access to Jenkins + Tomcat for the first request, continues to result in the CRUMB error. To me this appears as a LOCAL HOST issue. Wondering if it’s a browser setting somehow?
I will keep researching. Let you know what I find out.

~ John

Problem solved.
I did more testing.
See below, 1-2.
~ John

The CRUMB error was caused by INTERNET EXPLORER browser.
I switched to Fire Fox - no problems.
I will make a new thread posting back to the community - telling everyone.

The above scenario occurred on this type of machine
Windows Server 2016
Internet Explorer, version 11 == caused the CRUMB error
Fire Fox, version 106.0.5 (64-bit) == no problems - all good

Jenkins Community,
This posting is for awareness - to help other people.
Regarding CSRF “CRUMB” error on FIRST browser access into Jenkins.
In short: IE browser was the cause; Fire Fox had no problems.
Please see below, 1-4.
~ John Dove

I am using the following technology stack:

      Jenkins 2.346.3 WAR  
      TOMCAT 9.0.12  
      Java 1.8 
      Microsoft Windows Server, 2016

I used Internet Explorer 11 browser.
FIRST access into Jenkins (to explode Jenkins WAR file in Tomcat) caused a CRUMB error.
Seen in log file: TOMCAT/logs/catalina.log
As follows:
12-Oct-2022 14:48:10.217 WARNING [Handling POST /jenkins/pluginManager/installPlugins from 0:0:0:0:0:0:0:1 : http-nio-8080-exec-3] No valid crumb was included in request for /jenkins/pluginManager/installPlugins by admin. Returning 403.

I then switched to Fire Fox browser, version 106.0.5 (64-bit).
The CRUMB error went away. Gone. No problems.
Jenkins plugins auto-download and functionality worked fine, on initial first access calibration.
All good.

My Conclusion:
If you get the CRUMB error upon FIRST access into Jenkins, and are using IE browser?
Switch to Fire Fox.
Try that. ;- )

1 Like

To be clear, ie was dropped from the compatibility chart at the start of the year as it was officially past its end of life.

Also I’m going to merge your topic and mark your answer as the solution.

Thanks for posting this, IE has not been supported by Jenkins for some time. You can see the support matrix here Browser compatibility


Sounds good

~ John