Return-Path: X-Original-To: apmail-manifoldcf-user-archive@www.apache.org Delivered-To: apmail-manifoldcf-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 67596D2C2 for ; Thu, 23 Aug 2012 00:50:55 +0000 (UTC) Received: (qmail 86897 invoked by uid 500); 23 Aug 2012 00:50:55 -0000 Delivered-To: apmail-manifoldcf-user-archive@manifoldcf.apache.org Received: (qmail 86810 invoked by uid 500); 23 Aug 2012 00:50:55 -0000 Mailing-List: contact user-help@manifoldcf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@manifoldcf.apache.org Delivered-To: mailing list user@manifoldcf.apache.org Received: (qmail 86802 invoked by uid 99); 23 Aug 2012 00:50:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Aug 2012 00:50:55 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of daddywri@gmail.com designates 209.85.210.178 as permitted sender) Received: from [209.85.210.178] (HELO mail-iy0-f178.google.com) (209.85.210.178) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Aug 2012 00:50:49 +0000 Received: by iaeh11 with SMTP id h11so306573iae.9 for ; Wed, 22 Aug 2012 17:50:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=KFfskEJ3ox4/ygiu4xUbGAsYoRDQ9Qh9gNq3Hj1+MJM=; b=TKAhsDun9zslZBNXOZVzPgui9RwW+GAh6LFTwpNNLWy8i0TiVKSSHqv37QEDr+2B/T mxxWJVFvQZLdF5qO9DN+C0C/2oSPbtZ4CUh+QxCRRlKxHh6SzEaAP/3l5oCMbwoRNLVG 6dXDSZWwuI2ozRNrn6BrR5jpK+7tC2pA4ykULhfXdvdvrz9TugI3o93PVMrPxVB/h5g3 uOG+Lipm9SZpOhiiUrVOE3cbyG5+ErbHjbftZFgB1aIkKzC97oM6IQgy/WrA0FZvjhfZ dI6vg/5tYZUrDtMqRFdV25S84nostYd+PPOwaLchSr7g0nmIMneGaaBINkJTu6BpI/wa zMBw== MIME-Version: 1.0 Received: by 10.50.237.66 with SMTP id va2mr4084223igc.65.1345683028337; Wed, 22 Aug 2012 17:50:28 -0700 (PDT) Received: by 10.42.212.83 with HTTP; Wed, 22 Aug 2012 17:50:28 -0700 (PDT) In-Reply-To: References: Date: Wed, 22 Aug 2012 20:50:28 -0400 Message-ID: Subject: Re: Sharepoint connector - authentication failure From: Karl Wright To: user@manifoldcf.apache.org Content-Type: text/plain; charset=ISO-8859-1 So, the message "Credentials provider not available" is a last-resort bit of logic inside httpclient. By that time there has already been an NTLM back-and-forth that failed. The reason for the failure is not clear from the wire log; the NTLM exchange takes place as it is supposed to, but IIS at the end decides it's invalid and resets the sequence with a final 401. You may want to consult the appropriate Windows event logs to see why the logon failed. It is possible that the host name you are crawling from is not recognized by AD and is thus forbidden from communicating with IIS. Or, it could just be that your server and/or AD controller is configured to need a fully-qualified domain name in order to proceed. If none of this helps, the next step is to try to get header dumps from the browser that successfully can access the SharePoint web service URLs. Firefox can do this using a plugin called Live HTTP Headers, but Firefox does not understand NTLM so that won't help. Maybe though there is something similar available for Chrome. Having a successful login sequence alongside an unsuccessful one may help identify the critical difference that is blocking the logon. On Wed, Aug 22, 2012 at 8:21 PM, Karl Wright wrote: > Hi Mike, > > The exceptions having to do with ListsSoap we have seen before; they > are warnings and do not affect anything. > > The fatal problem is the following: > > Credentials provider not available > > What do your connection credentials look like? The name is obviously > of the form \ because the UI insists on that, but it may > be worth trying fully-qualified forms of the domain and not shorthand > ones. I'll look at the httpclient code in the meanwhile and see if I > can understand why that message would come out and get back to you. > > Karl > > On Wed, Aug 22, 2012 at 7:39 PM, Michael Wilken wrote: >> Hi Karl, >> >> I turned on wire logging, and uploaded a the resulting log here: >> http://pastebin.com/xnLxhSwE . That's the output of adding a new >> SharePoint 2003 Repository connection. Things seem normal until the >> 401 is returned for the GetListsCollection call (but I'm a SOAP & >> Sharepoint neophyte). Changing it to SP 2010 results in the same >> errors. >> >> Using Chrome/FireFox/Safari, the following urls all work using the >> credentials the connector is using: >> >> http://xxx.yyy.com/zzz/Pages/default.aspx >> http://xxx.yyy.com/zzz/_vti_bin/Lists.asmx >> http://xxx.yyy.com/zzz/_vti_bin/Lists.asmx?wsdl >> >> If I use soapUI and make the GetListCollection SOAP request using the >> same credentials, I get a successful response, uploaded here: >> http://pastebin.com/ZZXHXM5U >> >> Any chance you could take a look at the log and let me know if I'm >> missing something obvious? >> >> -mike >> >> >> >> >> >> >> >> On Wed, Aug 22, 2012 at 10:34 AM, Karl Wright wrote: >>> Hi Mike, >>> >>> Which version of ManifoldCF are you using? Did you select "SharePoint >>> 2.0" from the pulldown? You will need to do this if you do not have >>> the SharePoint plugin installed. >>> >>> For the record, in order to be able to crawl SharePoint 2010, you MUST >>> be using trunk (not ManifoldCF 0.6), and you MUST select "SharePoint >>> 4.0 (2010)" from the pulldown. That will also mean you need to build >>> and deploy the SharePoint 2010 plug-in on the SharePoint server for >>> anything to work at all with SharePoint 2010. FWIW, all of this will >>> be released in about a month when MCF 0.7 goes out the door. >>> >>> In the interim, you can check to see whether you have true connection >>> problems by doing the following: >>> >>> - Select SharePoint 2.0 from the pulldown >>> - Save the connection >>> - If you still get the error, then we escalate to the next level of >>> debugging, which will include some or all of the following: >>> >>> (1) See if you can get to the web services from IE. For example, if >>> the site's url is http://xxx.yyy.com, then try to get to >>> http://xxx.yyy.com/_vti_bin/Lists.asmx. If that fails, look into your >>> IIS configuration. >>> (2) Turn on "wire debugging", as described in the FAQ, and view your >>> connection again; it may give additional error details that could be >>> helpful. >>> >>> Karl >>> >>> On Wed, Aug 22, 2012 at 1:22 PM, Michael Wilken wrote: >>>> I'm running into authentication errors when trying to use ManifoldCF >>>> trunk against a Sharepoint2010 site. >>>> >>>> After creating a repository connection, I get the following message in >>>> 'Connection Status': >>>> Crawl user did not authenticate properly, or has insufficient >>>> permissions to access http://tunedin.disney.com: (401)Unauthorized >>>> >>>> The SP site is using NTLM for authentication. I've verified that the >>>> login info is correct: I can access the SP site via a web browser >>>> using the credentials, and can make SOAP calls with the credentials >>>> using soapUI. >>>> >>>> I have not installed the MCPermission service, as we don't have to >>>> worry about permissions at this time. Looking at the code, I'd expect >>>> to get a different error message if this was causing the problem. >>>> >>>> Any suggestions for further debugging to see what's going wrong? >>>> >>>> Thanks, >>>> -mike