Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54903

Updates through proxy server with authentication not working after update to core 2.152 or higher

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • Jenkins >= 2.152, Server-JRE 1.8.0_191 on Windows Server 2008R2
    • Jenkins 2.162

       After update to any Jenkins core higher (as of writing this ticket) than 2.151 I cannot check for updates any more from behind our company's proxy server. Error given by Jenkins Web Frontend is 

      There were errors checking the update sites: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json

      So it seems that Jenkins is no longer authenticating to the proxy with the credentials configued in the plugin manager advandced tab.

      From the changelog I've seen that there were changes to the update code as part of issue 54459.

      So I've tried setting the referenced properties (even with all the spellings as indicated in the issue ticket):

       

      -Dhudson.PluginManager.checkUpdateSleepTimeMillis=2500 -Dhudson.PluginManager.CHECK_UPDATE_ATTEMPTS=5 -Dhudson.PluginManager.checkUpdateAttempts=5 

      That has changed the duration until the above error appears. But it didn't fix the problem.

       

      The update center is configured as indicated in the attached screenshot.
      Strange thing is, that pressing the "Validate Proxy" button returns "Success" while the bottom of the same page shows the proxy auth required message (see screenshot). This seems to be very inconsistent.

      The Jenkins log contains the following (after setting above properties, same appears 5 times):

       

      INFO: The attempt #4 to do the action check updates server failed with an allowed exception:
      java.io.IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json
      	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894)
      	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
      	at hudson.model.DownloadService.loadJSON(DownloadService.java:167)
      	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:186)
      	at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1747)
      	at hudson.util.Retrier.start(Retrier.java:62)
      	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1718)
      	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
      	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
      	at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
      	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
      	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
      	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
      	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
      	at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:188)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      	at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215)
      	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88)
      	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at hudson.plugins.locale.LocaleFilter.doFilter(LocaleFilter.java:42)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      	at org.eclipse.jetty.server.Server.handle(Server.java:503)
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
      	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
      	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
      	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
      	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
      	at java.lang.Thread.run(Thread.java:748)Nov 28, 2018 6:48:15 AM hudson.util.Retrier start
      INFO: Calling the listener of the allowed exception 'Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json' at the attempt #4 to do the action check updates server
      Nov 28, 2018 6:48:15 AM hudson.util.Retrier start
      WARNING: The attempt #4 to do the action check updates server failed
      Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed
      WARNING: Failed to monitor 1sp-slave-bg for Free Temp Space
      java.util.concurrent.TimeoutException
      	at hudson.remoting.Request$1.get(Request.java:316)
      	at hudson.remoting.Request$1.get(Request.java:240)
      	at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59)
      	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114)
      	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76)
      	at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed
      WARNING: Failed to monitor 1sp-slave-bg for Free Disk Space
      java.util.concurrent.TimeoutException
      	at hudson.remoting.Request$1.get(Request.java:316)
      	at hudson.remoting.Request$1.get(Request.java:240)
      	at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59)
      	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114)
      	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76)
      	at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor monitorDetailed
      WARNING: Failed to monitor 1sp-slave-bg for Free Swap Space
      java.util.concurrent.TimeoutException
      	at hudson.remoting.Request$1.get(Request.java:316)
      	at hudson.remoting.Request$1.get(Request.java:240)
      	at hudson.remoting.FutureAdapter.get(FutureAdapter.java:59)
      	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitorDetailed(AbstractAsyncNodeMonitorDescriptor.java:114)
      	at hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor.monitor(AbstractAsyncNodeMonitorDescriptor.java:76)
      	at hudson.node_monitors.AbstractNodeMonitorDescriptor$Record.run(AbstractNodeMonitorDescriptor.java:305)Nov 28, 2018 6:48:17 AM hudson.util.Retrier start
      INFO: Attempt #5 to do the action check updates server
      Nov 28, 2018 6:48:18 AM hudson.util.Retrier start
      INFO: The attempt #5 to do the action check updates server failed with an allowed exception:
      java.io.IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json
      	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894)
      	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
      	at hudson.model.DownloadService.loadJSON(DownloadService.java:167)
      	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:186)
      	at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1747)
      	at hudson.util.Retrier.start(Retrier.java:62)
      	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1718)
      	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
      	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
      	at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
      	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
      	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
      	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
      	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
      	at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:188)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      	at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:239)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:215)
      	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88)
      	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at hudson.plugins.locale.LocaleFilter.doFilter(LocaleFilter.java:42)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      	at org.eclipse.jetty.server.Server.handle(Server.java:503)
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
      	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
      	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
      	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
      	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
      	at java.lang.Thread.run(Thread.java:748)Nov 28, 2018 6:48:18 AM hudson.util.Retrier start
      INFO: Calling the listener of the allowed exception 'Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json' at the attempt #5 to do the action check updates server
      Nov 28, 2018 6:48:18 AM hudson.util.Retrier start
      INFO: Attempted the action check updates server for 5 time(s) with no success
      Nov 28, 2018 6:48:18 AM hudson.PluginManager doCheckUpdatesServer
      SEVERE: Error checking update sites for 5 attempt(s). Last exception was: IOException: Server returned HTTP response code: 407 for URL: http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json
      

       

      Downgrading Jenkins core back to 2.151 immediately removes the issue. So this cannot be related in any way to a changed proxy server configuration.

      Setting this to Blocker as we're not able to install any more new plugins or plugin updates with Jenkins Core >= 2.152.

       

          [JENKINS-54903] Updates through proxy server with authentication not working after update to core 2.152 or higher

          One possible workaround:

          1. Go the "Plugin Manager" "Advanced" tab.
          2. Without any change press the "submit" button of the "HTTP Proxy Configuration".
          3. Go to the "Updates" tab.
          4. Press the "Check now" button.

          Works on our prod- and testsystem (V 2.153).

          Martin Mössner added a comment - One possible workaround: 1. Go the "Plugin Manager" "Advanced" tab. 2. Without any change press the "submit" button of the "HTTP Proxy Configuration". 3. Go to the "Updates" tab. 4. Press the "Check now" button. Works on our prod- and testsystem (V 2.153).

          Kurt added a comment -

          I can confirm that the workaround does work for us, too.

          moessi Good work! How did you figure that out?
          Have you already checked if the problem re-appears after some time or a Jenkins restart? I can't test that on my side at the moment as I cannot restart Jenkins without coordination.

          From theses findings, can we conclude, that the issue is related to the proxy credential storage?

          Anyway, I think that justifies reducing the severity to Critical (it's still possible to obtain new plugins and updates now).

          Kurt added a comment - I can confirm that the workaround does work for us, too. moessi Good work! How did you figure that out? Have you already checked if the problem re-appears after some time or a Jenkins restart? I can't test that on my side at the moment as I cannot restart Jenkins without coordination. From theses findings, can we conclude, that the issue is related to the proxy credential storage? Anyway, I think that justifies reducing the severity to Critical (it's still possible to obtain new plugins and updates now).

          First I've made a change on "no-proxy-hosts". The change itself had nothing to do with proxy functionality, because it was a removement of an old full qualified server. So I was very wondering.

          Then the problem re-appears again and so I've submitted again (without change) the HTTP Proxy Configuration.

          I don't know how often it re-appears, but still it's happening...

          Martin Mössner added a comment - First I've made a change on "no-proxy-hosts". The change itself had nothing to do with proxy functionality, because it was a removement of an old full qualified server. So I was very wondering. Then the problem re-appears again and so I've submitted again (without change) the HTTP Proxy Configuration. I don't know how often it re-appears, but still it's happening...

          Daniel Beck added a comment -

          stephenconnolly Does this look like something your merge of JENKINS-48775 could have caused?

          Also CC mramonleon who got JENKINS-54459 merged, but I'd be more surprised if this is the cause than the other.

           

          Daniel Beck added a comment - stephenconnolly Does this look like something your merge of JENKINS-48775 could have caused? Also CC mramonleon who got JENKINS-54459 merged, but I'd be more surprised if this is the cause than the other.  

          danielbeck its hard to see how JENKINS-48755 could cause this issue:

          1. The code path should be identical to that in place before when the URL is not https... and from the reported exception, the URL is http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json which is http so jenkins48775workaround (Proxy,URL) should be a no-op
          2. The only possible risk of a delta is from the refactoring in this method because that Authenticator was written to use the inverse if condition. I have re-read it 10 times and the refactoring looks sound... but perhaps I am mistaken

          Stephen Connolly added a comment - danielbeck its hard to see how JENKINS-48755 could cause this issue: The code path should be identical to that in place before when the URL is not https ... and from the reported exception, the URL is http://ftp-nyc.osuosl.org/pub/jenkins/updates/current/update-center.json which is http so jenkins48775workaround (Proxy,URL) should be a no-op The only possible risk of a delta is from the refactoring in this method because that Authenticator was written to use the inverse if condition. I have re-read it 10 times and the refactoring looks sound... but perhaps I am mistaken

          Daniel Beck added a comment -

          Too bad we merged both in the same weekly.

          That said, to the best of my understanding, https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/jenkins-war/2.152-rc27515.bdf9e4b389d8/ corresponds to https://github.com/jenkinsci/jenkins/commit/bdf9e4b389d8 and includes https://github.com/jenkinsci/jenkins/commit/d4284565e7a3e6b044f6d6df52288e822af02fc4 but not JENKINS-54459.

          Could the reporter or one of the watchers run the war in the first link and report back whether the issue occurs on that version?

          Daniel Beck added a comment - Too bad we merged both in the same weekly. That said, to the best of my understanding, https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/jenkins-war/2.152-rc27515.bdf9e4b389d8/ corresponds to https://github.com/jenkinsci/jenkins/commit/bdf9e4b389d8 and includes https://github.com/jenkinsci/jenkins/commit/d4284565e7a3e6b044f6d6df52288e822af02fc4 but not JENKINS-54459 . Could the reporter or one of the watchers run the war in the first link and report back whether the issue occurs on that version?

          Kurt added a comment -

          I'll try my best to coordinate with my colleagues for a time frame for the tests as requested in previous comment.

          But sadly we don't have a test instance available. So I can only do it on the productive system which would then be blocked for a couple of reboots.

          If I get the chance to test it I'll surely report the results immediately.

          Kurt added a comment - I'll try my best to coordinate with my colleagues for a time frame for the tests as requested in previous comment. But sadly we don't have a test instance available. So I can only do it on the productive system which would then be blocked for a couple of reboots. If I get the chance to test it I'll surely report the results immediately.

          Ramon Leon added a comment -

          danielbeck Also CC mramonleon who got JENKINS-54459 merged, but I'd be more surprised if this is the cause than the other., 

          The code involved in JENKINS-54459 has nothing to do with the problem, it doesn't touch the way we use proxy or get the json, IMO. What's going on is that now, this code is trying to get the update center for the number of times specified, therefore the error log shows each attempt. But the error is the same as without the retries, that is, a 407 in the update site defined. I cannot understand why the proxy was unset.

          Ramon Leon added a comment - danielbeck Also CC   mramonleon   who got  JENKINS-54459  merged, but I'd be more surprised if this is the cause than the other.,   The code involved in  JENKINS-54459 has nothing to do with the problem, it doesn't touch the way we use proxy or get the json, IMO. What's going on is that now, this code is trying to get the update center for the number of times specified, therefore the error log shows each attempt. But the error is the same as without the retries, that is, a 407 in the update site defined. I cannot understand why the proxy was unset.

          Daniel Beck added a comment -

          stephenconnolly

          The workaround described by users above results in the invocation of the DataBoundConstructor. Your "refactoring" of moving the Authenticator creation into that results in it not being called on Jenkins startup, so it's null until the ProxyConfiguration is saved. Does that look about right?

          Daniel Beck added a comment - stephenconnolly The workaround described by users above results in the invocation of the DataBoundConstructor . Your "refactoring" of moving the Authenticator creation into that results in it not being called on Jenkins startup, so it's null until the ProxyConfiguration is saved. Does that look about right?

          Ahhh do we need a readResolve to set the authenticator!

          Stephen Connolly added a comment - Ahhh do we need a readResolve to set the authenticator!

          Stephen Connolly added a comment - https://github.com/jenkinsci/jenkins/pull/3786 should fix

          Oleg Nenashev added a comment -

          Should be released in 2.162

          Oleg Nenashev added a comment - Should be released in 2.162

          I have the same issue in 2.164.3

           

           

          Mathieu Rousseau added a comment - I have the same issue in 2.164.3    

          Daniel Beck added a comment -

          mathieurousseau Well, did you click "Submit" right below test URL after entering credentials?

          Daniel Beck added a comment - mathieurousseau Well, did you click "Submit" right below test URL after entering credentials?

          Mathieu Rousseau added a comment - - edited

          danielbeck

           

          yes.

          also tried the one possible workaround:

          1. Go the "Plugin Manager" "Advanced" tab.
            2. Without any change press the "submit" button of the "HTTP Proxy Configuration".
            3. Go to the "Updates" tab.
            4. Press the "Check now" button.

          no success

           

          Mathieu Rousseau added a comment - - edited danielbeck   yes. also tried the one possible workaround: Go the "Plugin Manager" "Advanced" tab. 2. Without any change press the "submit" button of the "HTTP Proxy Configuration". 3. Go to the "Updates" tab. 4. Press the "Check now" button. no success  

          weird thing is that: I can't check the udpates. But I can install new plugins:

           

          Mathieu Rousseau added a comment - weird thing is that: I can't check the udpates. But I can install new plugins:  

          Mathieu Rousseau added a comment - hum. replaced https to http and worked. https://updates.jenkins-ci.org/update-center.json to http://updates.jenkins-ci.org/update-center.json  

          Daniel Beck added a comment -

          The canonical domain is now updates.jenkins.io, perhaps that works better?

          Daniel Beck added a comment - The canonical domain is now updates.jenkins.io, perhaps that works better?

          Trevor Major added a comment -

          We were getting the following error when trying to update plugins via our proxy:  There were errors checking the update sites: SocketException: Connection reset

           

           

          What seems to have fixed it for us was to switch Update Sites

          From:  http://updates.jenkins-ci.org/update-center.json

          To: https://updates.jenkins.io/update-center.json

           

          Trevor Major added a comment - We were getting the following error when trying to update plugins via our proxy:   There were errors checking the update sites: SocketException: Connection reset     What seems to have fixed it for us was to switch Update Sites From:  http://updates.jenkins-ci.org/update-center.json To: https://updates.jenkins.io/update-center.json  

            Unassigned Unassigned
            klou Kurt
            Votes:
            4 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: