[cvsnt] Re: Protocol :ext: not working

Gill Ernst Ernst.Gill at sat-automation.com
Mon Jul 11 11:27:50 BST 2005

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

>Tony Hoyle wrote:
>> Gill Ernst wrote:
>>> The 80090308 return code maps to SEC_E_INVALID_TOKEN, which 
>means that
>>> a security token was found to be improperly formatted.
>>> But I have no idea why it's working without username,
>>> and NOT working with username (even when I force the domain name).
>> No idea.. I'd guess some kind of obscure misconfiguration 
>but not idea 
>> what could cause it.. it's the kind of thing to ask a 
>friendly MCSE to 
>> check up on if you know of any.  SSPI without a username just lets 
>> everything default.. it's the same thing that happens when 
>you browse a 
>> network on a domain that you're logged into.
>There have been numerous reports from people who have trouble 
>with SSPI 
>when they send the username, but it works as expected as soon as they 
>remove it.  I'd doubt if the problem is 'obscure' on that basis, but 
>certainly easily worked around.  Perhaps something stemming from the 
>issue of only 1 authentication per server allowed from each 
>client or a 
>conflict of the passed username when checking against the default 
>authentication token -- but I'm WAY out of my depth of 
>understanding at 
>this point.


After a lot of investigations I found the following:

You will get different reporting for the same authorization error
if you connect to a remote CVSNT server or to a local one.

I could easy reproduce the authorization error if I create a new
repository and try to access it with CVSNT commands.

Sometimes if I restart the CVSNT server, or if something has changed
on the domain controller for maintaining reasons, this authorization
error happens too.

If this authorization error is still present and I try to work
with WinCvs there is a very, very, very big problem.
If I have checkout a module with an username set for the sspi protocol
WinCvs tries to access this module in the background. But on almost all
domain controllers there is set a limit for failed logins...
So my domain controller treats me as a hacker and disables my account

The same happens for sure if I use a non CVS client with the ext
(username is required for ext protocol; Eclipse for instance).

I found a solution (at least a workaround) for this problem.

But for WinCvs I have still no solution, because WinCvs is NOT reporting
such errors (and trying, and trying, ...). You could imagine what

Here are the test on my production server, client anywhere else

C:\>cvs -d :sspi:vie001:/test ls
Listing modules on server


C:\>cvs -d :sspi:vie_gill at vie001:/test ls
cvs [ls aborted]: authorization failed: server vie001 rejected access to
/test f
or user vie_gill

C:\>cvs -d :ext:test:/test ls
[extnt] connect aborted: server vie001 rejeced access to /test

If I do a login as follow everything is working as expected

C:\>cvs -d :sspi:vie_gill at vie001:/test login
Logging in to :sspi:vie_gill at vie001:2401:/test

Here are the test on my test server, client one the same machine

C:\>cvs -d :sspi:vcl134:/test ls
Listing modules on server


C:\>cvs -d :sspi:vie_gill at vcl134:/test ls
[80090308] The parameter is incorrect.

C:\>cvs -d :ext:l-test:/test ls
[80090308] The parameter is incorrect.
cvs ls: warning: unrecognized response `' from cvs server
cvs [ls aborted]: end of file from server (consult above messages if

If I do a login as follow everything is working as expected

C:\>cvs -d :sspi:vcl134:/test login
Logging in to :sspi:vie_gill at vcl134:2401:/test

As you could see it makes no difference if I use in the login the
username or not.

Tony, please could you look if there is something CVSNT could do in this
case or
CVSNT could give same meaningful information (like "did you do a login

It would be very nice too if anyone from the WinCvs guys could also have
look on this problem.

I found on the Microsoft side a problem description about the error I
got in
my event viewer (security log):

The logon to account: vie_gill
 from workstation: VCL134
 failed. The error code was: 3221225572


I install the hotfix (Update Rollup 1 for Win2000) but still no change.


More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook